An official website of the Commonwealth of Massachusetts

Log in links for this page

This page, Audit of Westfield State University (WSU), is offered by

Audit Audit of Westfield State University (WSU)

Audit found that the breakdown that led to the transfer of $1.75 million by Westfield State University (WSU) to an unauthorized account resulted from a failure to follow a basic procedure. The audit examined the period of October 1, 2018 through March 31, 2020.

Organization: Office of the State Auditor
Date published: April 15, 2021

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Westfield State University (WSU) for the period October 1, 2018 through March 31, 2020.

In this performance audit, we reviewed WSU’s information system security awareness training practices to determine whether its system users had completed required information system security awareness training. We also determined whether WSU had complied with its procedures, as well as policies issued by the Office of the Comptroller of the Commonwealth, when processing state vendors’ requests to create or change payment information and other information in the state’s accounting system, the Massachusetts Management Accounting and Reporting System.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

WSU did not always perform or document a verification of vendor/customer information.

Recommendations
 

  1. WSU should amend its procedures to ensure that verification is properly performed before creations or changes are processed and require all personnel to document the measures they take to verify the information vendors provide in requests to create or change information in their files.
  2. WSU should implement effective monitoring controls (e.g., a supervisory review process) to ensure that its staff complies with this requirement.

Finding 2
 

WSU did not ensure that information system security awareness training was completed as required by the Executive Office of Technology Services and Security.

Recommendations
 

  1. WSU should implement a formal information system security awareness training program requiring new users to receive training and existing users to be retrained annually.
  2. WSU should establish monitoring controls to ensure that all of its employees with access to its systems comply with these requirements.

 

A PDF copy of the audit of Westfield State University is available here.

Downloads

Contact

Feedback