Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of the Department of State Police - Fusion Center Operations

January 18, 2019 · Department of State Police—Fusion Center Operations · Read the full official report on mass.gov ↗

Published January 18, 2019 Audit covers July 1, 2014 – December 31, 2017 Under Suzanne M. Bump · 2011–2023

In plain English
The auditor tried to review whether the Commonwealth Fusion Center handles threat, public safety, law enforcement, and terrorism information well, but the audit could not reach a conclusion because key records and system access were not provided.
source
“Specifically, CFC could not provide direct access to its information systems or share certain types of information regarding CFC activities that we needed in order to conduct audit testing.”
Read the plain-English breakdown
What is this?

This is a performance audit of the Massachusetts State Police's Commonwealth Fusion Center for July 1, 2014 through December 31, 2017.

“In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of the Commonwealth Fusion Center (CFC) within the Department of State Police for the period July 1, 2014 through December 31, 2017.”
Why was it audited?

The audit was meant to check whether the Fusion Center collects, analyzes, and shares public safety and terrorism-related information with the right partners efficiently and effectively.

“This audit was undertaken to determine whether CFC gathers and analyzes information on law enforcement, public safety, and terrorism and disseminates it to its stakeholders1 efficiently and effectively.”
Why it matters

The Fusion Center is supposed to be the state's main place for threat-related information, including criminal activity, public safety threats, and terrorism.

“According to Executive Order 476, CFC is the principal state repository for threat-related information, including criminal activity, threats to public safety, and terrorist activity.”
What's in it for me?

For ordinary residents, this matters because the Fusion Center's work is tied to the safety of people in Massachusetts, but the audit could not fully verify how well that work was being done.

“Although we received survey responses from 29 stakeholders that received information from CFC during our audit period indicating that CFC was providing timely and useful information, we could not perform the additional testing we deemed necessary to adequately assess whether CFC gathered, analyzed, and disseminated information on law enforcement, public safety, and terrorism to its stakeholders efficiently and effectively.”
The bottom line

The auditor's answer to the main audit question was undetermined because access limits prevented enough testing.

“Undetermined; see Scope Limitations”
What happens next

The report does not order a specific corrective action; it says the audit could not be completed as planned because no workable alternative was found.

“Unfortunately, alternative strategies that would allow OSA to conclude on our audit objective could not be developed.”
Why it's significant

The significant point is that privacy, security, and intelligence-sharing limits blocked the auditor from independently judging whether the Fusion Center was effective.

“OSA agrees with CFC that both 6 USC 482 and 28 CFR 23.20(e) and 23.20(f) created irreconcilable obstacles that prohibited OSA from achieving certain of its stated audit goals.”
Jargon, unpacked

A fusion center is a hub where federal, state, local, tribal, and private-sector partners share and analyze information about possible threats.

“Fusion centers are focal points for the sharing of information between federal agencies and state and local governments.”

What the Auditor checked