Audit of the Massachusetts Growth Capital Corporation
June 26, 2019 · Massachusetts Growth Capital Corporation · Read the full official report on mass.gov ↗
source
“Some of the performance and outcome information that Massachusetts Growth Capital Corporation reported was inaccurate.”
Read the plain-English breakdown
This is a state performance audit of Massachusetts Growth Capital Corporation, a quasi-public agency that helps small businesses with financing and support.
“In this performance audit, we examined MGCC’s administration of its small business financing and diversity program.”
The audit checked whether MGCC followed its legal authority when running small-business loans and technical-assistance grants, and whether it reported its results accurately.
“Did MGCC administer its small business financing and diversity program in accordance with its enabling legislation, Chapter 40W of the General Laws?”
The public, policymakers, and businesses rely on MGCC’s reported numbers to judge whether its programs are working, so inaccurate figures can mislead people and hurt trust.
“Presenting inaccurate data may also harm the organization’s credibility, which could discourage some people from using its services.”
If you live in Massachusetts, this matters because MGCC uses public support to help small businesses, including in distressed communities, and the audit pushes for more reliable reporting and planning.
“To accomplish its mission, MGCC works with local banks and lending institutions, community development corporations, and other nonprofit organizations to finance projects that will produce jobs in economically distressed communities throughout the Commonwealth.”
MGCC was found to have complied with the law for its loan and grant programs, but not for accurately summarizing and reporting performance and outcome data.
“accurately summarize performance and outcome data and prepare accurate reports of the services it provided”
The auditor recommended written procedures, better monitoring, annual risk reviews, a business continuity plan, and disaster recovery testing; MGCC said it was taking steps to address these issues.
“MGCC should develop written policies and procedures as well as monitoring controls to ensure that its performance and outcome data are accurate.”
The audit did not say MGCC’s core mission was invalid; it said the agency needed better accuracy and stronger planning so its work can be measured and trusted.
“The integrity of performance and outcome data is critical to evaluating the success of MGCC’s lending programs.”
“Internal controls” means the policies, procedures, checks, and planning an organization uses to avoid mistakes, manage risks, and keep operations running during problems.
“MGCC should perform an annual entity-wide risk assessment and then develop and document controls (i.e., policies and procedures) to mitigate identified risks.”
2 figure(s) pending source verification - not shown
What the Auditor checked
- Complied Did MGCC administer its small business loan program in accordance with Chapter 40W of the General Laws?
- Complied Did MGCC administer its technical assistance grant program in accordance with Chapter 40W of the General Laws?
- Did not comply Did MGCC accurately summarize performance and outcome data and prepare accurate reports of the services it provided?
What the Auditor found
Why it matters: Users could not accurately assess MGCC's performance, and inaccurate data could harm MGCC's credibility and discourage use of its services.
Standard: Standards for Internal Control in the Federal Government, Principle 13, Use Quality Information ( Standards for Internal Control in the Federal Government, Principle 13, Use Quality Information )
1 recommendation
- MGCC should develop written policies and procedures as well as monitoring controls to ensure that its performance and outcome data are accurate.agency: agreed
Agency response & Auditor reply
Agency: "We agree that there were inadvertent inaccuracies that were primarily reported in MGCC marketing materials."
Auditor: "We believe that the steps initiated by MGCC management to address our concerns will enhance the accuracy of the information MGCC reports on its website and in its marketing brochures."
Why it matters: MGCC management could not adequately measure, prioritize, and manage mission risks, and critical operations could be disrupted if data or systems were lost.
Standard: MGCC's risk management plan required annual review and updates; the Executive Office of Technology Services and Security's Enterprise Information Security Policy required business continuity and disaster recovery practices. ( MGCC risk management plan; Executive Office of Technology Services and Security Enterprise Information Security Policy, January 10, 2017 )
2 recommendations
- MGCC should perform an annual entity-wide risk assessment and then develop and document controls (i.e., policies and procedures) to mitigate identified risks.agency: agreed
- MGCC should develop a business continuity plan and annually test its disaster recovery plan.agency: agreed
Agency response & Auditor reply
Agency: "We agree that the risk management plan needs to be reviewed annually and a disaster recovery plan needs to be established."
Auditor: "We believe the actions outlined by MGCC management to address our concerns regarding the risk management and disaster recovery plans will strengthen the agency’s internal controls."
More audits of this entity
Other Office of the State Auditor reports on Massachusetts Growth Capital Corporation .
- Massachusetts Growth Capital CorporationOther · February 6, 2015
- Audit of the Massachusetts Growth Capital Corporation (August 28, 2024)Other · August 28, 2024