Massachusetts Convention Center Authority - Finding 5

MCCA was unable to provide documentation that it sent pre-event security surveys to all clients. For 17 out of the 20 ballroom events (85%) in our sample and 38 out of the 40 non-ballroom events (95%) in our sample, MCCA could not provide evidence that it sent and retained pre-event security surveys.

If MCCA does not send and retain pre-event security surveys, there is an increased risk, actual and/or perceived, that MCCA may not be addressing client needs consistently, fairly, and equitably. Of note, organizers and attendees of at least three events, and in some instances, MCCA employees themselves, expressed concern of disparate security presence at “Black-sponsored events.”¹³ These instances were each investigated as part of the Prince Lobell Tye investigation of MCCA, which concluded that there was no racism or racist intent behind the security presence at these events.¹⁴

Section 2.0 of MCCA's "[Public Safety Department] Standard Operating Procedures Event Security Assessment Program" states, "Public Safety Managers will send the Pre-Event Survey that coincides with its initial security level to the client, to be returned as soon as possible."

MCCA did not have sufficient monitoring controls in place to ensure that pre-event security surveys were sent to clients and that it retained documentation that clients had been provided security surveys. MCCA officials stated that the former intelligence analyst sent the pre-event security surveys to the clients by email. Despite multiple requests for this information by the audit team, MCCA did not provide it, citing that the analyst no longer works for MCCA.

1. MCCA should ensure it sends pre-event security surveys to clients and retains this documentation.
2. MCCA should retain all pre-event security surveys completed by its clients in a central, accessible location.
3. MCCA should ensure that its information technology systems support record retention and retrieval to facilitate data analysis, audit, investigations, and other required business processes.
4. MCCA should engage with the Secretary of the Commonwealth’s supervisor of public records on this matter to ensure compliance with the Commonwealth’s public records laws and applicable records retention schedules.

The MCCA asks our clients to provide a “pre-event” survey so that they can highlight aspects of their event our public safety team should be aware of before creating the security and safety plan. As the MCCA explained to the [Office of the State Auditor], many clients do not return these completed surveys. . . . The critical information for development of such a plan consists of multiple conversations and meetings with our clients in the months prior to an event detailing overall security staffing proposals, police details, and other security measures when and where appropriate. Since 2023, the MCCA has modified how it tracks the completion of client surveys and adjusted policies to reflect the reality that clients may not always fill out a survey.

Our audit found that MCCA could not produce records indicating that it sent and retained responses to pre-event security surveys to 85% of ballroom events and 95% of non-ballroom events in our sample. We remind MCCA that records should be retained in compliance with public records laws and applicable records retention schedules.

We acknowledge that MCCA may have secured critical security-related information through other means, such as interviews with clients. However, Section 2.0 of MCCA’s “[Public Safety Department] Standard Operating Procedures Event Security Assessment Program” states, “Public Safety Managers will send the Pre-Event Survey that coincides with its initial security level to the client, to be returned as soon as possible.” MCCA is certainly welcome to update its policies; however, we audited MCCA's compliance with its written policies that were in place during the audit period. MCCA did not retain sufficient records that pre-event security surveys were sent to clients and retained in accordance with its own written policies and procedures. We reiterate that not sending and retaining pre-event security surveys increases the risk of miscommunications and the potential that client needs may not be addressed in a consistent, fair, and equitable manner.