Audit of the Massachusetts District Attorneys Association Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Massachusetts District Attorneys Association (MDAA) for the period July 1, 2019 through June 30, 2021.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

We also identified a record retention issue we believe warrants MDAA’s attention, which we have disclosed in the “Other Matters” section of this report.

To achieve our objectives, we gained an understanding of MDAA’s internal control environment related to the objectives by reviewing applicable MDAA policies and procedures, as well as conducting inquires with MDAA management.

To determine whether MDAA employees received initial and annual cybersecurity awareness training in accordance with EOTSS requirements, we inspected employee files, which should contain training certificates and/or transcripts, for all 13 employees who worked at MDAA during the audit period.

To determine whether MDAA employees had signed an acceptable use policy in accordance with EOTSS requirements, we inspected the “MDAA Information Technology User Responsibility Agreement” and “MDAA Policy on the Use of Information Technology Resources” for each of the 13 employees who worked at MDAA during the audit period to determine whether each employee had signed them.

To determine the completeness and accuracy of the hardcopy list of 13 MDAA employees that we received from MDAA’s legal counsel, we performed a query in the Human Resources Compensation Management System (HR/CMS), the Commonwealth’s human resources and payroll system, to determine the total number of employees who worked at MDAA during the audit period and compared the HR/CMS query results to MDAA’s list of employees. We also matched the 13 employee names, hire dates, and termination dates (where applicable) to hardcopy MDAA employee files.

Based on the results of these procedures, we determined that the MDAA employee list was sufficiently reliable for the purposes of this audit.