offered by

Audit Audit of the Commonwealth Corporation

This audit revealed that in 2018 a hacker gained access to CommCorp employees’ personally identifiable information, and that the quasi-public state agency submitted incomplete payroll and expenditure information to the state Comptroller’s transparency website, CTHRU. The audit examined the period of July 1, 2015 through June 30, 2018.

Binder organization: Office of the State Auditor
Date published: March 19, 2019

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Commonwealth Corporation (CommCorp) for the period July 1, 2015 through June 30, 2018. In this performance audit, we examined certain activities of CommCorp’s administration of the General Program within its Workforce Training Fund Program, its protection of personally identifiable information in its records, and its compliance with the General Laws regarding providing its financial records to the Secretary of Administration and Finance for public disclosure.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

CommCorp did not adequately protect confidential employee information.

Recommendations
 

  1. CommCorp should develop policies and procedures that require periodic security awareness training for all employees.
  2. CommCorp should consider adopting security practices outlined by the Committee of Sponsoring Organizations of the Treadway Commission to enhance its control activities to prevent, detect, and mitigate cyber-risks.

Finding 2
 

CommCorp did not submit required payroll and expenditure information to the Commonwealth to be made available to the public on a searchable website.

Recommendations
 

  1. CommCorp should contact the Comptroller of the Commonwealth (CTR) to obtain an understanding of how to submit information to the Executive Office for Administration and Finance for posting to CTR’s searchable website and submit all the required information for fiscal and calendar years 2016 and 2017 as well as any deficient fiscal and calendar years before our audit period.
  2. CommCorp should develop and implement policies and procedures for collecting the required payroll and expenditure information and submitting it to the Secretary of Administration and Finance for posting to CTR’s website. CommCorp should also establish monitoring controls to ensure that the policies and procedures are adhered to.

 

A PDF copy of the audit of the Commonwealth Corporation is available here.

Downloads

Contact

Phone

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133
Feedback