- Office of the State Auditor
Media Contact for Mass. Bay Community College Failed to Address Recommendations to Improve Tracking of Valuable Property, Audit Finds
Boston — In an audit released today, the Office of State Auditor Suzanne M. Bump (OSA) found Massachusetts Bay Community College (MBCC) has failed to take steps previously recommended by the office to improve the tracking of valuable college property. The audit also shows MBCC did not maintain an accurate inventory list of information technology (IT) equipment and could not substantiate that it conducted annual inventories of its IT equipment. The audit, which examined the period of July 1, 2018 through December 31, 2019, notes that as a result of these issues, MBCC cannot be certain that all of its IT equipment is accurately accounted for and safeguarded against misuse.
A previous audit issued in 2016 found that MBCC had not immediately reported to the OSA 10 missing or stolen items, totaling $12,720, as required by state law. At the time, OSA recommended that MBCC develop and implement policies, procedures and monitoring controls to ensure that all unaccounted-for funds or property were immediately reported. Today’s audit shows MBCC still has not taken steps to address these issues.
“It is imperative that higher education institutions like Massachusetts Bay Community College have strong systems in place to accurately account for IT assets that faculty and staff rely on, especially at a time when reliance on technology has drastically increased as a result of COVID-19,” Bump said of the audit. “Safeguarding these assets should be a priority for the institution moving forward, and I hope that this audit provides an opportunity for the college to enhance its protocols.”
During the current audit, MBCC did not record the original purchase dates and costs for any of the 2,844 assets on its inventory list, and 534 of the assets were missing other key identifying information, such as the asset tag number, location, description and serial number. In addition, the college’s IT inventory list was inaccurate. The audit found the information relative to 340 items in its inventory was duplicative in some way and 79 items (valued at $53,178) purchased during the audit period had not been added to the IT inventory list at all. Further, auditors noted some items were found in different locations from those listed on the inventory list and others had the wrong asset tag numbers recorded on the inventory list. In its response, MBCC indicated it was taking steps to resolve the issues.
Additionally, the audit showed that MBCC had not established a program to ensure that both new employees and system users received information security training. To lower the risks of cyberattacks, the audit urges the Community College to establish a training program for all employees.
MBCC is one of 15 public community colleges in Massachusetts, and serves approximately 6,000 full-time and part-time students for greater Boston and the Metrowest region. MBCC received approximately $21.1 million and $22.4 million from the Commonwealth of Massachusetts for fiscal years 2018 and 2019, respectively.
The full audit repot is available here.