Audit of the Hampden County District Attorney’s Office Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Hampden County District Attorney’s Office (HCDA) for the period July 1, 2019 through June 30, 2021.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

To achieve our audit objectives, we gained an understanding of HCDA’s internal control environment related to the objectives by reviewing HCDA’s policies and procedures and interviewing HCDA staff members and management. We evaluated the design and tested the operating effectiveness of the internal control (specifically, supervisory approval) for forfeited trust fund expenditures.

To determine whether expenditures from HCDA’s forfeited trust fund were appropriate and in compliance with Section 47(d) of Chapter 94C of the General Laws, we obtained a list from HCDA of all forfeiture trust fund expenditures that were made during the audit period. Using TeamMate Analytics,² we selected a nonstatistical, random sample of 5 forfeited trust fund expenditures (totaling $7,504) out of a total population of 49 forfeited trust fund expenditures (totaling $497,913) made during the audit period.

We examined supporting documentation (including invoices, bills, and purchase orders) to determine whether each expenditure was supported by documentation and was allowable under Section 47(d) of Chapter 94C of the General Laws.

We noted no exceptions in our testing; therefore, we conclude that HCDA’s expenditures from its forfeiture trust fund account were allowable and in compliance with Section 47(d) of Chapter 94C of the General Laws.

To determine whether HCDA ensured that all forfeited assets were accurately collected and deposited in accordance with Section 47(d) of Chapter 94C of the General Laws, we obtained a list of all forfeited assets that HCDA received during the audit period. Using TeamMate Analytics, we selected a nonstatistical, random sample of 33 forfeited assets HCDA received (totaling $16,863) from a population of 499 (totaling $327,446) from the audit period. We examined supporting documentation (including forfeiture orders, checks to and from police departments, deposit slips, bank statements, and forfeiture trust fund account activity) to determine whether forfeited assets were accurately collected and deposited.

We noted no exceptions in our testing; therefore, we conclude that HCDA ensured that all forfeited assets were accurately collected and deposited in accordance with Section 47(d) of Chapter 94C of the General Laws.

We used nonstatistical sampling methods and therefore did not project the results of our testing to any population.

To determine whether HCDA ensured that its employees completed cybersecurity awareness training in accordance with Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010, we obtained a list of all employees who worked for part or all of the audit period. The list contained 190 employees. We interviewed HCDA staff members about cybersecurity awareness training at the agency during the audit period. See Finding 1 for an issue we identified with HCDA’s cybersecurity awareness training.

In 2018 and 2022, the Office of the State Auditor performed data reliability assessments of the Massachusetts Management Accounting and Reporting System (MMARS). These assessments focused on testing selected system controls, including access, cybersecurity awareness, audit and accountability, configuration management, identification and authentication, and personnel security. In addition, as part of our current audit, we tested the controls in place over HCDA’s personnel security.

For the list of forfeited trust fund expenditures, we selected a random sample of five invoices from HCDA’s hardcopy files and determined whether the information on the invoices matched the data in MMARS. We also selected a random sample of five forfeited trust fund expenditures from MMARS and traced the information to the invoices. For the list of employees, we selected a random sample of 10 employees from HCDA’s personnel files and determined whether the information in the personnel files matched the data in MMARS. We also selected a judgmental sample of 10 employees from MMARS and traced the information to personnel files.

To determine the reliability of the data from the list of all forfeited assets HCDA received for the period July 1, 2019 through June 30, 2021, we traced a sample of 20 forfeited assets from the list to the source documents and selected 20 hardcopy documents to trace back to the list. In addition, we conducted tests to identify any duplicates to determine the integrity of the information in the list.

Based on the results of our data reliability assessment procedures detailed above, we determined that the information obtained for our audit period was sufficiently reliable for the purposes of our audit.