Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Department of Children and Families

March 26, 2014 · Read the full official report (PDF) ↗

Published March 26, 2014 Audit covers July 1, 2010 – September 30, 2012 Under Suzanne M. Bump · 2011–2023

In plain English
The audit found serious gaps in DCF oversight, including late or undocumented medical checks for children, weak documentation of background checks, poor protection of personal information, and an outdated internal control plan.
source
“Summary of Findings”
Read the plain-English breakdown
What is this?

This is a state performance audit of the Massachusetts Department of Children and Families covering July 1, 2010 through September 30, 2012.

“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, July 1, 2010 through September 30, 2012.”
Why was it audited?

Auditors reviewed whether DCF was doing required safety and administrative checks, including medical exams, background checks, protection of personal information, and use of sex offender registry information.

“The objectives of our audit were to determine (1) whether DCF was ensuring that all of the required medical screenings and examinations of children placed in its care were being conducted, (2) whether DCF was conducting the required Criminal Offender Record Information (CORI) checks on its employees, (3) whether DCF was ensuring that all of its service providers had the required background record checks (BRCs), (4) whether DCF was complying with applicable laws and regulations when granting waivers to individuals who have criminal records to allow them to participate in foster care, (5) whether DCF was properly safeguarding and disposing of documents such as client records that contain personally identifiable information (PII), and (6) whether DCF was using information available from the state’s Sex Offender Registry Board (SORB) to further ensure the safety of children placed in its custody.”
Why it matters

The issues matter because children in state custody may have had health problems, trauma, or injuries that were not found quickly enough.

“The effect of this is that DCF’s management cannot effectively ensure that children in DCF custody are not continuing to suffer from undetected health issues, trauma, and injury from abuse and neglect.”
What's in it for me?

For an ordinary resident, the report is about whether a state agency responsible for vulnerable children is doing basic safety checks and protecting sensitive records.

“According to its website, DCF “is charged with protecting children from abuse and neglect and strengthening families.””
The bottom line

The auditor said DCF had not proved that required medical checks and background checks were consistently done, and also found weaknesses in privacy safeguards and internal controls.

“DCF does not have adequate documentation to substantiate that it has conducted all required BRCs on individuals living in some of its foster homes.”
What happens next

DCF said it was working on fixes, including better access to sex offender registry data and steps to address delayed child medical screenings and exams.

“These officials also stated that they are taking measures to address the issue of the untimely child medical screenings and examinations.”
Why it's significant

The report points to risks in core child-safety systems, including cases where addresses of children receiving DCF care matched addresses of registered Level 2 or Level 3 sex offenders.

“Our analysis identified 25 instances in which the addresses of Level 2 and Level 3 sex offenders matched addresses of children receiving DCF care.”
Jargon, unpacked

CORI means criminal record checks, BRC means background record checks, PII means personally identifiable information, and SORB means the Sex Offender Registry Board.

“The objectives of our audit were to determine (1) whether DCF was ensuring that all of the required medical screenings and examinations of children placed in its care were being conducted, (2) whether DCF was conducting the required Criminal Offender Record Information (CORI) checks on its employees, (3) whether DCF was ensuring that all of its service providers had the required background record checks (BRCs), (4) whether DCF was complying with applicable laws and regulations when granting waivers to individuals who have criminal records to allow them to participate in foster care, (5) whether DCF was properly safeguarding and disposing of documents such as client records that contain personally identifiable information (PII), and (6) whether DCF was using information available from the state’s Sex Offender Registry Board (SORB) to further ensure the safety of children placed in its custody.”

What the Auditor checked

What the Auditor found

Children entering DCF custody did not receive required medical screenings and examinations on time.
recordkeeping/documentationinternal controlspublic safety

Why it matters: DCF could not ensure that children in its custody were free from undetected health issues, trauma, or injury from abuse and neglect.

Standard: Chapter 119, Section 32 of the Massachusetts General Laws; DCF Policy 2010-001 ( Chapter 119, Section 32, of the Massachusetts General Laws; DCF Policy 2010-001 )

2 recommendations
  • DCF should strengthen its current medical-examination policy to include control activities ensuring and verifying that foster parents and custodians obtain required screenings and examinations within required timeframes, and should retrain caseworkers on documentation.
  • DCF should consider data sharing with MassHealth as an additional compliance check.agency: already implemented
Agency response & Auditor reply
Agency: "While the Department acknowledges that system and data improvements are necessary, an analysis of MassHealth data demonstrates that the rate of compliance is much higher than suggested by the Office of the State Auditor (OSA)."
Auditor: "Based on its response, DCF is taking measures to address our concerns on these issues."
DCF lacked documentation proving that all required background record checks were performed.
recordkeeping/documentationinternal controlspublic safety

Why it matters: DCF could not substantiate that background checks were performed before children were placed in foster homes.

Standard: 110 CMR 7.113(1)(a), DCF Family Resource Policy #2006-01, and Massachusetts Statewide Records Retention Schedule 02-11, Section K, Part 4 ( 110 CMR 7.113(1)(a); DCF Family Resource Policy #2006-01 and Massachusetts Statewide Records Retention Schedule 02-11, Section K, Part 4; 110 CMR 18.11 )

2 recommendations
  • DCF should ensure that background record checks are performed, documented, retained, and available when requested, and should retrain staff responsible for monitoring compliance.agency: disagreed
  • DCF should consider producing a list of all individuals in foster homes who have been granted background record check waivers.agency: disagreed
Agency response & Auditor reply
Agency: "DCF disagrees with this finding, which is about paper retention, not about whether BRCs were performed."
DCF did not adequately secure personally identifiable information.
data privacyrecordkeeping/documentationinternal controls

Why it matters: Unauthorized access to personal information could result in identity theft or other criminal activity.

Standard: Executive Order 504, 803 CMR 2.11, DCF Policy 086-14 Appendix C, and EOHHS Confidentiality Procedures ( Executive Order 504; 803 CMR 2.11; DCF Policy 086-14, Appendix C )

1 recommendation
  • DCF should establish and implement monitoring controls to ensure compliance with Executive Order 504 and its own policies, perform periodic site visits, and accurately report PII storage and security in its annual Internal Control Questionnaire.agency: agreed
Agency response & Auditor reply
Agency: "DCF accepts the Auditor’s Recommendation, has corrected the problem and has taken steps to ensure this does not recur."
Auditor: "Based on its response, DCF is taking measures to address our concerns in this area."
DCF’s internal control plan was incomplete and outdated.
internal controlsrecordkeeping/documentation

Why it matters: DCF could be hindered in fulfilling responsibilities, achieving objectives, and ensuring the effectiveness of its internal control system.

Standard: Chapter 647 of the Acts of 1989 and Office of the State Comptroller Internal Control Guide ( OSC Internal Control Guide; Enterprise Risk Management – Integrated Framework, or COSO II )

1 recommendation
  • DCF should update its internal control plan to include a current department-wide risk assessment, cross-references to controls, all eight ERM components, and at least annual updates.agency: agreed
Agency response & Auditor reply
Agency: "DCF accepts the Auditor’s Recommendation."
Auditor: "Based on its response, DCF is taking measures to address our concerns in this area."

More audits of this entity

Other Office of the State Auditor reports on Department of Children and Families .

See this entity's page with all 6 audits →