Audit

Audit  Audit of the Massachusetts Rehabilitation Commission

Audit examines whether the Massachusetts Rehabilitation Commission has a system in place to properly administer its billings to vendors. It examines the period of July 1, 2015 through June 30, 2017.

Organization: Office of the State Auditor
Date published: July 3, 2018

Executive Summary

The Massachusetts Rehabilitation Commission (MRC), established under Section 74 of Chapter 6 of the Massachusetts General Laws, is a state agency within the Executive Office of Health and Human Services (EOHHS). Its primary mission is to help individuals with disabilities live and work independently in the community.

In accordance with Section 12 of Chapter 11 of the General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of MRC for the period July 1, 2015 through June 30, 2017. In this audit, we determined whether MRC has a system in place to properly administer its billings to vendors.

Below is a summary of our finding and recommendations, with links to each page listed.

Finding 1

MRC is not properly administering its contract management database.

Recommendations

  1. MRC should immediately address the issues of noncompliance we identified during our audit and take the measures necessary to ensure that its staff members comply with all of EOHHS’s Information Security Management Program Standards, including establishing monitoring controls to monitor adherence to these standards.
  2. MRC should implement a monitoring process for third-party vendors to ensure compliance with the Commonwealth’s information security control requirements as established by the information technology (IT) policies of both EOHHS and the Executive Office of Technology Services and Security.

A PDF copy of the audit of the Massachusetts Rehabilitation Commission is available here. 

Post-Audit Action

EOHHS’s chief information security officer informed OSA that after the end of our audit period, EOHHS established procedures that include regularly monitoring third-party IT vendors to ensure their compliance with established IT controls and that, effective May 14, 2018, it had implemented new training on IT security for all its staff members.

List of Abbreviations

CMDB

contract management database

EOHHS

Executive Office of Health and Human Services

EOTSS

Executive Office of Technology Services and Security

IT

information technology

MMARS

Massachusetts Management Accounting and Reporting System

MRC

Massachusetts Rehabilitation Commission

OSA

Office of the State Auditor

Contact

Phone

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback