This page, Audit of the Massachusetts Rehabilitation Commission, is offered by
Office of the State Auditor

Audit

Audit Audit of the Massachusetts Rehabilitation Commission

Audit examines whether the Massachusetts Rehabilitation Commission has a system in place to properly administer its billings to vendors. It examines the period of July 1, 2015 through June 30, 2017.

Organization:	Office of the State Auditor
Date published:	July 3, 2018

Executive Summary

The Massachusetts Rehabilitation Commission (MRC), established under Section 74 of Chapter 6 of the Massachusetts General Laws, is a state agency within the Executive Office of Health and Human Services (EOHHS). Its primary mission is to help individuals with disabilities live and work independently in the community.

In accordance with Section 12 of Chapter 11 of the General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of MRC for the period July 1, 2015 through June 30, 2017. In this audit, we determined whether MRC has a system in place to properly administer its billings to vendors.

Below is a summary of our finding and recommendations, with links to each page listed.

Finding 1

MRC is not properly administering its contract management database.

Recommendations

MRC should immediately address the issues of noncompliance we identified during our audit and take the measures necessary to ensure that its staff members comply with all of EOHHS’s Information Security Management Program Standards, including establishing monitoring controls to monitor adherence to these standards.
MRC should implement a monitoring process for third-party vendors to ensure compliance with the Commonwealth’s information security control requirements as established by the information technology (IT) policies of both EOHHS and the Executive Office of Technology Services and Security.

A PDF copy of the audit of the Massachusetts Rehabilitation Commission is available here.

Post-Audit Action

EOHHS’s chief information security officer informed OSA that after the end of our audit period, EOHHS established procedures that include regularly monitoring third-party IT vendors to ensure their compliance with established IT controls and that, effective May 14, 2018, it had implemented new training on IT security for all its staff members.

List of Abbreviations

CMDB	contract management database
EOHHS	Executive Office of Health and Human Services
EOTSS	Executive Office of Technology Services and Security
IT	information technology
MMARS	Massachusetts Management Accounting and Reporting System
MRC	Massachusetts Rehabilitation Commission
OSA	Office of the State Auditor

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Contact

Office of State Auditor Diana DiZoglio

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Audit Audit of the Massachusetts Rehabilitation Commission

Executive Summary

Post-Audit Action

List of Abbreviations

Table of Contents

Contact

Office of State Auditor Diana DiZoglio

Phone

Online

Fax

Address

Help Us Improve Mass.gov with your feedback