Press Release  Audit Offers Steps to Improve IT Administration and Security at Office of the Commissioner of Probation

BOSTON — Today, the Office of State Auditor Suzanne M. Bump (OSA) released an audit that examined the Office of the Commissioner of Probation’s (OCP) oversight of its electronic monitoring program for probationers and access to juvenile probation records by police. Although the audit found no deficiencies in these systems, it did identify areas where OCP could improve information technology (IT) procedures, including better management of employee access rights to OCP databases and enhanced cybersecurity awareness training for staff. The audit examined the period of July 1, 2018 through June 30, 2020.

“While the Office of the Commissioner of Probation has been diligent in its supervision of probationers, it’s evident through our examination that controls over employee access and IT systems need to be strengthened,” Bump said of the audit. “Bolstering agency administrative functions will only make the office’s work more efficient and will decrease the risk of mistakes being made during the probation process.”

The audit examined OCP employee access rights to internal systems with sensitive probationer data and found that most employees were missing required authorization from management and that some individuals who had left OCP still had access to IT programs. The audit also found that OCP only began conducting cybersecurity awareness training in March 2020 and that some employees had not completed training by the end of the audit period. Additionally, of the 55 employees reviewed, the audit noted 20 who had no evidence of a completed Criminal Offender Record Information (CORI) check on file. Not completing CORI checks could cause OCP to give individuals with convictions access to personally identifiable information as well as probation monitoring information.

The audit recommends OCP update its internal controls to reduce the risk of issues associated with access controls and permission rights, ensure that cybersecurity training is conducted and completed by all staff, and ensure that CORI checks are completed. Based on its response, OCP is taking steps to address these concerns.

OCP is part of the Massachusetts Trial Court system. The system is overseen by the Chief Justice of the Trial Court and the Court Administrator, who report to the Chief Justice of the Supreme Judicial Court. The OCP Commissioner administers the Massachusetts Probation Services in conjunction with the Chief Justice of the Trial Court and the Court Administrator. As of June 30, 2020, the office had 1,778 employees. Its operating budget was $156,133,131 for fiscal year 2019 and $163,055,581 for fiscal year 2020.

The full audit report is available here. 

###