Audit of Berkshire Community College
August 30, 2022 · Berkshire Community College · Read the full official report on mass.gov ↗ · official site ↗
source
“Below is a summary of our findings and recommendations, with links to each page listed.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of Berkshire Community College covering March 1, 2020 through June 30, 2021.
“I am pleased to provide this performance audit of Berkshire Community College.”
The audit checked whether the college handled COVID-19 relief money according to federal and state rules and its own student grant process.
“The purpose of our audit was to determine whether BCC administered the CARES Act, CRRSAA, and ARP Act funding it received in accordance with the criteria established by US DOE and MDHE, as well as with its own student grant distribution method (see “Appendix”).”
If the college cannot show records for how federal money was spent, it cannot prove the money was used properly and could face repayment or future funding problems.
“Furthermore, noncompliance with record retention requirements for federal grants may result in BCC having to repay the funding and may adversely affect its ability to obtain future funding.”
For ordinary residents and students, this matters because the report checks whether emergency education funds were protected, documented, and used for intended COVID-19 support.
“States can use GEER funding to provide emergency support through allocations to IHEs that serve the students who have been most significantly affected by COVID-19.”
The audit found three main problems: weak documentation, missing required approvals, and gaps in cybersecurity training.
“BCC did not always ensure that its employees who had access to COVID-19 funding completed initial cybersecurity awareness training or annual refresher training.”
The auditor recommended that the college improve monitoring, approval controls, and cybersecurity training procedures; the college said it was taking steps to address the issues.
“Based on its response, BCC is taking measures to address our concerns on this matter.”
The findings are significant because weak approvals and incomplete records increase the chance that public emergency funds could be misused or could not be verified later.
“A lack of authorized approvals of HEERF I and HEERF II institutional-portion disbursements increases the risk of improper use of this funding.”
HEERF means Higher Education Emergency Relief Fund, a federal COVID-19 education grant program; GEER means Governor’s Emergency Education Relief Fund, another emergency education funding stream.
“The HEERF consists of three separate grants related to the 2019 coronavirus pandemic emergency that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and ARP Act (HEERF III).”
What the Auditor checked
- Complied Did BCC administer the student portion of funding under Section 18004(a)(1) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, Section 314(a)(1) of the Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA), and Section 2003(a)(1) of the American Rescue Plan (ARP) Act in accordance with the United States Department of Education’s (US DOE’s) Higher Education Emergency Relief Fund (HEERF) Frequently Asked Questions (FAQ) Rollup Document, Higher Education Emergency Relief Fund (HEERF) II Public and Private Nonprofit Institution (a)(1) Programs ([Catalog of Federal Domestic Assistance, or CFDA] 84.425E and 84.425F) Frequently Asked Questions, and Higher Education Emergency Relief Fund III Frequently Asked Questions and its own distribution method?
- Did not comply Did BCC administer the institutional portion of funding under Section 18004(a)(1) of the CARES Act and Section 314(a)(1) of the CRRSAA in accordance with US DOE’s Higher Education Emergency Relief Fund (HEERF) Frequently Asked Questions (FAQ) Rollup Document and Higher Education Emergency Relief Fund (HEERF) II Public and Private Nonprofit Institution (a)(1) Programs (CFDA 84.425E and 84.425F) Frequently Asked Questions?
- Complied Did BCC calculate lost revenue3 that it recovered in accordance with Questions 3, 9, and 10 of US DOE’s Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions?
- Did not comply Did BCC provide the student portion of Governor’s Emergency Education Relief (GEER) funding to eligible students in accordance with Attachment A of the interdepartmental service agreement (ISA) between the Massachusetts Executive Office of Education (EOE) and the Massachusetts Department of Higher Education (MDHE), and did it provide the institutional portion of GEER funding in accordance with Attachment A of its own ISA with MDHE?
- Complied Did BCC update its internal control plan (ICP) to address the effect of the 2019 coronavirus (COVID-19) pandemic in accordance with the Office of the Comptroller of the Commonwealth’s “COVID-19 Pandemic Response Internal Controls Guidance,” dated September 30, 2020?
- Did not comply Did all BCC Administration and Finance Division and Student Financial Services Office employees who had access to COVID-19 funding complete required cybersecurity awareness training in accordance with Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s (EOTSS’s) Information Security Risk Management Standard IS.010?
What the Auditor found
Why it matters: BCC cannot assure that federal funding was used for intended purposes, and noncompliance may require repayment or affect future funding.
Standard: Section 200.334 of Title 2 of the Code of Federal Regulations requires federal award records and supporting documents to be retained. ( Section 200.334 of Title 2 of the Code of Federal Regulations )
1 recommendation
- BCC should create and implement monitoring controls to ensure that all required supporting documentation for its federal expenditures is collected and retained.
Agency response & Auditor reply
Agency: "We are creating a streamlined monitoring system for transactions to ensure approval from inception to payment."
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."
Why it matters: A lack of authorized approvals increases the risk that HEERF I and HEERF II funding could be improperly used.
Standard: BCC’s CARES/GEER/HEERF Funds Policy and Procedures required CFO or executive council approval for funding requests. ( Berkshire Community College CARES/GEER/HEERF Funds Policy and Procedures )
1 recommendation
- BCC should create and implement monitoring controls to ensure that the required approval process for use of HEERF I and HEERF II funding is consistently followed.agency: agreed
Agency response & Auditor reply
Agency: "The College embraces the recommendations of the State Auditor."
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."
Why it matters: BCC is exposed to a higher risk of cyberattacks and financial and/or reputation losses.
Standard: Sections 6.2.3 and 6.2.4 of EOTSS’s Information Security Risk Management Standard IS.010 require new hire and annual cybersecurity awareness training. ( Section 6.2 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010 )
1 recommendation
- BCC should develop and implement policies, procedures, and controls to ensure that its employees with access to COVID-19 funding complete an EOTSS-compliant cybersecurity awareness training program.agency: agreed
Agency response & Auditor reply
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."
More audits of this entity
Other Office of the State Auditor reports on Berkshire Community College .
- Audit of Berkshire Community CollegeCollege / University · May 24, 2018
- Berkshire Community CollegeCollege / University · May 12, 2011