Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of Berkshire Community College

August 30, 2022 · Berkshire Community College · Read the full official report on mass.gov ↗ · official site ↗

Published August 30, 2022 Audit covers March 1, 2020 – June 30, 2021 Under Suzanne M. Bump · 2011–2023

In plain English
Auditors found that Berkshire Community College generally distributed student aid properly, but it did not keep enough records for some federal COVID-19 spending, did not always get required approvals, and did not ensure all relevant employees completed cybersecurity training.
source
“Below is a summary of our findings and recommendations, with links to each page listed.”
Read the plain-English breakdown
What is this?

This is a Massachusetts State Auditor performance audit of Berkshire Community College covering March 1, 2020 through June 30, 2021.

“I am pleased to provide this performance audit of Berkshire Community College.”
Why was it audited?

The audit checked whether the college handled COVID-19 relief money according to federal and state rules and its own student grant process.

“The purpose of our audit was to determine whether BCC administered the CARES Act, CRRSAA, and ARP Act funding it received in accordance with the criteria established by US DOE and MDHE, as well as with its own student grant distribution method (see “Appendix”).”
Why it matters

If the college cannot show records for how federal money was spent, it cannot prove the money was used properly and could face repayment or future funding problems.

“Furthermore, noncompliance with record retention requirements for federal grants may result in BCC having to repay the funding and may adversely affect its ability to obtain future funding.”
What's in it for me?

For ordinary residents and students, this matters because the report checks whether emergency education funds were protected, documented, and used for intended COVID-19 support.

“States can use GEER funding to provide emergency support through allocations to IHEs that serve the students who have been most significantly affected by COVID-19.”
The bottom line

The audit found three main problems: weak documentation, missing required approvals, and gaps in cybersecurity training.

“BCC did not always ensure that its employees who had access to COVID-19 funding completed initial cybersecurity awareness training or annual refresher training.”
What happens next

The auditor recommended that the college improve monitoring, approval controls, and cybersecurity training procedures; the college said it was taking steps to address the issues.

“Based on its response, BCC is taking measures to address our concerns on this matter.”
Why it's significant

The findings are significant because weak approvals and incomplete records increase the chance that public emergency funds could be misused or could not be verified later.

“A lack of authorized approvals of HEERF I and HEERF II institutional-portion disbursements increases the risk of improper use of this funding.”
Jargon, unpacked

HEERF means Higher Education Emergency Relief Fund, a federal COVID-19 education grant program; GEER means Governor’s Emergency Education Relief Fund, another emergency education funding stream.

“The HEERF consists of three separate grants related to the 2019 coronavirus pandemic emergency that were directly funded from US DOE under the CARES Act (HEERF I), CRRSAA (HEERF II), and ARP Act (HEERF III).”

What the Auditor checked

What the Auditor found

Berkshire Community College did not retain adequate documentation to support federal emergency support expenditures.
recordkeeping/documentationgrants managementinternal controls

Why it matters: BCC cannot assure that federal funding was used for intended purposes, and noncompliance may require repayment or affect future funding.

Standard: Section 200.334 of Title 2 of the Code of Federal Regulations requires federal award records and supporting documents to be retained. ( Section 200.334 of Title 2 of the Code of Federal Regulations )

1 recommendation
  • BCC should create and implement monitoring controls to ensure that all required supporting documentation for its federal expenditures is collected and retained.
Agency response & Auditor reply
Agency: "We are creating a streamlined monitoring system for transactions to ensure approval from inception to payment."
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."
BCC did not obtain required approval for all HEERF I and HEERF II institutional disbursements.
internal controlsgrants management

Why it matters: A lack of authorized approvals increases the risk that HEERF I and HEERF II funding could be improperly used.

Standard: BCC’s CARES/GEER/HEERF Funds Policy and Procedures required CFO or executive council approval for funding requests. ( Berkshire Community College CARES/GEER/HEERF Funds Policy and Procedures )

1 recommendation
  • BCC should create and implement monitoring controls to ensure that the required approval process for use of HEERF I and HEERF II funding is consistently followed.agency: agreed
Agency response & Auditor reply
Agency: "The College embraces the recommendations of the State Auditor."
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."
BCC did not ensure all employees with access to COVID-19 funding completed cybersecurity awareness training.
cybersecurityinternal controls

Why it matters: BCC is exposed to a higher risk of cyberattacks and financial and/or reputation losses.

Standard: Sections 6.2.3 and 6.2.4 of EOTSS’s Information Security Risk Management Standard IS.010 require new hire and annual cybersecurity awareness training. ( Section 6.2 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010 )

1 recommendation
  • BCC should develop and implement policies, procedures, and controls to ensure that its employees with access to COVID-19 funding complete an EOTSS-compliant cybersecurity awareness training program.agency: agreed
Agency response & Auditor reply
Auditor: "Based on its response, BCC is taking measures to address our concerns on this matter."

More audits of this entity

Other Office of the State Auditor reports on Berkshire Community College .

See this entity's page with all 3 audits →