Audit  Audit of the Department of Higher Education

The audit found that DHE did not ensure that all employees who were responsible for managing and administering Governor’s Emergency Education Relief (GEER) funding completed annual cybersecurity awareness training. The audit also found that DHE did not meet with the Commonwealth Commitment Advisory Board (CCAB) to review the MassTransfer Commonwealth Commitment Program and did not provide reports or communications to the Board of Higher Education regarding CCAB’s review of the MassTransfer Commonwealth Commitment Program. The audit examined the period of March 27, 2020 through February 28, 2021.

Organization: Office of the State Auditor
Date published: June 27, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Department of Higher Education (DHE) for the period March 27, 2020 through February 28, 2021. In this performance audit, we determined the following:

  • whether DHE ensured that it had interdepartmental service agreements or standard contract forms that provided guidance for the appropriate use of Governor’s Emergency Education Relief (GEER) funding with the institutions of higher education (IHEs) that received this funding
  • whether DHE updated its internal control plan in compliance with policies issued by the Office of the Comptroller of the Commonwealth
  • whether the DHE employees who were responsible for managing or administering GEER funding completed the required cybersecurity awareness training
  • whether DHE met with the Commonwealth Commitment Advisory Board (CCAB), a group of representatives from Massachusetts’s public IHEs that helps coordinate the MassTransfer Commonwealth Commitment Program, to review the program
  • whether DHE provided Massachusetts’s Board of Higher Education (BHE) with a report detailing the results of CCAB’s review of the MassTransfer Commonwealth Commitment Program.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

DHE did not ensure that all employees who were responsible for managing and administering GEER funding completed annual cybersecurity awareness training.

Recommendations
 

  1. DHE should develop internal controls to ensure that all employees complete the required training annually.
  2. DHE should designate a department or individual to be responsible for overseeing the assignment and completion of required training.

Finding 2
 

DHE did not meet with CCAB to review the MassTransfer Commonwealth Commitment Program.

Recommendations
 

  1. DHE should meet with CCAB at least annually to review the MassTransfer Commonwealth Commitment Program and make recommendations about its improvement.
  2. Alternatively, if DHE’s commissioner has approved the disbanding of CCAB and changes to the nature and frequency of reviews, DHE should update the MassTransfer Procedures Manual to accurately identify the group responsible for the review of the MassTransfer Commonwealth Commitment Program and the frequency and nature of the review.

Finding 3
 

DHE did not provide reports or communications to BHE regarding CCAB’s review of the MassTransfer Commonwealth Commitment Program.

Recommendation
 

DHE should provide BHE, at least annually, with reports or communications about the review of the MassTransfer Commonwealth Commitment Program by CCAB or the group appointed to assume its responsibilities.

 

A PDF copy of the Audit of Department of Higher Education is available here.

Downloads

Contact

Feedback