Audit  Audit of the Massachusetts College of Art and Design

The audit examined financial activity from federal funds provided by the CARES Act and the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA). The audit examined the period of March 1, 2020 through June 30, 2021.

Organization: Office of the State Auditor
Date published: April 19, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Massachusetts College of Art and Design (MassArt) for the period March 1, 2020 through June 30, 2021.

In this performance audit, we reviewed financial activity from federal funds provided by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted by Congress on March 27, 2020, and the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA), enacted by Congress on December 27, 2020. MassArt received grant funding under two components of the CARES Act’s Education Stabilization Fund: direct funding from the United States Department of Education (US DOE), provided through the Higher Education Emergency Relief Fund (HEERF),1 and funding from the Massachusetts Department of Higher Education (MDHE), allocated through the Governor’s Emergency Education Relief Fund. Under the CRRSAA, MassArt received direct funding from US DOE, provided through HEERF II. The purpose of our audit was to determine whether MassArt administered CARES Act and CRRSAA funding it received in accordance with the criteria established by US DOE and MDHE. We also determined whether MassArt complied with the Office of the Comptroller of the Commonwealth’s guidance by updating its internal control plan to address risks related to the 2019 coronavirus pandemic. In addition, we determined whether the MassArt Administration and Finance Department personnel who were responsible for handling CARES Act and CRRSAA funding completed cybersecurity awareness training in accordance with the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
Page 12

MassArt does not require that all employees in its Administration and Finance Department complete cybersecurity awareness training.

Recommendations
Page 13

  1. MassArt should implement a policy requiring personnel to complete new-hire and annual cybersecurity awareness training.
  2. MassArt should maintain a record of completion of cybersecurity awareness training for each employee.

 

A PDF copy of the Audit of Massachusetts College of Art and Design is available here.

1.    The HEERF consists of three separate grants related to the 2019 coronavirus pandemic emergency that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and American Rescue Plan (HEERF III).

Downloads

Contact

Feedback