Audit

Audit  Audit of the Sex Offender Registry Board

The Office of the State Auditor performed an audit of the Sex Offender Registry Board (SORB) for the period July 1, 2019 through June 30, 2021.

Organization: Office of the State Auditor
Date published: October 25, 2023

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has performed an audit of the Sex Offender Registry Board (SORB) for the period July 1, 2019 through June 30, 2021.

The objective of our audit was to follow up on the issues identified in our prior audit report (No. 2016‑1408-3S) to determine what measures, if any, SORB had taken to address those issues, as well as the adequacy of those measures. In addition, we determined whether SORB established a business continuity plan and a disaster recovery plan in accordance with the Executive Office of Technology Services and Security’s Business Continuity and Disaster Recovery Standard IS.005.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

SORB did not assign final classifications to all sex offenders before they were released from incarceration.

Recommendations
 

  1. SORB should collaborate with correctional facilities to establish more reliable procedures for providing anticipated release dates.
  2. SORB should track the progress of each sex offender’s classification process, including identifying any delays or issues that may arise and taking appropriate actions to address them, to ensure that all sex offenders are assigned final classifications at least 10 days before their earliest release dates.

Finding 2
 

SORB did not always conduct address verification data matching or update the Sex Offender Registry Information System (SORIS2).

Recommendations
 

  1. SORB should use all the interdepartmental service agreements it has with executive branch agencies to conduct address verification data matching to obtain accurate addresses for sex offenders considered in violation.
  2. SORB should update SORIS2 to reflect all updated address information it receives as part of its address verification data matching with executive branch agencies.

Finding 3
 

SORB does not have a documented and tested business continuity plan and disaster recovery plan.

Recommendations
 

  1. SORB should develop, document, and test a business continuity plan and disaster recovery plan.
  2. SORB should select an offsite location to recover SORIS2 data. Once the site has been selected, SORB should update and test its disaster recovery plan and incorporate any test results into the plan.

Downloads

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback