Audit of the Massachusetts Convention Center Authority (August 19, 2024)
August 19, 2024 · Massachusetts Convention Center Authority · Read the full official report on mass.gov ↗
source
“Below is a summary of our findings, the effects of our findings, and our recommendations, with links to each page listed.”
Read the plain-English breakdown
This is a state performance audit of the Massachusetts Convention Center Authority, which runs major public venues such as the Boston Convention & Exhibition Center, the Hynes Convention Center, the MassMutual Center, and the Lawn on D.
“The Massachusetts Convention Center Authority (MCCA) is an independent public authority of the Commonwealth that owns and operates several public facilities primarily for conventions, trade shows, and industry meetings.”
The auditor reviewed whether MCCA followed rules and good practices for purchasing, supplier diversity, event safety planning, employee complaints, and employee settlement agreements.
“The purpose of our audit was to determine the following:”
The issues matter because weak controls can waste public money, reduce fairness in contracting, weaken employee protections, and make it harder for the public to know whether decisions were lawful and appropriate.
“This also risks wasting public resources, elevates risk for potential bid splitting, increases the possibility of ethical violations, etc.”
For an ordinary Massachusetts resident, this audit is about whether a public authority that uses public resources is spending money fairly, keeping proper records, protecting workers, and following oversight rules.
“Not only does this cause potential harm to contractors, it also places taxpayer funds at risk.”
The auditor found that MCCA did not fully follow its own policies or expected controls in several areas, especially procurement, board approval, security survey records, employee complaint tracking, and settlement oversight.
“MCCA did not have a documented process for reviewing, entering into, and finalizing its non-union employee settlement agreements during the extended audit period (January 1, 2018 through December 31, 2022).”
The report recommends that MCCA create clearer policies, keep better documentation, involve its board more, track supplier diversity spending and employee complaints, and improve cybersecurity and access controls.
“MCCA should develop, document, and implement policies and procedures to effectively monitor, and communicate to its board of directors, the extent to which it achieves its annual benchmarks for diverse supplier spending.”
The audit is significant because some matters were serious enough that the auditor referred them to outside agencies for review and possible enforcement.
“We have referred these instances to external agencies for their investigation and potential enforcement:”
“Procurement” means how MCCA buys goods and services. “Supplier diversity” means spending with certified minority-owned, women-owned, and veteran-owned businesses. “Settlement agreements” are deals resolving employee disputes, sometimes with secrecy or non-disparagement terms.
“Through consultation with the Operational Services Division, SDO sets annual benchmark percentages for spending with minority-owned, woman-owned, and veteran-owned businesses.”
10 figure(s) pending source verification - not shown
What the Auditor checked
- Did not comply When procuring goods and services, did MCCA adhere to its “Procurement, Purchasing and Payment Policy and Guidelines” and Section 12 of Chapter 30B of the General Laws for purchases of $10,000 or more?
- Partially Did MCCA develop event safety plans for ballroom events at the Boston Convention & Exhibition Center (BCEC) and the Hynes Convention Center, in accordance with (a) MCCA policies and (b) Section 20.1.5.6.1 of the Massachusetts Comprehensive Fire Safety Code?
- Did not comply Did MCCA develop event safety plans for non-ballroom events at the BCEC, the Hynes Convention Center, and the Lawn on D, in accordance with MCCA policies?
- Complied Did MCCA address non-union employee complaints dating back to January 1, 2018 in accordance with its “Non-Discrimination/Non-Harassment Policy”?
- Did not comply Did MCCA follow a process in compliance with Section 35 of Chapter 190 of the Acts of 1982 and Section 4.15 of the MCCA Bylaws when determining whether to enter into, and when reviewing and finalizing, non-union employee settlement agreements, dating back to January 1, 2018?
What the Auditor found
Why it matters: MCCA’s ability to evaluate and improve the effectiveness of its efforts to promote diversity in its procurement process was limited.
Standard: Supplier Diversity Office Diverse and Small Business Program policies for goods and services procurements. ( SDO’s “The Commonwealth of Massachusetts Diverse and Small Business Program Policies for Goods and Services Procurements” )
4 recommendations
- MCCA should develop, document, and implement policies and procedures to effectively monitor, and communicate to its board of directors, the extent to which it achieves its annual benchmarks for diverse supplier spending.
- MCCA should use established policies to track diversity spending throughout the year.
- MCCA should involve its chief diversity officer in the procurement process to help support an inclusive and equitable business environment.
- MCCA should collaborate with SDO to ensure increased accountability.
Agency response & Auditor reply
Agency: "The MCCA consistently meets or exceeds its Supplier Diversity Office (SDO) benchmarks for spending on diverse suppliers, and is proud of its record in this regard."
Auditor: "As noted above, MCCA did not meet the SDO’s discretionary spending benchmarks for minority-owned, women-owed, and veteran-owned businesses during the audit period of January 1, 2021 through December 31, 2022."
Why it matters: MCCA could not be sure that it awarded contracts to the most appropriate vendors at the lowest available cost, increasing risks of wasted public resources, bid splitting, and ethical violations.
Standard: MCCA’s “Procurement, Purchasing and Payment Policy and Guidelines” for purchases between $10,000 and $50,000. ( MCCA’s “Procurement, Purchasing and Payment Policy and Guidelines” )
3 recommendations
- MCCA should retain evidence of all quotes received for purchases between $10,000 and $50,000.
- MCCA should implement sufficient monitoring controls to ensure that original quotes from vendors are obtained and retained.
- MCCA should modify its “Procurement, Purchasing and Payment Policy and Guidelines” to require compliance in full with Chapter 30B of the Massachusetts General Laws.
Agency response & Auditor reply
Agency: "The MCCA acknowledges that it did not retain several of the “original quotes” for some purchases between 2018 and 2022."
Auditor: "Given its response and the new business system referenced above, we believe MCCA is taking sufficient steps to resolve this issue."
Why it matters: There was an increased risk that MCCA did not award the contract to the most appropriate vendor offering the lowest price, risking wasted public resources and unfair procurement behavior.
Standard: MCCA “Procurement, Purchasing and Payment Policy and Guidelines” for purchases of $50,000 or more. ( MCCA “Procurement, Purchasing and Payment Policy and Guidelines” )
2 recommendations
- MCCA should always follow its purchasing process by advertising and documenting procurements of $50,000 or more.agency: agreed
- MCCA should follow its existing policy and ensure that its procurement department is involved during the process for every procurement of $50,000 or more.agency: agreed
Agency response & Auditor reply
Agency: "The MCCA agrees with the [Office of the State Auditor’s] finding."
Auditor: "Given its response and the new business system referenced in MCCA’s response to Finding 2 of this report, we believe that MCCA is taking steps to resolve this issue."
Why it matters: MCCA could not regularly ensure that it received services from the most appropriate vendors at the lowest available price, may have missed diverse vendor opportunities, and may have created unenforceable contract risk.
Standard: Section 12(b) of Chapter 30B of the General Laws; Section 35 of Chapter 190 of the Acts of 1982; MCCA Bylaws. ( Section 12(b) of Chapter 30B of the General Laws; Section 35 of Chapter 190 of the Acts of 1982 )
2 recommendations
- MCCA should request and secure approval from its board of directors for vendor contract extensions to ensure compliance with Section 35 of Chapter 190 of the Acts of 1982, as well as MCCA Bylaws.
- MCCA should always follow Chapter 30B of the General Laws relative to the number of extensions and maximum term length for contracts, regardless of the contract’s dollar value instead of only “generally” following Chapter 30B.
Agency response & Auditor reply
Agency: "The MCCA believes that the contract extensions from 2018 to 2021 aligned with existing MCCA procurement policies."
Auditor: "The development and implementation of stricter procurement policies may address the underlying issues cited in our audit."
Why it matters: MCCA risked not addressing client needs consistently, fairly, and equitably.
Standard: Section 2.0 of MCCA’s “[Public Safety Department] Standard Operating Procedures Event Security Assessment Program.” ( Section 2.0 of MCCA’s “[Public Safety Department] Standard Operating Procedures Event Security Assessment Program” )
2 recommendations
- MCCA should ensure it sends pre-event security surveys to clients and retains this documentation.
- MCCA should retain all pre-event security surveys completed by its clients in a central, accessible location.
