Audit of Springfield Technical Community College (STCC)
August 18, 2021 · Springfield Technical Community College · Read the full official report on mass.gov ↗ · official site ↗
source
“Our audit revealed no significant instances of noncompliance by STCC that must be reported under generally accepted government auditing standards.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of Springfield Technical Community College covering March 1, 2020 through September 30, 2020.
“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, March 1, 2020 through September 30, 2020.”
The auditor checked whether STCC handled federal and state COVID education relief money according to the rules.
“The purpose of our audit was to determine whether STCC administered the CARES Act funds it received according to the criteria established by US DOE and MDHE.”
This money was meant to help schools and students respond to COVID-19, so the public has an interest in whether it was used properly.
“The Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted by Congress on March 27, 2020, provided $30.75 billion for an Education Stabilization Fund (ESF) to prevent, prepare for, and respond to the impact of the 2019 coronavirus (COVID-19) pandemic.”
For students, some of the money could help with real-life costs such as tuition, food, housing, healthcare, childcare, course materials, and technology.
“The student portion was to provide funding for items related to students’ cost of attendance, such as tuition, course materials, technology, food, housing, healthcare, and childcare.”
The auditor answered yes to each main question about whether STCC received and used the reviewed CARES and GEER funds according to the applicable guidance.
“Below is a list of our audit objectives, indicating each question we intended our audit to answer and the conclusion we reached regarding each objective.”
STCC said it is moving toward mandatory information security training for employees.
“STCC is currently working towards providing mandatory information security training for all employees as recommended.”
Even though the spending review did not find major compliance problems, weak cybersecurity training could expose the college to cyberattacks and losses.
“Without educating all system users on their responsibility of helping protect the security of information assets by requiring training, STCC is exposed to a higher risk of cybersecurity attacks and financial and/or reputation losses.”
CARES, HEERF, and GEER are names for COVID-era education relief funding streams; in this audit, STCC received money directly from the federal education department and through the state higher education department.
“STCC received grant funds under two components of the CARES Act’s Education Stabilization Fund: direct funding from the United States Department of Education (US DOE), provided through the Higher Education Emergency Relief Fund and funding from the Massachusetts Department of Higher Education (MDHE), allocated through the Governor’s Emergency Education Relief Fund.”
What the Auditor checked
- Complied Did STCC receive and administer the student portion of funding under Section 18004(a)(1) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in accordance with Sections C, D, and E of the United States Department of Education’s (US DOE’s) Frequently Asked Questions (FAQ) Rollup Document?
- Complied Did STCC receive and administer the institutional portion of CARES 18004(a)(1) funding in accordance with Section F of the Frequently Asked Questions (FAQ) Rollup Document?
- Complied Did STCC receive and administer CARES 18004(a)(2) funding in accordance with the Frequently Asked Questions (FAQ) Rollup Document?
What the Auditor found
Why it matters: The college faces increased risk of cybersecurity attacks and financial or reputational losses.
Standard: Information Security Risk Management Standard IS.010, issued by the Enterprise Security Office within the Executive Office of Technology Services and Security ( Information Security Risk Management Standard IS.010 )
1 recommendation
- Require information security training for all new employees and annual refresher training for all personnel.agency: agreed
Agency response & Auditor reply
Agency: "STCC is currently working towards providing mandatory information security training for all employees as recommended."
More audits of this entity
Other Office of the State Auditor reports on Springfield Technical Community College .
-
Springfield Technical Community CollegeCollege / University · December 28, 2017