Audit Audit of the Norfolk District Attorney’s Office

The Office of the State Auditor has conducted a performance audit of certain activities of the Norfolk District Attorney’s Office (NDAO) for the period July 1, 2019 through June 30, 2021.

Organization:	Office of the State Auditor
Date published:	October 24, 2023

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Norfolk District Attorney’s Office (NDAO) for the period July 1, 2019 through June 30, 2021.

The purpose of our audit was to determine the following:

whether NDAO made forfeiture trust fund expenditures in accordance with Section 47(d) of Chapter 94C of the General Laws;

whether NDAO ensured that forfeited assets from closed cases were collected, deposited, and distributed in accordance with Section 47(d) of Chapter 94C of the General Laws; and

whether NDAO ensured that its employees completed cybersecurity awareness training in accordance with Sections 6.2.1, 6.2.3, and 6.2.4 of the Executive Office of Technology Services and Security’s (EOTSS’s) Information Security Risk Management Standard IS.010.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1	NDAO disbursed to two police departments $28,086 in forfeited assets that it should have retained.
Recommendations	NDAO should collect all of the forfeited assets to which it is entitled. NDAO should include language in its policies that references (1) the part of Section 47(d) of Chapter 94C of the General Laws about forfeited asset splits involving multiple police departments and (2) its process for forfeited asset distribution calculation review to ensure that all forfeitures are processed in compliance with Section 47(d) of Chapter 94C of the General Laws.
Finding 2	NDAO did not ensure that its employees completed cybersecurity awareness training.
Recommendations	NDAO should ensure that its employees complete cybersecurity awareness training within 30 days of their orientation and annually thereafter. The cybersecurity awareness training should include a test of each individual’s understanding of all policies and their role in maintaining the security of NDAO’s information technology systems. NDAO should implement monitoring controls to ensure that its employees complete their cybersecurity awareness training on time. NDAO should ensure that its employees are informed on all requirements outlined in EOTSS’s Information Security Risk Management Standard IS.010. NDAO should maintain a record of completion of cybersecurity awareness training for each employee.

Downloads

Open PDF file, 926.79 KB, Audit of the Norfolk District Attorney's Office (English, PDF 926.79 KB)

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.