Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of Cape Cod Community College

June 29, 2021 · Cape Cod Community College · Read the full official report (PDF) ↗ · official site ↗

Published June 29, 2021 Audit covers October 1, 2018 – June 30, 2020 Under Suzanne M. Bump · 2011–2023

In plain English
The State Auditor reviewed Cape Cod Community College’s cybersecurity controls, found reportable issues, but did not publicly release the details because they were sensitive.
source
“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
Read the plain-English breakdown
What is this?

This is an official Massachusetts State Auditor performance audit of Cape Cod Community College.

“I am pleased to provide this performance audit of Cape Cod Community College (CCCC).”
Why was it audited?

The audit looked at whether the college had a broad information security program and security practices to handle cybersecurity risks.

“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”
Why it matters

Cybersecurity controls matter because they help prevent, find, or reduce risks to the college’s information systems.

“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”
What's in it for me?

If you are a student, employee, taxpayer, or community member, this audit means the college’s cybersecurity practices were independently reviewed, but the details were withheld to avoid exposing sensitive information.

“However, the results of our audit contain sensitive information and cannot be released to the public, in accordance with exemption (n) of the Commonwealth’s public records law (Section 7[26] of Chapter 4 of the Massachusetts General Laws).”
The bottom line

The auditor found reportable problems, but the public version does not say what they were.

“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
What happens next

Cape Cod Community College received the full report and is responsible for acting on the auditor’s recommendations.

“In accordance with Section 9.66 of the Government Accountability Office’s Government Auditing Standards, we have given a separate, full report to CCCC, which will be responsible for acting on our recommendations.”
Why it's significant

The audit is significant because it found issues serious enough to be reportable under government audit standards, even though the details were not released publicly.

“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
Jargon, unpacked

“Information system controls” means the college’s rules and safeguards for protecting its computer systems and reducing cybersecurity risk.

“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”

What the Auditor checked

More audits of this entity

Other Office of the State Auditor reports on Cape Cod Community College .

See this entity's page with all 5 audits →