Audit Audit of the Commonwealth Corporation

This audit revealed that in 2018 a hacker gained access to CommCorp employees’ personally identifiable information, and that the quasi-public state agency submitted incomplete payroll and expenditure information to the state Comptroller’s transparency website, CTHRU. The audit examined the period of July 1, 2015 through June 30, 2018.

Organization:	Office of the State Auditor
Date published:	March 19, 2019

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Commonwealth Corporation (CommCorp) for the period July 1, 2015 through June 30, 2018. In this performance audit, we examined certain activities of CommCorp’s administration of the General Program within its Workforce Training Fund Program, its protection of personally identifiable information in its records, and its compliance with the General Laws regarding providing its financial records to the Secretary of Administration and Finance for public disclosure.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1	CommCorp did not adequately protect confidential employee information.
Recommendations	CommCorp should develop policies and procedures that require periodic security awareness training for all employees. CommCorp should consider adopting security practices outlined by the Committee of Sponsoring Organizations of the Treadway Commission to enhance its control activities to prevent, detect, and mitigate cyber-risks.
Finding 2	CommCorp did not submit required payroll and expenditure information to the Commonwealth to be made available to the public on a searchable website.
Recommendations	CommCorp should contact the Comptroller of the Commonwealth (CTR) to obtain an understanding of how to submit information to the Executive Office for Administration and Finance for posting to CTR’s searchable website and submit all the required information for fiscal and calendar years 2016 and 2017 as well as any deficient fiscal and calendar years before our audit period. CommCorp should develop and implement policies and procedures for collecting the required payroll and expenditure information and submitting it to the Secretary of Administration and Finance for posting to CTR’s website. CommCorp should also establish monitoring controls to ensure that the policies and procedures are adhered to.

A PDF copy of the audit of the Commonwealth Corporation is available here.

Downloads

Open PDF file, 898.52 KB, Audit of the Commonwealth Corporation (English, PDF 898.52 KB)

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Contact

Office of State Auditor Diana DiZoglio

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Audit Audit of the Commonwealth Corporation

Executive Summary

Table of Contents

Downloads

Contact

Office of State Auditor Diana DiZoglio

Phone

Online

Fax

Address

Help Us Improve Mass.gov with your feedback