Audit  Audit of the Middlesex Community College

The audit found MCC did not ensure that its users who had access to the finance and/or financial aid modules in Banner completed cybersecurity awareness training and recommends the school MCC implement policies and procedures that clearly define the contents and administration of its cybersecurity awareness training program. The audit examined the period of March 1, 2020 through June 30, 2021.

Organization: Office of the State Auditor
Date published: May 31, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Middlesex Community College (MCC) for the period March 1, 2020 through June 30, 2021.

In this performance audit, we reviewed financial activity from federal funding provided by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted by Congress on March 27, 2020; the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA), enacted on December 27, 2020; and the American Rescue Plan (ARP) Act, enacted on March 11, 2021. MCC received grant funding under two components of the CARES Act’s Education Stabilization Fund: direct funding from the United States Department of Education (US DOE), provided through the Higher Education Emergency Relief Fund (HEERF),1 and funding from the Massachusetts Department of Higher Education (MDHE), allocated through the Governor’s Emergency Education Relief Fund. The purpose of our audit was to determine whether MCC administered the CARES Act, CRRSAA, and ARP Act funding it received in accordance with the criteria established by US DOE and MDHE, as well as its own student award criteria.

We also determined whether MCC complied with the Office of the Comptroller of the Commonwealth’s guidance by updating its internal control plan to address risks related to the 2019 coronavirus pandemic. In addition, we determined whether MCC employees with access to the finance and/or financial aid modules in MCC’s Banner2 system completed annual cybersecurity awareness training in accordance with Section 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

MCC did not ensure that its users who had access to the finance and/or financial aid modules in Banner completed cybersecurity awareness training.

Recommendations
 

  1. MCC should implement policies and procedures that clearly define the contents and administration of its cybersecurity awareness training program.
  2. MCC should implement monitoring controls to ensure that users complete the cybersecurity awareness training modules assigned to them.

 

A PDF copy of the Audit Report of Middlesex Community College is available here.

 

1.    The HEERF consists of three separate grants related to the 2019 coronavirus pandemic emergency that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and ARP Act (HEERF III).

2.    Banner is the database system for MCC’s administrative activities, accounting, and student files. It is designed to link various integrated modules, including modules for registration, student billing, and financial aid, to the college’s financial system.

Downloads

Contact

Feedback