Audit  Audit of the Bridgewater State University

The audit found BSU did not ensure that all employees completed required cybersecurity awareness training. The audit examined the period of March 1, 2020 through March 31, 2021.

Organization: Office of the State Auditor
Date published: June 14, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Bridgewater State University (BSU) for the period March 1, 2020 through March 31, 2021.

In this performance audit, we reviewed BSU’s use of funding from the Education Stabilization Fund (ESF) received through the Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted by Congress on March 27, 2020, and the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA), enacted by Congress on December 27, 2020. BSU received grant funding under two components of the ESF: direct funding from the United States Department of Education (US DOE), provided through the Higher Education Emergency Relief Fund (HEERF),1 and funding from the Massachusetts Department of Higher Education (MDHE), allocated through the Governor’s Emergency Education Relief Fund. The purpose of our audit was to determine whether BSU administered the federal assistance it received in accordance with the criteria established by US DOE and MDHE. We also determined whether BSU complied with the Office of the Comptroller of the Commonwealth’s guidance by updating its internal control plan to address risks related to the 2019 coronavirus pandemic. In addition, we determined whether BSU’s personnel completed cybersecurity awareness training in accordance with Sections 6.2.3 and 6.2.4 of the state Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

BSU did not ensure that all employees completed required cybersecurity awareness training.

Recommendations
 

  1. BSU should document and implement policies and procedures that require all employees to complete initial and annual cybersecurity awareness training. The policies and procedures should include internal controls to monitor and document completion of the training.
  2. BSU officials should negotiate with union officials to establish initial and annual cybersecurity awareness training requirements for all employees who are union members.

 

A PDF copy of the Audit of Bridgewater State University is available here.

1.    HEERF consists of three separate grants related to the 2019 coronavirus pandemic emergency that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and American Rescue Plan Act (HEERF III).

Downloads

Contact

Feedback