| Organization: | Office of the State Auditor |
|---|---|
| Date published: | January 13, 2023 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Secretary of the Commonwealth of Massachusetts (SOC) for the period January 1, 2020 through December 31, 2021. The purpose of our audit was to determine the following:
- whether SOC processed Articles of Organization1 for domestic profit2 and foreign corporations3 in accordance with Sections 113.06(4) and 113.16(3) of Title 950 of the Code of Massachusetts Regulations (CMR)
- whether SOC ensured that Articles of Organization were approved promptly in accordance with Section V of its Corporations Division’s “Policies and Procedures”
- whether SOC ensured that domestic profit and foreign corporations filed their annual reports in accordance with 950 CMR 113.57(1) and (2)
- whether SOC updated its internal control plan (ICP) as required by the “[2019 Coronavirus (COVID-19)] Pandemic Response Internal Controls Guidance” issued by the Office of the Comptroller of the Commonwealth
- whether SOC employees responsible for the management of Coronavirus Aid, Relief, and Economic Security (CARES) Act funds received cybersecurity awareness training in accordance with Section 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010.
Below is a summary of our findings and recommendations, with links to each page listed.
|
Finding 1 |
SOC did not ensure that all Articles of Organization were properly signed. |
|
Recommendation |
SOC should create policies and procedures to ensure that all Articles of Organization filed with it are signed by an authorized person and include their role in the corporation and date they signed. |
|
Finding 2 |
SOC did not incorporate a COVID-19 response plan into its ICP. |
|
Recommendation |
SOC should draft a COVID-19 Pandemic Response Plan Appendix, incorporate it into its ICP, and annually review and update the ICP and appendix with any necessary changes. |
|
Finding 3 |
SOC did not ensure that Elections Division employees, who were responsible for the management of CARES Act funds, completed annual cybersecurity awareness training. |
|
Recommendations |
|
1. Articles of Organization outline the intent to form a corporation in the Commonwealth of Massachusetts.
2. According to Section 113.02 of Title 950 of the Code of Massachusetts Regulations a domestic profit corporation is “a corporation established, organized, or chartered under the Massachusetts General Laws having capital stock whether established before or after July 1, 2004 for the purpose of carrying on business for profit.”
3. According to Section 113.02 of Title 950 of the Code of Massachusetts Regulations, a foreign corporation is “a for-profit or non-profit corporation incorporated under a law other than the laws of the Commonwealth.”
Table of Contents
- Abbreviations
- Overview of the Audited Entity
- Audit Objectives, Scope, and Methodology
-
- The Secretary of the Commonwealth of Massachusetts Did Not Ensure That All Articles of Organization Were Properly Signed.
- SOC Did Not Incorporate a 2019 Coronavirus Response Plan Into Its Internal Control Plan.
- SOC Did Not Ensure That Elections Division Employees, Who Were Responsible for the Management of Coronavirus Aid, Relief, and Economic Security Act Funds, Completed Annual Cybersecurity Awareness Training.