BOSTON – In an audit released today, May 11, the Office of State Auditor Suzanne M. Bump (OSA) found Massachusetts Bay Community College (MBCC) has failed to take steps previously recommended by the office to improve the tracking of valuable college property.
The audit also shows MassBay did not maintain an accurate inventory list of information technology (IT) equipment and could not substantiate that it conducted annual inventories of its IT equipment.
The audit, which examined the period of July 1, 2018 through December 31, 2019, notes that as a result of these issues, MassBay cannot be certain that all of its IT equipment is accurately accounted for and safeguarded against misuse.
A previous audit issued in 2016 found that MassBay had not immediately reported to the State Auditor 10 missing or stolen items, totaling $12,720, as required by state law.
At the time, State Auditor recommended that MBCC develop and implement policies, procedures and monitoring controls to ensure that all unaccounted-for funds or property were immediately reported.
Today’s audit shows MassBay still has not taken steps to address these issues.
“It is imperative that higher education institutions like Massachusetts Bay Community College have strong systems in place to accurately account for IT assets that faculty and staff rely on, especially at a time when reliance on technology has drastically increased as a result of COVID-19,” Bump said of the audit. “Safeguarding these assets should be a priority for the institution moving forward, and I hope that this audit provides an opportunity for the college to enhance its protocols.”
During the current audit, MassBay did not record the original purchase dates and costs for any of the 2,844 assets on its inventory list, and 534 of the assets were missing other key identifying information, such as the asset tag number, location, description and serial number. In addition, the college’s IT inventory list was inaccurate.
The audit found the information relative to 340 items in its inventory was duplicative in some way and 79 items (valued at $53,178) purchased during the audit period had not been added to the IT inventory list at all.
Further, auditors noted some items were found in different locations from those listed on the inventory list and others had the wrong asset tag numbers recorded on the inventory list. In its response, MassBay indicated it was taking steps to resolve the issues.
Additionally, the audit showed that MassBay had not established a program to ensure that both new employees and system users received information security training.
To lower the risks of cyberattacks, the audit urges the Community College to establish a training program for all employees.
MassBay is one of 15 public community colleges in Massachusetts, and serves approximately 6,000 full-time and part-time students for greater Boston and the Metrowest region.
MassBay received approximately $21.1 million and $22.4 million from the Commonwealth of Massachusetts for fiscal years 2018 and 2019, respectively.
In full transparency, above is a press release from the Massachusetts State Auditor’s office.