| Organization: | Office of the State Auditor |
|---|---|
| Date published: | February 5, 2024 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Woods Hole, Martha’s Vineyard and Nantucket Steamship Authority (the Steamship Authority) for the period January 1, 2020 through December 31, 2021. When designing the audit plan for the Steamship Authority employees’ completion of cybersecurity awareness training, we extended the audit period back to November 1, 2019 to capture training assignment and completion dates since the Steamship Authority implemented its web-based training system.
In this performance audit, we determined whether the Steamship Authority spent Coronavirus Aid, Relief, and Economic Security Act funds in accordance with the Federal Transit Administration’s Frequently Asked Questions from FTA Grantees Regarding Coronavirus Disease 2019 (COVID-19) and the Steamship Authority’s memorandum of understanding with the Cape Cod Regional Transit Authority, dated April 21, 2020. We also determined whether the Steamship Authority ensured that its employees completed cybersecurity awareness training in accordance with its internal practice.
In addition to the conclusions we reached regarding our objectives, we also identified issues unrelated to our objectives regarding internal controls over the Steamship Authority’s employee and eligible nonemployee free ferry passage benefit and the Steamship Authority’s accountability for employee and eligible nonemployee identification badges. For more information, see Other Matters.
Below is a summary of our finding and recommendations, with links to each page listed.
|
Finding 1 |
The Steamship Authority does not have a formal, documented cybersecurity awareness training program and does not monitor the assignment and completion of cybersecurity awareness training courses. |
|
Recommendations |
|