| Organization: | Office of the State Auditor |
|---|---|
| Date published: | June 30, 2022 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Massachusetts Department of Transportation’s (MassDOT’s) Aeronautics Division for the period July 1, 2019 through June 30, 2021.
In this performance audit, we determined whether the Aeronautics Division established a review process for its contract with Aurigo Software Technologies, Inc.1 and assigned a project manager to ensure that changes made to the software development project under contract were reviewed and approved, whether the division followed policies and procedures for the acceptable use of its information technology resources and for cybersecurity awareness training, whether the division established a business continuity plan (BCP), and whether the division registered aircraft and recorded the registration revenue2 generated during the audit period. In addition, we determined whether the Aeronautics Division updated its internal control plan (ICP) in response to significant effects of the 2019 coronavirus pandemic as required by the Office of the Comptroller of the Commonwealth. We also assessed whether the Aeronautics Division Drone Program operated in accordance with Part 48 of Title 14 of the Code of Federal Regulations (CFR), 14 CFR 107.61, 14 CFR 107.73, and the “MassDOT Aeronautics Drone Team Inventory Standard Operating Procedures.”
Below is a summary of our findings and recommendations, with links to each page listed.
|
The Aeronautics Division does not have a BCP. |
|
|
The Aeronautics Division, in conjunction with the new MassDOT employees assigned to this area, should develop, document, and test a BCP. |
|
|
The Aeronautics Division did not ensure that staff members signed its acceptable use policy and completed cybersecurity awareness training. |
|
3. The Aeronautics Division should require all personnel to sign the “Acceptable Use of Information Technology (IT) Resources” policy. |
|
|
The Aeronautics Division does not have an ICP. |
|
|
1. The Aeronautics Division contracted Aurigo Software Technologies, Inc. to configure and install an application called Aurigo Masterworks. Until 2021, the division used this application to process aircraft registrations and revenue collected from the registrations.
2. Aircraft owners must annually register with, and pay a registration fee to, the Aeronautics Division to be based in one of the Commonwealth’s public-use airports.
Table of Contents
- Abbreviations
- Overview of the Audited Entity
- Audit Objectives, Scope, and Methodology
-
- The Massachusetts Department of Transportation’s Aeronautics Division Does Not Have a Business Continuity Plan.
- The Aeronautics Division Did Not Ensure That Staff Members Signed Its Acceptable Use Policy and Completed Cybersecurity Awareness Training.
- The Aeronautics Division does not have an internal control plan.
- Other Matters: The Massachusetts Department of Transportation Aeronautics Division’s “Interim (Internal) Policy for the Use of Unmanned Aircraft Systems (UAS)” Does Not Contain Emergency Response Procedures or Sign-In/Sign-Out Procedures for Drones.
Downloads
Contact
Phone
Online
Fax
Address
Room 230
Boston, MA 02133