Organization: | Office of the State Auditor |
---|---|
Date published: | June 11, 2018 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Massachusetts Clean Energy Center (MassCEC) for the period July 1, 2015 through June 30, 2017.
In this performance audit, we examined whether (1) MassCEC’s Wind Technology Testing Center generated sufficient revenue to cover its expenses; (2) MassCEC had a positive track record of investing in Massachusetts companies (i.e., had invested in companies that were financially viable); (3) MassCEC properly administered the Equity Investment and Venture Debt Investments Programs; (4) MassCEC had adequate internal controls (i.e., policies and procedures) over the processing of wire transfers and internal fund transfers; and (5) MassCEC developed a disaster-recovery plan (DRP)1 and business-continuity plan (BCP)2 for its computer operations. Below is a summary of our findings and recommendations, with links to each page listed.
MassCEC did not prevent or properly report the theft of $93,679 in public funds. |
|
|
|
MassCEC did not develop DRPs and BCPs for its computer systems. |
|
MassCEC should assess its computer systems from a risk-management and business-continuity perspective and develop and test an appropriate DRP and BCP. It should reassess such plans at least annually or upon major changes to its operations or overall information-technology environment. |
A PDF copy of the audit of the Massachusetts Clean Energy Center is available here.
Abbreviations
BCP |
business-continuity plan |
COSO |
Committee of Sponsoring Organizations of the Treadway Commission |
DRP |
disaster-recovery plan |
DHS |
Department of Homeland Security |
EOTSS |
Executive Office of Technology Services and Security |
FBI |
Federal Bureau of Investigation |
IT |
information technology |
MassCEC |
Massachusetts Clean Energy Center |
RETF |
Renewable Energy Trust Fund |
WTTC |
Wind Technology Testing Center |
1, A DRP is an information-system-based plan designed to allow for quick recovery of critical systems, applications, and information-technology infrastructure in the event of a large-scale disaster.
2. A BCP is a plan that develops risk-based strategies to mitigate identified potential threats to business operations. At a minimum, it should include a DRP and continuity-of-operations plan.
Table of Contents
Contact
Phone
Online
Fax
Address
Room 230
Boston, MA 02133