Audit of Cape Cod Community College
June 29, 2021 · Cape Cod Community College · Read the full official report (PDF) ↗ · official site ↗
source
“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
Read the plain-English breakdown
This is an official Massachusetts State Auditor performance audit of Cape Cod Community College.
“I am pleased to provide this performance audit of Cape Cod Community College (CCCC).”
The audit looked at whether the college had a broad information security program and security practices to handle cybersecurity risks.
“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”
Cybersecurity controls matter because they help prevent, find, or reduce risks to the college’s information systems.
“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”
If you are a student, employee, taxpayer, or community member, this audit means the college’s cybersecurity practices were independently reviewed, but the details were withheld to avoid exposing sensitive information.
“However, the results of our audit contain sensitive information and cannot be released to the public, in accordance with exemption (n) of the Commonwealth’s public records law (Section 7[26] of Chapter 4 of the Massachusetts General Laws).”
The auditor found reportable problems, but the public version does not say what they were.
“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
Cape Cod Community College received the full report and is responsible for acting on the auditor’s recommendations.
“In accordance with Section 9.66 of the Government Accountability Office’s Government Auditing Standards, we have given a separate, full report to CCCC, which will be responsible for acting on our recommendations.”
The audit is significant because it found issues serious enough to be reportable under government audit standards, even though the details were not released publicly.
“Our audit of CCCC identified issues considered reportable under generally accepted government audit standards.”
“Information system controls” means the college’s rules and safeguards for protecting its computer systems and reducing cybersecurity risk.
“The audit examined CCCC’s information system controls to determine whether an organization-wide information security program had been developed and implemented and whether security practices had been established to prevent, detect, and/or mitigate cybersecurity risks.”
What the Auditor checked
- Partially Determine whether Cape Cod Community College had developed and implemented an organization-wide information security program and established security practices to prevent, detect, and/or mitigate cybersecurity risks.
More audits of this entity
Other Office of the State Auditor reports on Cape Cod Community College .
- Cape Cod Community College - Student Financial Assistance ProgramsCollege / University · May 24, 2012
- Cape Cod Community CollegeCollege / University · May 12, 2011
- Cape Cod Community College Examination of Annual Internal Control QuestionnaireCollege / University · July 25, 2016
- Audit of Cape Cod Community College (July 1, 2025)College / University · July 1, 2025