Audit

Audit  Audit of the University of Massachusetts Boston

Our office conducted a performance audit of the University of Massachusetts (UMass) Boston for the period July 1, 2022 through August 31, 2023.

Organization: Office of the State Auditor
Date published: December 26, 2024

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the University of Massachusetts (UMass) Boston for the period July 1, 2022 through August 31, 2023.

The purpose of this performance audit was to determine whether UMass Boston’s website and its learning management system (LMS), Blackboard, adhered to the accessibility standards established by the Web Content Accessibility Guidelines (WCAG) 2.0 and 2.1, respectively, for user accessibility, keyboard accessibility, navigation accessibility, language, error identification, and color accessibility. WCAG ensures that all users, regardless of ability, can access the content and functions of UMass Boston’s website and LMS. Further, it supports UMass Boston’s commitment to equal access for students, faculty members, and visitors, fulfilling legal1 and ethical standards.

Additionally, we determined whether UMass Boston ensured that its employees completed cybersecurity awareness training in accordance with its “Information and Security Awareness Policy.” Cybersecurity awareness is important because adhering to internal security policies helps UMass Boston demonstrate the university’s commitment to protecting sensitive information.

Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.

  
Finding 1
 
UMass Boston’s website is not fully accessible for all Massachusetts residents and users.
EffectBroken or faulty hyperlinks limit users from having equitable access to critical information and key online services offered by UMass Boston. They also increase the likelihood that Massachusetts residents and students will either access outdated or incorrect information or be directed to webpages that no longer exist.
Recommendation
 
UMass Boston should continually review its webpages to ensure that all hyperlinks lead to related information and provide equitable access to critical information and services offered online by UMass Boston.
Finding 2
 
UMass Boston’s learning management system, Blackboard, is not fully accessible for all students.
Effect

The above instances of noncompliance have the following effects on the user:

Broken or Faulty Hyperlinks

  • This can limit Blackboard users from having equitable access to critical information and key online services offered on the LMS.
  • This can increase the likelihood that users will either access outdated or incorrect information or be directed to webpages that no longer exist.

Missing Search Bars

  • This can prevent users from navigating to other relevant information.

Hyperlinks Without Identifiable Markers or Sufficient Contrast

  • This can negatively impact the user experience by making it difficult to locate other relevant information.

Zoom In to 200% and 400%

  • Users may be unable to read Blackboard content.

Bypass Blocks

  • Users may be unable to navigate to the important main content of a webpage quickly.

Portrait Mode

  • Users may be unable to interact with their course content on their mobile devices effectively.

Keyboard Accessibility/Navigation

  • Users who have mobility issues may be unable to access certain features and content.

Titles

  • Users with screen readers may lose comprehension of the course content.

Language Attributes

  • The lack of language attributes renders screen readers unable to have the content read to users.

Error Identification

  • If users are not informed of errors when making inputs on data entry, it means that users will be unable to identify their errors and retrieve the content they need.
Recommendation
 
UMass management should review the accessibility statements and reports of its LMS vendor to determine instances of WCAG noncompliance. UMass management should work with its LMS vendor to ensure that any potential instances of WCAG noncompliance are resolved.
Finding 3
 
UMass Boston did not always ensure that its employees completed cybersecurity awareness training.
EffectIf UMass Boston does not educate all employees on their responsibility to protect its information assets by requiring cybersecurity awareness training, then UMass Boston is exposed to a higher-than-acceptable risk of cybersecurity attacks, which may cause financial and/or reputational losses.
Recommendation
 
UMass Boston should revise its policy to implement a mechanism that requires employees to complete cybersecurity awareness training at hire and at least annually thereafter; UMass Boston should consider cutting off user access if an employee does not complete their training by a stated deadline.

In addition to the conclusions we reached regarding our audit objectives, we also identified issues not specifically addressed by our objectives. For more information, see Other Matters.


 

1.    Title II of the Americans with Disabilities Act requires that state universities’ and colleges’ websites be accessible.

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback