Audit of the Determination of Whether Net State Tax Revenues Exceeded Allowable State Tax Revenues Objectives, Scope, and Methodology

Pursuant to Chapter 62F of the Massachusetts General Laws, the State Auditor is required to (1) review and ensure the completeness and accuracy of the Commissioner of Revenue’s Report of the Net State Tax Revenues and Allowable State Tax Revenues for the fiscal year ended June 30, 2023; (2) independently determine whether net state tax revenues exceeded allowable state tax revenues; and (3) report the determination and amount of any excess state tax revenues for the fiscal year ended June 30, 2023. These statutory requirements were the objectives of this audit.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

We gained an understanding of the internal control environment related to the audit objectives at the Department of Revenue (DOR) and the other six state agencies that the Office of the Comptroller of the Commonwealth (CTR) identified as receiving Chapter 62F state tax revenues: the Massachusetts Gaming Commission, the Massachusetts State Lottery Commission, the Massachusetts State Athletic Commission, the Division of Insurance, the Office of the Secretary of the Commonwealth, and the Department of Unemployment Assistance. We accomplished this by reviewing policies and procedures, inspecting documents, and interviewing staff members and management at DOR and the other six state agencies.

We performed the following procedures to obtain sufficient, appropriate audit evidence to address our audit objectives:

• We reconciled Chapter 62F state tax revenues received by DOR and the other six agencies to the information in the state's accounting system, the Massachusetts Management Accounting and Reporting System (MMARS). To this end, we reviewed DOR's GeniSys accounting and reporting system and determined that GeniSys transactions were accurately reported in MMARS (see Exhibit II and Exhibit VI).
• We obtained the most recent Massachusetts wage and salary data paid to the citizens of the Commonwealth for calendar year 2022 from the United States Department of Commerce’s Bureau of Economic Analysis and recalculated the allowable state tax growth factor. We used the recalculated growth factor to determine the allowable net state tax revenue for fiscal year 2023 (see Exhibit IV and Exhibit V). We then compared the net state tax revenue to the allowable state tax revenue for fiscal year 2023 (see Exhibit I).

To determine the reliability of the revenue data, we judgmentally² selected two months, September 2022 and January 2023, from the audit period (the fiscal year ended June 30, 2023). For these months, we reviewed all recorded Chapter 62F state tax revenues in MMARS and reconciled them to (1) DOR’s revenue recorded in GeniSys; (2) the revenue recorded by the other six state agencies; and (3) CTR’s tax revenue records. In addition, we compared and reconciled revenues recorded in GeniSys to CTR’s recorded Chapter 62F state tax revenues—and the revenue recorded by the other six state agencies to CTR’s tax revenue records—to confirm their accuracy.

The financial data obtained from MMARS and used for the analysis constitute the official accounting records of the Commonwealth and form the basis for the Commonwealth’s audited annual financial statements. In 2022, the Office of the State Auditor performed a data reliability assessment of MMARS that focused on testing selected system controls (access controls, application controls, configuration management, contingency planning, and segregation of duties) for the period December 1, 2020 through November 30, 2021. Additionally, we reviewed policies and procedures of DOR and the Executive Office of Technology Services and Security for personnel screening and security awareness training.

We also judgmentally selected three months of bank reconciliations (September 2022, January 2023, and June 2023) performed by DOR during the audit period and verified that the deposits DOR recorded in its financial records reconciled with the information in its bank statements as well as with the deposit information maintained by the Office of the State Treasurer and Receiver General.

For GeniSys, we reviewed the general information technology controls, policies, and procedures regarding the following: security management, access control, configuration management, segregation of duties, and contingency planning. We also tested access controls and security awareness training, unsuccessful login attempts, session locks, auditable events,³ audit monitoring, analysis, and reporting.

Additionally, for the current audit period, we performed variance analyses on the Chapter 62F revenues reported to determine whether significant changes were within reasonable ranges and whether all sources of Chapter 62F state tax revenues were reported.

Based on the above procedures, we concluded that the data obtained from MMARS and GeniSys were sufficiently reliable for the purposes of our audit.