Department of Children and Families
March 26, 2014 · Read the full official report (PDF) ↗
source
“Summary of Findings”
Read the plain-English breakdown
This is a state performance audit of the Massachusetts Department of Children and Families covering July 1, 2010 through September 30, 2012.
“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, July 1, 2010 through September 30, 2012.”
Auditors reviewed whether DCF was doing required safety and administrative checks, including medical exams, background checks, protection of personal information, and use of sex offender registry information.
“The objectives of our audit were to determine (1) whether DCF was ensuring that all of the required medical screenings and examinations of children placed in its care were being conducted, (2) whether DCF was conducting the required Criminal Offender Record Information (CORI) checks on its employees, (3) whether DCF was ensuring that all of its service providers had the required background record checks (BRCs), (4) whether DCF was complying with applicable laws and regulations when granting waivers to individuals who have criminal records to allow them to participate in foster care, (5) whether DCF was properly safeguarding and disposing of documents such as client records that contain personally identifiable information (PII), and (6) whether DCF was using information available from the state’s Sex Offender Registry Board (SORB) to further ensure the safety of children placed in its custody.”
The issues matter because children in state custody may have had health problems, trauma, or injuries that were not found quickly enough.
“The effect of this is that DCF’s management cannot effectively ensure that children in DCF custody are not continuing to suffer from undetected health issues, trauma, and injury from abuse and neglect.”
For an ordinary resident, the report is about whether a state agency responsible for vulnerable children is doing basic safety checks and protecting sensitive records.
“According to its website, DCF “is charged with protecting children from abuse and neglect and strengthening families.””
The auditor said DCF had not proved that required medical checks and background checks were consistently done, and also found weaknesses in privacy safeguards and internal controls.
“DCF does not have adequate documentation to substantiate that it has conducted all required BRCs on individuals living in some of its foster homes.”
DCF said it was working on fixes, including better access to sex offender registry data and steps to address delayed child medical screenings and exams.
“These officials also stated that they are taking measures to address the issue of the untimely child medical screenings and examinations.”
The report points to risks in core child-safety systems, including cases where addresses of children receiving DCF care matched addresses of registered Level 2 or Level 3 sex offenders.
“Our analysis identified 25 instances in which the addresses of Level 2 and Level 3 sex offenders matched addresses of children receiving DCF care.”
CORI means criminal record checks, BRC means background record checks, PII means personally identifiable information, and SORB means the Sex Offender Registry Board.
“The objectives of our audit were to determine (1) whether DCF was ensuring that all of the required medical screenings and examinations of children placed in its care were being conducted, (2) whether DCF was conducting the required Criminal Offender Record Information (CORI) checks on its employees, (3) whether DCF was ensuring that all of its service providers had the required background record checks (BRCs), (4) whether DCF was complying with applicable laws and regulations when granting waivers to individuals who have criminal records to allow them to participate in foster care, (5) whether DCF was properly safeguarding and disposing of documents such as client records that contain personally identifiable information (PII), and (6) whether DCF was using information available from the state’s Sex Offender Registry Board (SORB) to further ensure the safety of children placed in its custody.”
What the Auditor checked
- Did not comply whether DCF was ensuring that all of the required medical screenings and examinations of children placed in its care were being conducted
- Complied whether DCF was conducting the required Criminal Offender Record Information (CORI) checks on its employees
- Did not comply whether DCF was ensuring that all of its service providers had the required background record checks (BRCs)
- Unable to determine whether DCF was complying with applicable laws and regulations when granting waivers to individuals who have criminal records to allow them to participate in foster care
- Did not comply whether DCF was properly safeguarding and disposing of documents such as client records that contain personally identifiable information (PII)
- Partially whether DCF was using information available from the state’s Sex Offender Registry Board (SORB) to further ensure the safety of children placed in its custody
What the Auditor found
Why it matters: DCF could not ensure that children in its custody were free from undetected health issues, trauma, or injury from abuse and neglect.
Standard: Chapter 119, Section 32 of the Massachusetts General Laws; DCF Policy 2010-001 ( Chapter 119, Section 32, of the Massachusetts General Laws; DCF Policy 2010-001 )
2 recommendations
- DCF should strengthen its current medical-examination policy to include control activities ensuring and verifying that foster parents and custodians obtain required screenings and examinations within required timeframes, and should retrain caseworkers on documentation.
- DCF should consider data sharing with MassHealth as an additional compliance check.agency: already implemented
Agency response & Auditor reply
Agency: "While the Department acknowledges that system and data improvements are necessary, an analysis of MassHealth data demonstrates that the rate of compliance is much higher than suggested by the Office of the State Auditor (OSA)."
Auditor: "Based on its response, DCF is taking measures to address our concerns on these issues."
Why it matters: DCF could not substantiate that background checks were performed before children were placed in foster homes.
Standard: 110 CMR 7.113(1)(a), DCF Family Resource Policy #2006-01, and Massachusetts Statewide Records Retention Schedule 02-11, Section K, Part 4 ( 110 CMR 7.113(1)(a); DCF Family Resource Policy #2006-01 and Massachusetts Statewide Records Retention Schedule 02-11, Section K, Part 4; 110 CMR 18.11 )
2 recommendations
- DCF should ensure that background record checks are performed, documented, retained, and available when requested, and should retrain staff responsible for monitoring compliance.agency: disagreed
- DCF should consider producing a list of all individuals in foster homes who have been granted background record check waivers.agency: disagreed
Agency response & Auditor reply
Agency: "DCF disagrees with this finding, which is about paper retention, not about whether BRCs were performed."
Why it matters: Unauthorized access to personal information could result in identity theft or other criminal activity.
Standard: Executive Order 504, 803 CMR 2.11, DCF Policy 086-14 Appendix C, and EOHHS Confidentiality Procedures ( Executive Order 504; 803 CMR 2.11; DCF Policy 086-14, Appendix C )
1 recommendation
- DCF should establish and implement monitoring controls to ensure compliance with Executive Order 504 and its own policies, perform periodic site visits, and accurately report PII storage and security in its annual Internal Control Questionnaire.agency: agreed
Agency response & Auditor reply
Agency: "DCF accepts the Auditor’s Recommendation, has corrected the problem and has taken steps to ensure this does not recur."
Auditor: "Based on its response, DCF is taking measures to address our concerns in this area."
Why it matters: DCF could be hindered in fulfilling responsibilities, achieving objectives, and ensuring the effectiveness of its internal control system.
Standard: Chapter 647 of the Acts of 1989 and Office of the State Comptroller Internal Control Guide ( OSC Internal Control Guide; Enterprise Risk Management – Integrated Framework, or COSO II )
1 recommendation
- DCF should update its internal control plan to include a current department-wide risk assessment, cross-references to controls, all eight ERM components, and at least annual updates.agency: agreed
Agency response & Auditor reply
Agency: "DCF accepts the Auditor’s Recommendation."
Auditor: "Based on its response, DCF is taking measures to address our concerns in this area."
More audits of this entity
Other Office of the State Auditor reports on Department of Children and Families .
- Audit of the Department of Children and Families (November 7, 2024)State Agency / Office · November 7, 2024
- Department of Children and FamiliesState Agency / Office · May 8, 2012
- Department of Children and FamiliesState Agency / Office · May 12, 2011
-
Audit of Settlement Agreements and Confidentiality Clauses Across Multiple State Agencies - Department of Children and Families (January 28, 2025)State Agency / Office · January 28, 2025 - Audit of the Department of Children and FamiliesState Agency / Office · December 7, 2017