Organization: | Office of the State Auditor |
---|---|
Date published: | May 2, 2024 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the University of Massachusetts (UMass) Dartmouth for the period July 1, 2020 through December 31, 2021.
In this performance audit, we determined whether UMass Dartmouth executed all bank card purchases in accordance with Sections II(A), II(D), III(A), and III(B) of the “Administrative Standards for the Business Expense Policy” within Appendix C of the “University of Massachusetts Business and Travel Expense Policy” (document T92-031) and Sections 2, 4–8, 11, 12, 15, and 21 of the UMass Bank Card Use Standard. We also determined whether UMass Dartmouth ensured that its employees completed cybersecurity awareness training in accordance with Section 1 of Control 14 (Security Awareness and Skills Training) of the Center for Internet Security’s1 Critical Security Controls.2
Below is a summary of our findings and recommendations, with links to each page listed.
Finding 1 | UMass Dartmouth’s bank card transactions did not always comply with UMass system policies and standards. |
Recommendations |
|
Finding 2 | UMass Dartmouth did not provide cybersecurity awareness training for any of its employees. |
Recommendations |
|
1. According to its website, the Center for Internet Security is a nonprofit entity with the mission “to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.”
2. According to the Center for Internet Security’s website, the “Critical Security Controls . . . are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the [Critical Security Controls] and/or contribute to their development via a community consensus process.”
Table of Contents
Downloads
Contact
Phone
Online
Fax
Address
Room 230
Boston, MA 02133