Audit of the Department of Telecommunications and Cable Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Department of Telecommunications and Cable (DTC) for the period July 1, 2015 through December 31, 2017.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

To achieve our objectives, we gained an understanding of the internal controls we deemed significant to our audit objectives by reviewing applicable laws, rules, regulations, policies, procedures, and reports, as well as performing interviews and observations. We evaluated the design and effectiveness of controls over the administration of consumer complaints and information security training regarding personal information, and we assessed whether the controls operated as intended during the audit period.

In addition, we performed the following procedures to obtain sufficient, appropriate audit evidence to address our audit objectives.

We sampled and examined consumer complaint investigation case files to verify the existence and completeness of DTC’s list of all investigations opened or closed during the audit period by verifying the case number, case origin (e.g., phone call, email, or in-person visit), correspondence type (e.g., investigation), open date, close date, primary service issue (e.g., quality of service, account collections, or service termination), and status. The population consisted of 5,669 cases, which included all cases from the audit period that were opened, closed, or still pending as of December 31, 2017. From this population, we selected a nonstatistical judgmental sample of 90 consumer complaint investigation cases, all of which took more than 30 calendar days to complete, to determine the amount and percentage of time attributed to administrative processing from the initiation of the case to its closure by DTC. This sample selection represented the six primary service issues that accounted for 92% of all cases that took more than 30 calendar days to complete: quality of service; billing; issues with the federal Lifeline Program, which provides a discount on phone services for qualifying low-income people; account collections and service termination; rates, taxes, and fees; and wireless phone billing.

We tested all consumer contact database users with access to the personal information in the database who were subject to mandatory information security training during the audit period to determine whether they had completed the required training. We assessed the reliability of the user list by requesting a confirmation of information security training for all users from the Human Resources Department of the Office of Consumer Affairs and Business Regulation, DTC’s oversight organization. The information security training status of all users was provided. Accordingly, we deemed the data to be sufficiently reliable for the purposes of our audit.

We obtained information from DTC’s consumer contact database, which contains a list of all consumer contacts recorded by DTC personnel. We conducted information security testing by using questionnaires, conducting interviews, reviewing supporting documentation, and performing observations to determine the reliability of the information obtained from the database. For our audit period, we traced a sample of 30 consumer contacts with the correspondence type “investigation” to electronic files containing case details and, where applicable, source documents (e.g., emails or document images). We determined that the information was sufficiently reliable for the purpose of audit testing.

Whenever sampling was used, we applied a nonstatistical approach, and as result, we were not able to project our results to the entire populations.