Audit of the Massachusetts State College Building Authority Overview of Audited Entity

The Massachusetts State College Building Authority (MSCBA) was established under Chapter 703 of the Acts of 1963. MSCBA is authorized to finance and oversee the design and construction of housing, dining, athletic, parking, and other student activity facilities at the 15 community colleges¹ and nine state universities.² This financing and oversight authority, which is established by its enabling legislation, is subject to written approval from the Secretary of Administration and Finance and the Commissioner of Higher Education for Massachusetts. MSCBA is also authorized to issue bonds and collect student rents and fees for the operation of student living facilities.

MSCBA oversees residence halls that house approximately 16,500 students across 54 residential complexes. These facilities accommodate about 50% of the total undergraduate student population in Massachusetts state colleges and universities and span approximately 4.5 million square feet across the nine state university campuses (as shown below). There are no residence halls located on community college campuses.

Source: MSCBA’s Annual Report Fiscal Year 2023 (https://www.mscba.org/docs/143_2024-01-31MSCBAFY2023AnnualReport​withFinancialStatements.pdf)

MSCBA is governed by a nine-member board, the members of which are appointed by the Governor. Three members of the board must also be members of the state’s Board of Higher Education. It is also governed by various state procurement laws and regulations; the trust agreements for all bonds that MSCBA issues; and the Contract for Financial Assistance, Management and Services between MSCBA and the Board of Higher Education, which acts on behalf of the community colleges and universities served by MSCBA. Further, the Secretary of Administration and Finance and the State Treasurer and Receiver General must approve the sale of all bonds and notes issued by MSCBA to fund its projects. MSCBA’s board appoints an executive director who is responsible for overseeing the day-to-day operations of MSCBA.

The Commonwealth does not appropriate any state funding for MSCBA, nor does it guarantee the bonds issued by MSCBA for its building projects. Instead, all revenue used to support the design, construction, and operation of MSCBA facilities is generated through rents and fees paid by students for the use of these facilities and related services. According to the MSCBA fiscal year 2023 audit report that was completed by an independent auditor, MSCBA’s principal amount of outstanding bond debt, as of June 30, 2023, was $1.135 billion. For the fiscal year that ended June 30, 2023, MSCBA spent $30,323,667 on land, construction, buildings, improvements, furnishings, and equipment for MSCBA capital assets at community colleges and universities.

MSCBA is located at 10 High Street in Boston and had 14 employees as of June 30, 2024. 

MSCBA voluntarily participates in the Supplier Diversity Office’s (SDO’s) Supplier Diversity Program (SDP). According to the Supplier Diversity Office Comprehensive Annual Report Fiscal Year 2023, “the role of the SDO is to certify, provide resources for, and support a wide range of diverse and small businesses in competing for contracts being bid across the Commonwealth.”

Through consultation with the Office for Access and Opportunity and Community Affairs, which falls under the Office of the Governor, SDO sets annual benchmark percentages for spending by SDP participants with minority-owned,³ woman-owned, and veteran-owned businesses.⁴ The annual spending benchmarks are expressed as a percentage of the discretionary budget for each participating state agency.

For fiscal years 2023 and 2024, SDO set the spending benchmarks⁵ outlined in the table below.

During the audit, MSCBA officials told us that they determine discretionary spending by identifying expenditures linked to specific job codes within various projects. This includes costs for building construction such as materials, labor, and permits; design services, which cover architectural and interior design; and project management, which involves coordinating budgets, schedules, and resources to ensure the successful completion of projects.

MSCBA voluntarily submits a narrative describing its efforts to meet the spending benchmarks and to advance diversity and inclusion in its procurement, which SDO includes as part of its annual report. According to the Supplier Diversity Office Comprehensive Annual Report Fiscal Year 2023,

[MSCBA] is committed to fostering, cultivating, and preserving a culture of diversity, equity, and inclusion. [MSCBA] partners with the Commonwealth’s Supplier Diversity Office, other state entities, and industry associations to strengthen the diverse workforce within the Commonwealth.

