Community Economic Development Assistance Corporation
December 2, 2014 · Read the full official report (PDF) ↗
source
“Based on our audit, we have concluded that, except as discussed in the Detailed Audit Results and Findings section of this report, during the audit period, CEDAC was issuing loans in accordance with established guidelines, effectively monitoring its loan portfolio for desired outcomes, and adequately safeguarding state funds; its rate of loan defaults was reasonable; and its return on investment for loans was adequate to support CEDAC’s continued operations and accomplishment of its mission.”
Read the plain-English breakdown
Auditors reviewed whether CEDAC had proper controls over its loan process, including whether loans followed rules, were monitored, protected state funds, and supported the agency’s mission.
“The objective of our audit was to review certain aspects of CEDAC’s administration of its lending process to determine whether it had established adequate controls over this process to ensure that (1) loans were being provided in accordance with established guidelines, (2) its loan portfolio was being effectively monitored for performance and desired outcomes, (3) state funds were being properly safeguarded, and (4) the rate of loan defaults and the return on investment for loans were adequate to support CEDAC’s continued operations and accomplishment of its mission.”
CEDAC handles public-facing economic development work and affordable housing lending, so the public needs transparency about whether it is meeting goals and managing risks.
“Because CEDAC did not file this annual plan, it did not provide the Commonwealth or the public with the transparency necessary to determine how effectively it was meeting its organizational goals and objectives.”
For residents, this matters because CEDAC helps finance affordable housing development and housing for people with special needs or disabilities.
“HIF loans support affordable housing projects such as limited equity cooperatives,2 single-room-occupancy housing, and housing for special-needs residents.”
The lending program largely checked out, but CEDAC needed to improve compliance and internal planning by filing annual plans and documenting risk controls.
“However, we found that CEDAC did not file an annual plan with OPMO as required by law.”
CEDAC agreed to start filing its annual plan and later filed its fiscal year 2015 plan with OPMO.
“CEDAC officially filed its fiscal year 2015 annual plan with OPMO on June 9, 2014.”
The report is significant because it says the core loan work appeared sound, but CEDAC’s oversight paperwork had gaps that could weaken accountability if not fixed.
“Its lack of a department-wide risk assessment, with cross-references of risks to controls established to mitigate them, may hinder or prevent it from fulfilling its responsibilities, achieving its goals and objectives, and ensuring the integrity and effectiveness of its internal control system.”
A risk assessment means identifying what could go wrong and matching those risks to controls that reduce them.
“A risk assessment is an integral part of an entity’s internal control process because it identifies and analyzes risks and assists management in prioritizing the activities where controls are most needed to mitigate risk.”
What the Auditor checked
- Partially Did CEDAC establish adequate controls over its lending process to ensure that loans were provided in accordance with established guidelines, its loan portfolio was effectively monitored, state funds were safeguarded, and loan defaults and return on investment supported continued operations and mission accomplishment?
What the Auditor found
Why it matters: The Commonwealth and the public lacked transparency needed to determine how effectively CEDAC was meeting its goals and objectives.
Standard: Chapter 6A, Section 16G, of the Massachusetts General Laws ( Chapter 6A, Section 16G, of the General Laws )
1 recommendation
- CEDAC should ensure that it continues to file its annual plan in accordance with Chapter 6A, Section 16G, of the General Laws.agency: already implemented
Agency response & Auditor reply
Agency: "CEDAC has no objection to this finding, and wants to clarify the very short history of this new law."
Why it matters: Without a department-wide risk assessment tied to controls, CEDAC may be hindered from fulfilling responsibilities, achieving goals, and ensuring effective internal controls.
Standard: COSO Internal Control—Integrated Framework and the Office of the State Comptroller’s Internal Control Guide ( Internal Control—Integrated Framework; Office of the State Comptroller Internal Control Guide )
1 recommendation
- CEDAC should perform an agency-wide risk assessment and cross-reference identified risks to documented internal controls used to mitigate them.agency: agreed
Agency response & Auditor reply
Agency: "To that end, we will prepare an enterprise risk assessment document that summarizes the risk assessment performed, which led to the creation of our internal control manual and our lending policies and procedures manual."