Audit  Audit of the Massachusetts Cultural Council

The audit found that MCC did not verify artists’ eligibility prior to issuing grants from COVID-19 pandemic relief funds. The audit also found that MCC’s Internal Control Plan (ICP) was not updated with a COVID-19 component. Additionally, the audit found that MCC did not ensure all employees completed the required annual cybersecurity awareness training. The audit examined the period of March 1, 2020 through March 31, 2021.

Organization: Office of the State Auditor
Date published: June 16, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Massachusetts Cultural Council (MCC) for the period March 1, 2020 through March 31, 2021. The purpose of our audit was to determine the following:

  • Did MCC administer funds from its appropriations and donations that were used for 2019 coronavirus (COVID-19) pandemic relief funding for individuals in accordance with its grant guidelines for the fiscal year 2020 COVID-19 Relief Fund for Individual Artists, fiscal year 2020 Gary Knisely and Varian, and fiscal year 2021 COVID-19 Relief Fund for Individual Artists grants?
  • Did MCC administer funding from the Cultural Organization Economic Recovery Program according to its interdepartmental service agreement (ISA) with the state Executive Office for Administration and Finance and to MCC’s grant guidelines?
  • Did MCC update its internal control plan (ICP) to address the COVID-19 pandemic as required by the Office of the Comptroller of the Commonwealth’s “COVID-19 Pandemic Response Internal Controls Guidance”?
  • Did MCC ensure that its employees received annual cybersecurity awareness training as required by Section 6.1.1 of the Executive Office of Technology Services and Security’s (EOTSS’s) Acceptable Use of Information Technology Policy IS.002 and Section 6.2.4 of EOTSS’s Information Security Risk Management Standard IS.010?

For the fiscal year 2021 grants issued to individuals, we extended the audit scope through June 30, 2021.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

MCC did not verify that all recipients of grants from its COVID-19 pandemic relief funding met eligibility requirements.

Recommendation
 

MCC should establish policies and procedures to ensure that supporting documentation is provided to prove eligibility before it awards grants.

Finding 2
 

MCC awarded $39,000 to 26 ineligible applicants.

Recommendations
 

  1. MCC should stay informed of the requirements of its ISAs.
  2. MCC should establish policies and procedures to ensure that future ISAs are followed or properly amended and communicate the policies and procedures to all employees who are responsible for ISAs.

Finding 3
 

MCC’s ICP was not updated with a COVID-19 component.

Recommendation
 

MCC should establish policies and procedures, including a monitoring component, to ensure that its ICP is updated when significant changes occur.

Finding 4
 

MCC did not ensure that all employees completed required annual cybersecurity awareness training during the audit period.

Recommendations
 

  1. MCC should establish policies and procedures to ensure that all employees complete annual cybersecurity awareness training.
  2. MCC should assign an employee to be responsible for ensuring that the agency complies with EOTSS’s cybersecurity awareness training policy.

 

A PDF copy of the Audit of the Massachusetts Cultural Council is available here.

Downloads

Contact

Feedback