Audit of the Office of the State Treasurer and Receiver General Objectives, Scope, and Methodology

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of certain activities of the Office of the State Treasurer and Receiver General (OST) for the period January 1, 2019 through December 31, 2020.

OST does not keep a record of changes it makes to the tax identification number (TIN) list of all state agency bank accounts. Because no record of changes to the list is maintained, we obtained versions of the TIN list of all state agency bank accounts in use as of June 30, 2019 and June 30, 2020 and adjusted the audit period to June 30, 2019 through June 30, 2020 for Objective 1.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.

To achieve our audit objectives, we conducted interviews with OST staff members and management and reviewed agency policies and procedures to gain an understanding of internal controls that were relevant to the objectives. Additionally, we performed the procedures described below.

We obtained from OST two versions of the TIN list: one reflecting all state agency bank accounts in use as of June 30, 2019, and one reflecting this information as of June 30, 2020. We identified 14 banks associated with these accounts. Because no record of changes to the TIN list is maintained, we had to adjust the audit period to June 30, 2019 through June 30, 2020 for this objective. To determine whether all 14 banks were qualified and approved to do business with the Commonwealth, we traced all 14 banks to OST’s published lists of qualified banks that were in effect during our audit period (published May 3, 2018 and September 30, 2019).

To determine whether OST provided the House and Senate Committees on Ways and Means and the Joint Committee on Revenue with semiannual lists of banks in which funds from the Commonwealth were deposited during our audit period, we inspected copies of signed transmittal letters sent with the required lists. We also verified that the four lists from the audit period were published on the OST website.

To determine whether OST maintained and updated a list of qualified banks in accordance with its “Bank Account Maintenance Policy,” we compared OST’s most recent list of qualified banks, dated June 30, 2020, to the corresponding VERIBANC Inc. report. We did this to determine whether all the banks on OST’s list of qualified banks were listed on the VERIBANC Inc. report as well capitalized or adequately capitalized according to the Federal Deposit Insurance Corporation Improvement Act of 1991. Additionally, we confirmed that all the banks on OST’s list of qualified banks had a Community Reinvestment Act rating of “satisfactory” or higher listed on the Federal Financial Institutions Examination Council’s⁶ or the Division of Banks’ website.

To determine whether OST published and transmitted a list of qualified banks approved to do business with the Commonwealth to the Governor at least once every six months during our audit period, we checked the signed transmittal letter to the Governor and the OST website to verify that there was evidence of all OST’s submissions to the Governor during the audit period.

To determine whether OST had a process in place to ensure that all civil process fees that were received by sheriffs’ departments pursuant to Section 8 of Chapter 262 of the General Laws, and required to be transmitted to OST for deposit in the General Fund, were transmitted to OST, we reviewed OST cash management policies and procedures and interviewed OST officials. To identify which sheriffs’ departments transmitted civil process fees to OST, we compared the dollar amounts recorded in each of the 68 letters that sheriffs submitted with fees collected during our audit period to the dollar amounts in a Massachusetts Management Accounting and Reporting System (MMARS) report that OST management provided to us. The MMARS report represented all civil process fees collected by sheriffs’ departments during our audit period, transmitted to OST by sheriffs’ departments, and deposited by OST in the General Fund.

In 2018, OSA performed a data reliability assessment for MMARS for the period April 1, 2017 through March 31, 2018. The assessment focused on reviewing selected system controls, including access, security awareness, audit and accountability, configuration management, identification and authentication, and personnel security.

Based on our 2018 assessment, and our ability during this audit to trace the sheriff’s department transmittal letters to and from the MMARS report of civil process fee transactions that OST provided to us, we determined that the MMARS report was sufficiently reliable for the purposes of this audit.

To determine the reliability of the TIN lists that OST provided to us, we conducted interviews with agency officials who had knowledge about the data on the lists and compared the two lists (one showing information as of June 30, 2019 and one showing information as of June 30, 2020) to identify new accounts opened during fiscal year 2020. We then traced all New Account Request Forms to the list of new accounts to assess the completeness of the populations of forms and new accounts opened during fiscal year 2020. Based on these procedures, although we identified some issues (described in Finding 3), we determined that the TIN lists we obtained from OST were sufficiently reliable for the purposes of this audit.