This page, Audit of the Division of Capital Asset Management and Maintenance, is offered by
Office of the State Auditor

Audit Audit of the Division of Capital Asset Management and Maintenance

The audit found that DCAMM did not have adequate process in place to help ensure that its contractors met its workforce participation goals for women and minorities and recommends DCAMM develop policies and procedures to effectively monitor the extent to which each contractor achieves workforce participation goals for women and minorities. The audit examined the period of January 1, 2019 through December 31, 2020.

Organization:	Office of the State Auditor
Date published:	February 23, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Division of Capital Asset Management and Maintenance (DCAMM) for the period January 1, 2019 through December 31, 2020. The purpose of our audit was to determine the following:

Did DCAMM have internal tracking, oversight, and enforcement procedures to ensure that contractors complied with the workforce participation goals¹ established by Section 44A(1)(G) of Chapter 149 of the General Laws?
Did DCAMM monitor quarterly contractor notifications regarding minority and woman workforce participation goals as required by the general conditions of the Commonwealth’s standard construction contract, which DCAMM uses for most construction projects?
Did DCAMM ensure that contractors were certified before awarding contracts in accordance with Sections 4.03 and 4.04 of Title 810 of the Code of Massachusetts Regulations?
Did DCAMM update its internal control plan (ICP) to address the 2019 coronavirus (COVID-19) pandemic as required by the Office of the Comptroller of the Commonwealth’s (CTR’s) guide “COVID-19 Pandemic Response Internal Controls Guidance”?
Did DCAMM ensure that its employees received annual cybersecurity awareness training as required by the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010?

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1	DCAMM did not have adequate processes in place to help ensure that its contractors met its workforce participation goals for women and minorities.
Recommendation	DCAMM should develop policies and procedures to effectively monitor the extent to which each contractor achieves workforce participation goals for women and minorities. These policies and procedures should establish the conditions under which DCAMM will use enforcement provisions against contractors that do not meet their workforce participation goals.
Finding 2	DCAMM did not ensure that contractors completed projected staffing tables each quarter that identified female and minority workers.
Recommendation	DCAMM should develop policies and procedures, including a monitoring component, to ensure that all contractors work toward meeting its workforce participation goals for female and minority workers every quarter.
Finding 3	DCAMM did not maintain adequate documentation to support all the information in its annual reports to the state Legislature.
Recommendation	DCAMM should develop policies and procedures that require its staff to perform and retain regular reconciliations of its certified payroll data to ensure completeness and accuracy.
Finding 4	DCAMM’s ICP was not updated with a COVID-19 component.
Recommendation	DCAMM should establish policies and procedures, including a monitoring component, for updating its ICP when significant changes occur.
Finding 5	DCAMM did not retain employees’ cybersecurity awareness training certificates.
Recommendations	DCAMM should keep cybersecurity awareness training certificates in employee personnel files. DCAMM should develop a formal process to ensure that cybersecurity awareness training certificates are collected and retained in all personnel files.

Post-Audit Action

During our audit, DCAMM updated its ICP, an agency-wide document that summarizes risks and controls for all of its business operations, to include recommendations from CTR’s “COVID-19 Pandemic Response Internal Controls Guidance” (see Finding 4). This updated ICP included telework, return-to-office plans, and a risk assessment of the impact of COVID-19 on department operations.

DCAMM’s management indicated that, as a result of the problems identified in Finding 5, the agency implemented a process to ensure that cybersecurity awareness training certificates would be collected and retained in employees’ files.

A PDF copy of the audit of the Division of Capital Asset Management and Maintenance is available here.

1. Workforce participation goals are the percentages of work hours for each construction contract that must be worked by minorities and women.

Appendix

Appendix:

Downloads

Audit of the Division of Capital Asset Management and Maintenance (English, PDF 917.63 KB)

Contact

Phone

Main (617) 727-2075

Online

Auditor@sao.state.ma.us

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.