Agency response & Auditor reply
Agency: "The MCCA asks our clients to provide a “pre-event” survey so that they can highlight aspects of their event our public safety team should be aware of before creating the security and safety plan."
Auditor: "Our audit found that MCCA could not produce records indicating that it sent and retained responses to pre-event security surveys to 85% of ballroom events and 95% of non-ballroom events in our sample."
Why it matters: MCCA may not identify trends in employee complaints or ensure that all employee complaints are addressed and handled in a consistent, timely, and appropriate manner.
Standard: US Government Accountability Office’s Standards for Internal Control in the Federal Government, known as the Green Book. ( US Government Accountability Office’s Standards for Internal Control in the Federal Government )
2 recommendations
- MCCA should develop, document, and implement internal controls over the process of handling employee complaints that would include the tracking and documentation of complaints.agency: agreed
- MCCA should create and retain a centralized list of complaints to ensure that all complaints are addressed in a consistent, timely, and appropriate manner.agency: agreed
Agency response & Auditor reply
Agency: "The MCCA agrees that it did not adequately track employee complaints during the audit period."
Auditor: "Based on its response, MCCA has taken measures to address our concerns in this area."
Why it matters: MCCA could not ensure that employee settlements were handled in an ethical, legal, or appropriate manner, and public dollars could be abused to cover up misconduct.
Standard: Section 5.09 of Title 815 of the Code of Massachusetts Regulations, cited as a best practice. ( Section 5.09 of Title 815 of the Code of Massachusetts Regulations )
2 recommendations
- MCCA should develop, document, and implement a policy related to employee settlement agreements.
- To help increase transparency and accountability, MCCA should track and document all complaints that result in payments and the use of non-disclosure, non-disparagement, or similarly restrictive clauses in employee settlement agreements.
Agency response & Auditor reply
Agency: "The MCCA is currently developing a new policy for non-union employee settlements, which will implement appropriate legal and non-legal review and approval processes for such settlements."
Auditor: "Based on its response, MCCA is taking measures to address our concerns in this area."
Why it matters: MCCA could not ensure that employee settlements were handled transparently, legally, or appropriately, and public dollars could be abused to cover up misconduct.
Standard: Section 35 of Chapter 190 of the Acts of 1982 and Section 4.15 of the Massachusetts Convention Center Authority Bylaws. ( Section 35 of Chapter 190 of the Acts of 1982; Section 4.15 of the Massachusetts Convention Center Authority Bylaws )
2 recommendations
- MCCA should develop, document, and implement a policy related to employee settlement agreements.agency: agreed
- MCCA should seek and obtain approval from its board of directors before executing employee settlement agreements and any agreement that includes non-disclosure, non-disparagement, or similarly restrictive clauses.agency: agreed
Agency response & Auditor reply
Agency: "The MCCA agrees with the [Office of the State Auditor’s] finding."
Auditor: "Based on its response, MCCA is taking measures to address our concerns in this area."
Why it matters: MCCA had elevated risk of unauthorized access, cyberattacks, and financial or reputational losses.
Standard: MCCA’s “Information Security Policy” and Executive Office of Technology Services and Security’s Access Management Standard IS.003. ( Section AT-2 of MCCA’s “Information Security Policy”; Section 6.1.10.2 of the Executive Office of Technology Services and Security’s Access Management Standard IS.003 )
2 recommendations
- MCCA should maintain certificates of completion of cybersecurity awareness training for all of its employees in their respective personnel files and/or on a centralized list.
- MCCA should conduct and document user access reviews at least twice per year.
Agency response & Auditor reply
Agency: "While the MCCA has a comprehensive cybersecurity training program that includes annual cybersecurity training, quarterly phishing training, and annual vendor cybersecurity training, it acknowledges that some official attendance records for participants in the annual training were missing."
Auditor: "Based on its response, MCCA is taking measures to address our concerns."
Verified dollar findings
Identified dollar findings that do not fall in a named band.
More audits of this entity
Other Office of the State Auditor reports on Massachusetts Convention Center Authority .
- Massachusetts Convention Center AuthorityAuthority / Commission · MARCH 31, 1999
- Massachusetts Convention Center AuthorityAuthority / Commission · January 20, 2012
- Audit of the Massachusetts Convention Center Authority (MCCA)Authority / Commission · February 16, 2021