Audit of the Department of State Police - Fusion Center Operations
January 18, 2019 · Department of State Police—Fusion Center Operations · Read the full official report on mass.gov ↗
source
“Specifically, CFC could not provide direct access to its information systems or share certain types of information regarding CFC activities that we needed in order to conduct audit testing.”
Read the plain-English breakdown
This is a performance audit of the Massachusetts State Police's Commonwealth Fusion Center for July 1, 2014 through December 31, 2017.
“In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of the Commonwealth Fusion Center (CFC) within the Department of State Police for the period July 1, 2014 through December 31, 2017.”
The audit was meant to check whether the Fusion Center collects, analyzes, and shares public safety and terrorism-related information with the right partners efficiently and effectively.
“This audit was undertaken to determine whether CFC gathers and analyzes information on law enforcement, public safety, and terrorism and disseminates it to its stakeholders1 efficiently and effectively.”
The Fusion Center is supposed to be the state's main place for threat-related information, including criminal activity, public safety threats, and terrorism.
“According to Executive Order 476, CFC is the principal state repository for threat-related information, including criminal activity, threats to public safety, and terrorist activity.”
For ordinary residents, this matters because the Fusion Center's work is tied to the safety of people in Massachusetts, but the audit could not fully verify how well that work was being done.
“Although we received survey responses from 29 stakeholders that received information from CFC during our audit period indicating that CFC was providing timely and useful information, we could not perform the additional testing we deemed necessary to adequately assess whether CFC gathered, analyzed, and disseminated information on law enforcement, public safety, and terrorism to its stakeholders efficiently and effectively.”
The auditor's answer to the main audit question was undetermined because access limits prevented enough testing.
“Undetermined; see Scope Limitations”
The report does not order a specific corrective action; it says the audit could not be completed as planned because no workable alternative was found.
“Unfortunately, alternative strategies that would allow OSA to conclude on our audit objective could not be developed.”
The significant point is that privacy, security, and intelligence-sharing limits blocked the auditor from independently judging whether the Fusion Center was effective.
“OSA agrees with CFC that both 6 USC 482 and 28 CFR 23.20(e) and 23.20(f) created irreconcilable obstacles that prohibited OSA from achieving certain of its stated audit goals.”
A fusion center is a hub where federal, state, local, tribal, and private-sector partners share and analyze information about possible threats.
“Fusion centers are focal points for the sharing of information between federal agencies and state and local governments.”
What the Auditor checked
- Unable to determine Does CFC gather and analyze information on law enforcement, public safety, and terrorism and disseminate it to its stakeholders efficiently and effectively?