Skip to main content
  • This page, Audit of the Commonwealth Corporation Objectives, Scope, and Methodology, is   offered by
  • Office of the State Auditor

Audit of the Commonwealth Corporation Objectives, Scope, and Methodology

An overview of the purpose and process of auditing the Commonwealth Corporation.
Skip table of contents

Table of Contents

You skipped the table of contents section.

Overview

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of Commonwealth Corporation (CommCorp) for the period July 1, 2015 through June 30, 2018.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

Objective

Conclusion
  1. Does CommCorp administer the Workforce Training Fund Program’s (WTFP’s) General Program in such a way that CommCorp can effectively achieve the stated goals of awarding and monitoring grants to projects that will upgrade workers’ skills, increase productivity, and enhance the competitiveness of Massachusetts businesses?

Yes
  1. Does CommCorp properly administer the dissemination of personally identifiable information (PII)?

No; see Finding 1
  1. Does CommCorp post payroll and expenditure information to the Commonwealth’s CTHRU website1 as required by Section 14C of Chapter 7 of the General Laws?

No; see Finding 2

 

To achieve our objectives, we gained an understanding of CommCorp’s internal control environment as it relates to our audit objectives by reviewing applicable laws and agency policies and procedures and by conducting inquires with management regarding the administration of the WTFP General Program. We evaluated the design and tested the operating effectiveness of CommCorp’s controls over WTFP General Program Training Grant activity.

We also performed the following procedures.

  • To determine whether CommCorp had adequately selected and awarded grants to eligible businesses, we selected a random nonstatistical sample of 27 out of 160 WTFP General Program grantees that were awarded grants during our audit period and assessed the information they provided in applying for grants to determine whether they met program eligibility requirements.
  • To determine whether CommCorp actively monitored individual grant awards after they were distributed to recipients, we obtained a list of all WTFP General Program grants awarded and closed out2 before grant completion during the audit period. We selected a random nonstatistical sample of 27 out of 160 WTFP General Program grants that were issued and closed during our audit period and reviewed each grant to determine whether the goals regarding job creation and business productivity were achieved. We obtained and reviewed records of all WTFP General Program site visits to grantee businesses by CommCorp’s program managers during the audit period.
  • To determine whether CommCorp properly administered the dissemination of PII, we reviewed policies and procedures for information technology (IT) security, conducted interviews with members of senior management who were responsible for protecting confidential information, and further reviewed the support for security awareness training provided during the audit period.
  • Regarding the data breach3 that occurred on March 19, 2018, we interviewed key managers involved, including the president / chief executive officer, the chief financial officer, and the IT specialist. We then reviewed supporting documentation of CommCorp’s response to the data breach, including internal and external notification letters sent to employees and outside agencies.
  • We examined the state’s publicly available, searchable website CTHRU to determine whether it included data for CommCorp expenditures, including payroll, to ensure transparency with regard to the agency’s spending. We conducted interviews with senior management and documented their methods of reporting financial and payroll information as required.

We used data from CommCorp’s grant management system (Salesforce) to select our test sample in reviewing grant performance. We reviewed the controls in place for access to the data, program changes, and personnel screening. We further compared a random sample of 20 Fiscal Status Reports4 from Salesforce to the Fiscal Status Reports from AccuFund, CommCorp’s accounting and reporting system. We determined that the data from Salesforce were sufficiently reliable for the purposes of our audit.

Where sampling was used, we used nonstatistical judgmental samples; therefore, we could not project the results of our tests to the entire population.

1.    CTHRU is a Web-based application provided by the Comptroller of the Commonwealth to allow public access to state spending and payroll data. Payroll information is posted by calendar year, whereas expenditures are posted by fiscal year.

2.    Closing out is the final step in the grant distribution process, whereby the recipient receives the grant, having satisfied WTFP General Program requirements.

3.    A data breach occurs when someone gains unauthorized access to confidential information.

4.    These required quarterly financial reports are submitted electronically by WTFP General Program grantees to CommCorp to provide information on the current status of grant spending activities.

Date published: March 19, 2019

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback