In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of certain activities of the University of Massachusetts (UMass) Dartmouth for the period July 1, 2014 through June 30, 2016. Because of the results of our audit planning procedures, it was necessary to extend our audit period in the area of property and equipment through December 28, 2016.
We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Below is a list of our audit objectives, indicating each question we intended our audit to answer; the conclusion we reached regarding each objective; and, if applicable, where each objective is discussed in the audit findings.
No; see Finding 1
No; see Finding 2
To achieve our objectives, we gained an understanding of the internal controls by evaluating the design and operating effectiveness of controls over fixed assets, Procard expenses, and services for students covered by the Americans with Disabilities Act of 1990 (ADA), such as emergency plans and access to supplemental learning aids.
In addition, we performed the following procedures.
To verify the completeness of the inventory list, we obtained and reviewed the Staging Table Report generated by UMass Dartmouth’s inventory software. This report identifies fixed assets (e.g., computer equipment, automobiles, and certain types of laboratory equipment) that have been purchased but have not been added to the university’s inventory list and therefore are more vulnerable to misuse and theft.
We sampled and examined inventory items to verify their existence and the accuracy of UMass Dartmouth’s inventory list and proper tagging of items with an asset identification number. The population consisted of 8,542 fixed assets, valued at $30,290,075, that included capital assets with purchase costs above $5,000, non-capital equipment items with purchase costs above $1,000, and all information technology (IT) equipment regardless of purchase cost. From this population, we selected a judgmental sample of 30 fixed assets to physically verify their existence. We also randomly selected another 30 fixed assets on the UMass Dartmouth campuses to verify that they had inventory tags affixed and were accurately recorded on the inventory list. Both sample selections included items that we deemed most vulnerable to theft or misuse, such as IT equipment (e.g., laptops and tablet computers).
In order to determine whether lost or stolen inventory was reported properly in accordance with UMass Dartmouth guidelines and Chapter 647 of the Acts of 1989,1 we compared UMass Dartmouth’s 15 Chapter 647 submittals made during our audit period with OSA records and compared the date of each incident with the date the report was submitted to OSA. We also reviewed campus police logs to determine whether there were losses, stolen items, or shortages of university property that had not been reported to OSA.
We obtained a list of 724 fixed assets, valued at $14,484,719, that were disposed of during our audit period. We judgmentally selected a sample of 35 of these disposed-of items (valued at $69,054), including 34 IT assets, that we deemed most vulnerable to misuse or theft. For each of the items in our sample, we verified that a UMass Dartmouth Equipment Disposal Form was on file and that the form was signed by the department head to indicate that the disposal was authorized. For IT equipment, we also verified that UMass Dartmouth’s IT department certified on the Equipment Disposal Form that the hard drives were destroyed as described in the university’s policies and procedures. We physically verified that equipment that had been disposed of was housed in a secured area (specifically, large, locked shipping crates). For the one non-IT asset, a 1988 Chevrolet cargo van, we examined documentation that supported its disposal.
To determine whether Procard transactions were appropriate, we obtained a list of all 30,512 transactions dated within our audit period from Citibank, UMass Dartmouth’s Procard vendor. These transactions were valued at a total of $5,481,569. We defined appropriate transactions as those that were made in accordance with UMass Dartmouth’s policies and procedures. We stratified our population into two categories: a refined high-risk population of 3,362 transactions, valued at a total of $689,881, and the remaining general population of 27,150 transactions, valued at $4,791,688. To identify the high-risk subpopulation, we performed multiple keyword searches on the list of transactions to identify prohibited items listed in UMass Dartmouth’s Procard User Guide, certain transactions with a high likelihood of being personal rather than business transactions, and cardholders who had a high volume of transactions or high-value transaction amounts. To identify prohibited transactions, we searched for keywords in the transaction description, vendor name, and merchant classification code (the code used to classify the type of services provided by the vendor). To identify potential personal transactions, we reviewed the nature, timing, and frequency of transactions, looking for those that were made on Saturdays, Sundays, and holidays; were for less than $10; and involved certain vendors or types of vendors. Our combined search criteria generated the aforesaid high-risk population of 3,362 transactions, from which we judgmentally selected a nonstatistical sample of 80 transactions (valued at $44,945) plus an additional 30 transactions specific to gift cards (valued at $12,855). From the general subpopulation of 27,150 transactions, we judgmentally selected a nonstatistical sample of 30 transactions, valued at $9,008. We had a total of 140 transactions in our sample.
We tested our sample of 140 Procard transactions to validate that each had a stated business purpose applicable to the role and department involved. We verified that each transaction was supported by vendor receipts, and by business expense or travel request forms where applicable. For the sample of 30 gift card transactions, we evaluated the same criteria described above, and we verified that there was evidence of receipt by the recipient, as required under the UMass Dartmouth Business Expense Policy and Procedure.
Student Disability Services
To evaluate whether the needs of students covered by the ADA were incorporated into emergency planning and training and whether those students had access to supplemental learning resources, we evaluated the communication of ADA-related information to the campus community, the administration of ADA accommodation requests, and resident assistant (RA) training on emergencies affecting students covered by the ADA.
In order to verify that RAs received this emergency training, we obtained a list of RAs from both academic years in our audit period from UMass Dartmouth’s Housing and Residential Education Office. From that list of 133 people, we randomly selected 10 RAs and acquired automated timestamps of required online training, including emergency procedures affecting students covered under the ADA, to determine whether they received training.
To validate that students covered under the ADA are made aware of support services provided by UMass Dartmouth, we reviewed the different media for communicating about ADA-related services. We verified that these services were clearly outlined and that the communications included contact information and the locations of service providers. We also verified that the information was provided in an accessible manner.
We inquired as to grievances filed by students at UMass Dartmouth who were covered by the ADA, but we were unable to obtain source documentation because of privacy concerns.
We evaluated the effectiveness of UMass Dartmouth’s process for administering ADA accommodation requests. Specifically, we randomly selected a sample of 30 out of 651 requests and reviewed each one to verify that it was supported by an ADA Reasonable Accommodation Form that was signed by the student, a professor, and a Center for Access and Success 2 staff member; a contract signed by the student outlining the student’s responsibilities; and medical documentation from a licensed medical practitioner to verify a need for services.
We used UMass’s PeopleSoft system at both the UMass President’s Office in Shrewsbury and the UMass Dartmouth campus. The PeopleSoft system contains employee and student records, the inventory of fixed assets, and Procard transactions. We determined the reliability of data obtained from PeopleSoft by observations and by comparing PeopleSoft data to other sources for agreement to test certain general IT controls over security management, access controls, and configuration management. We determined that the data were sufficiently reliable for the purposes of audit testing.
For ADA services, we reviewed hardcopy source documents such as original medical documentation, signed accommodation request forms, and ADA student contracts. We determined that the information was sufficiently reliable for the purposes of audit testing.
Whenever sampling was used, we applied a nonstatistical approach, and as result, we were not able to project our results to the entire populations.
|Date published:||April 9, 2018|