Organization: | Office of the State Auditor |
---|---|
Date published: | April 19, 2024 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the University of Massachusetts (UMass) Lowell for the period July 1, 2020 through December 31, 2021.
In this performance audit, we determined whether UMass Lowell executed all bank card purchases in accordance with Sections II(A), II(D), III(A), and III(B) of the “Administrative Standards for the Business Expense Policy” within Appendix C of the “University of Massachusetts Business and Travel Expense Policy” (document T92-031) and Sections 2, 4–8, 11, 12, 15, and 21 of the UMass Bank Card Use Standard. We also determined whether UMass Lowell adhered to its “Security Awareness Policy IT-5-112” regarding cybersecurity awareness training for nonfaculty employees.
Below is a summary of our findings and recommendations, with links to each page listed.
Finding 1 | UMass Lowell’s bank card transactions did not always comply with UMass system policies and standards. |
Recommendations |
|
Finding 2 | UMass Lowell’s cybersecurity awareness training documentation was missing crucial information, and the university did not ensure that all nonfaculty employees completed cybersecurity awareness training. |
Recommendations |
|
Table of Contents
- Overview of Audited Entity
- Objectives, Scope, and Methodology
-
- The University of Massachusetts Lowell’s Bank Card Transactions Did Not Always Comply With University of Massachusetts System Policies and Standards
- The University of Massachusetts Lowell’s Cybersecurity Awareness Training Documentation Was Missing Crucial Information, and the University Did Not Ensure That All Nonfaculty Employees Completed Cybersecurity Awareness Training