This page, Audit of the Executive Office of Education—Information Technology Contracts, is offered by

Audit Audit of the Executive Office of Education—Information Technology Contracts

The audit, which examined the period of July 1, 2016 through June 30, 2018, revealed the need for EOE to improve the administration of IT contracts to ensure vendors meet performance standards and adhere to essential security provisions.

Organization: Office of the State Auditor
Date published: October 11, 2019

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted an audit of the Executive Office of Education (EOE). The purpose of this audit was to determine whether EOE effectively monitored its information technology (IT) contracts during the period July 1, 2016 through June 30, 2018.

In this performance audit, we examined EOE’s processes for managing its IT contracts to ensure that the terms of the contracts were met.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

EOE did not always establish performance metrics or effectively measure the performance of its IT vendors.

Recommendations
 

  1. EOE should establish key performance indicators for future IT contracts.
  2. EOE should develop and implement a process to measure and monitor IT vendors’ performance.
  3. EOE should develop and implement metrics to ensure that IT vendors’ performance requirements, such as project milestones and time and expense budgets, are met.

Finding 2
 

EOE did not ensure that all of its third-party contracts contained essential security provisions.

Recommendation
 

EOE should establish policies and procedures that require that all IT contracts it negotiates with IT vendors comply with the Executive Office of Technology Services and Security’s “Third-Party Information Security Standard.”

 

Post-Audit Action

After we completed our audit work, EOE officials informed us that the agency had added a “Third-Party Information Security Standard” to its internal control plan.

 

A PDF copy of the audit of the Executive Office of Education - Information Technology Contracts is available here.

Downloads

Contact

Feedback