Determination of Whether Net State Tax Revenues Exceeded Allowable State Tax Revenues Objectives, Scope, and Methodology

Pursuant to Chapter 62F of the Massachusetts General Laws, the State Auditor is required to (1) review and ensure the completeness and accuracy of the Commissioner of Revenue’s Report of the Net State Tax Revenues and Allowable State Tax Revenues for the fiscal year ended June 30, 2025; (2) independently determine whether net state tax revenues exceeded allowable state tax revenues; and (3) report the determination and amount of any excess state tax revenues for the fiscal year ended June 30, 2025. These were the objectives of this audit.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

We gained an understanding of the internal control environment related to the audit objectives at the Department of Revenue (DOR) and the other six state agencies that the Office of the Comptroller of the Commonwealth (CTR) identified as receiving Chapter 62F state tax revenues: the Massachusetts Gaming Commission, the Massachusetts State Lottery Commission, the Massachusetts State Athletic Commission, the Division of Insurance, the Office of the Secretary of the Commonwealth, and the Department of Unemployment Assistance. We accomplished this by reviewing applicable policies and procedures, inspecting applicable documents, and interviewing staff members and management at DOR and the other six state agencies. We also tested the operating effectiveness of controls related to the supervisory review and approval of the monthly bank reconciliations. In addition, we also conducted a site visit to observe the year-end closing procedures and processing of lockbox collections and deposits related to Chapter 62F revenues of the Commonwealth of Massachusetts lockboxes held at the Bank of America in Dorchester.

To obtain sufficient, appropriate evidence to address our audit objectives, we performed the following procedures:

• We reconciled Chapter 62F state tax revenues received by DOR and the other six agencies to the information in the state’s accounting system, the Massachusetts Management Accounting and Reporting System (MMARS). To this end, we reviewed DOR’s GeniSys accounting and reporting system and determined that GeniSys transactions were accurately reported in MMARS (see Exhibit II and Exhibit VI).
• We obtained the most recent Massachusetts wage and salary data paid to the citizens of the Commonwealth for calendar year 2024 from the US Department of Commerce’s Bureau of Economic Analysis and recalculated the allowable state tax growth factor. We used the recalculated growth factor to determine the allowable net state tax revenue for fiscal year 2025 (see Exhibit IV and Exhibit V). We then compared the net state tax revenue to the allowable state tax revenue for fiscal year 2025 (see Exhibit I).

To determine the reliability of the revenue data, we selected a judgmental sample¹of two months, August 2024 and January 2025, from the audit period (the fiscal year ended June 30, 2025). For these months, we reviewed all recorded Chapter 62F state tax revenues in MMARS and reconciled them to (1) DOR’s revenue recorded in GeniSys; (2) the revenue recorded by the other six state agencies, and (3) CTR’s revenue records. In addition, we compared and reconciled revenues recorded in GeniSys to CTR’s recorded Chapter 62F state tax revenues—and the revenue recorded by the other six state agencies to CTR’s tax revenue records—to confirm their accuracy.

The financial data from MMARS constitutes the official accounting records of the Commonwealth and forms the basis for the Commonwealth’s audited annual financial statements. In 2022, the Office of the State Auditor performed a data reliability assessment of MMARS that focused on testing selected system controls (access controls, application controls, configuration management, contingency planning, and segregation of duties). Additionally, we reviewed the policies and procedures of DOR and the Executive Office of Technology Services and Security for personnel member screening and security awareness training.

We also selected a judgmental sample of three months of bank reconciliations (August 2024, January 2025, and June 2025) performed by DOR during the audit period and verified that the deposits DOR recorded in its financial records reconciled with the information in its bank statements and with the deposit information maintained by the Office of the State Treasurer and Receiver General.

For GeniSys, we leveraged the results from the prior year’s audit (Audit Report No. 2025-5555-3S) and performed the following additional procedures. We interviewed DOR personnel members and determined that there were no significant changes made regarding general information technology controls, including security management, access controls, configuration management, segregation of duties, and contingency planning. In addition, we tested access controls, background checks, and security awareness training for users for the audit period.

Also, for the audit period, we performed variance analyses on the Chapter 62F revenues reported by DOR and the six other agencies to determine whether significant changes between fiscal years were within reasonable ranges and whether all sources of Chapter 62F state tax revenues were reported.

Based on the results of the data reliability assessment procedures described above, we determined that the information we obtained during the course of our audit was sufficiently reliable for the purposes of our audit.