In addition to adopting the Commonwealth’s diversity goals for hiring design and construction firms, the MSCBA continues to reach out to the subcontractor community by engaging Minority Business Enterprises, Women Owned Business Enterprises, and Veteran-Owned Business Enterprises in a web-based trade contractor prequalification process where they are awarded additional credit toward becoming prequalified to bid on MSCBA projects.

Staff members of community colleges and universities manage the day-to-day operations of buildings owned by MSCBA. According to the Contract for Financial Assistance, Management and Services, dated February 1, 2003, between MSCBA and the Board of Higher Education, each community college and university is required to operate and maintain the buildings located on its campus and to keep them in good order and repair. Universities collect rents and fees from students for the use of the buildings; procure all necessary equipment, materials, and supplies for upkeeping buildings; and make necessary repairs—all of which are similar to the responsibilities that a property manager has. As the legal owner of the properties, MSCBA remains accountable for the overall condition of the properties and provides the financing for upkeep and repairs.

MSCBA assigns a project manager to each campus to help oversee building maintenance. These project managers stay in contact with campus facilities staff members and keep track of any deferred maintenance needs. Project managers meet with campus facility staff members regularly to identify any issues, needed repairs, or renovation requests.

MSCBA has a number of requirements to which community colleges and universities must adhere. For example, each year, MSCBA requires community colleges and universities to confirm that they have active service contracts for key systems in MSCBA-owned buildings on their campuses, such as boilers, elevators, fire escapes, fire alarms, fire suppression systems, and generators. In order to confirm that they hold these active contracts, community colleges and universities submit copies of the contract tracking sheets to MSCBA. Universities must also certify that the annual Certificates of Occupancy are on file for residential buildings. Additionally, community colleges and universities must notify MSCBA of any deficiencies or violations that need to be addressed as soon as they are identified—for example, sprinkler systems that need to be updated or issues identified during building system maintenance inspections. Community colleges and universities submit this information via email using a Service Contract Tracking Sheet provided by MSCBA. 

During our prior audit (Audit No. 2018-0209-3A), we found that MSCBA had not developed an effective business continuity plan (BCP) or conducted testing of its disaster recovery plan in accordance with the Executive Office of Technology Services and Security’s (EOTSS’s) Business Continuity and Disaster Recovery Standard IS.005.⁶ This standard required that Commonwealth agencies have a plan to keep essential business functions running, especially during disruptions. The BCP should focus on the most likely and most impactful risks to information security, identify key functions, and include ways to keep those functions going if systems or environments fail. Additionally, the BCP must be tested every year to check for any overlooked issues or necessary updates, including changes to equipment or staff members. Although MSCBA is not required to follow these standards, since it is not a Commonwealth agency within the executive branch and is instead categorized as a quasi-governmental agency, EOTSS still recommends that non-executive branch state agencies follow these standards. We also consider them best practices.

Additionally, during our prior audit (Audit No. 2018-0209-3A), we found that MSCBA’s system of internal controls needed improvement. Specifically, we found that MSCBA had not developed an internal control plan (ICP) that clearly summarized (1) all of the risks that could potentially prevent it from achieving its financial, operational, and compliance goals and (2) the internal controls that MSCBA had in place to mitigate these risks. While our report acknowledged that MSCBA had documented policies and procedures, primarily related to its financial operations, these controls were limited to specific areas and did not form a comprehensive ICP. In our prior audit, we recommended that MSCBA conduct an agency-wide risk assessment and develop internals controls to mitigate identified risks and achieve organizational goals.

While there are no specific legal or regulatory requirements related to MSCBA’s system of internal controls, Chapter 647 of the Acts of 1989 requires state agencies to develop and clearly document internal control systems in accordance with the guidelines established by the Office of the Comptroller of the Commonwealth (CTR). These guidelines require that an ICP be based on an agency-wide risk assessment and be revised annually. Although MSCBA is not required to follow these standards, since it is not a Commonwealth agency within the executive branch and is instead categorized as a quasi-governmental agency, we consider them best practices.