Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Department of Public Utilities Transportation Oversight Division

February 15, 2013 · Read the full official report (PDF) ↗

Published February 15, 2013 Audit covers July 1, 2010 – December 31, 2011 Under Suzanne M. Bump · 2011–2023

Read the plain-English breakdown
What is this?

This is a State Auditor performance audit of certain activities at the Department of Public Utilities' Transportation Oversight Division for July 1, 2010 through December 31, 2011.

“In accordance with Chapter 11, Section 12, of the Massachusetts General Laws, the Office of the State Auditor conducted an audit of certain activities of the Department of Public Utilities’ (DPU’s) Transportation Oversight Division (TOD) for the period July 1, 2010 through December 31, 2011.”
Why was it audited?

Auditors looked at whether the division had proper controls, followed rules, and handled licensing, certification, regulation, and fees correctly.

“The objectives of our audit were to (1) assess the adequacy of the internal controls DPU established over various TOD-related activities, including the licensing, certification, and regulation of school bus drivers, motor bus drivers (including Massachusetts Bay Transportation Authority [MBTA] bus drivers), and common carriers used to transport passengers and property; (2) determine whether TOD is efficiently and effectively administering its duties and responsibilities related to the licensing, certification, and regulation of school bus drivers, motor bus drivers (including MBTA bus drivers), and common carriers and is complying with applicable laws, rules, regulations, and memoranda of understanding; and (3) review and analyze systems in place for issuing School Bus Driver Certificates and Motor Bus Driver Certificates and for collecting, depositing, safeguarding, and accounting for all fees for services.”
Why it matters

The division oversees safety-related transportation work, including school bus drivers, motor buses, MBTA buses, carriers, towing rules, and rail crossings.

“These functions are performed to fulfill TOD’s primary directive: to protect public safety by regulating the activities of the transportation industry.”
What's in it for me?

For residents, this matters because the agency helps oversee things people may use or encounter, such as school buses, motor coaches, MBTA buses, towing, moving companies, and rail crossings.

“Most significantly, TOD:2”
The bottom line

The main problem was not with the tested transportation operations, but with DPU's internal control plan, which had not been kept current and did not cover the whole agency as required.

“Our audit found that improvements were needed in the Department of Public Utilities’ (DPU’s) Internal Control Plan (ICP).”
What happens next

The auditor recommended that DPU update its internal control plan, include a department-wide risk assessment, cover all required risk-management components, distribute it properly, update it at least yearly, and report it accurately to the Comptroller.

“DPU should comply with Chapter 647 and the OSC’s Internal Control Guide and take the steps necessary to ensure that its ICP:”
Why it's significant

The finding is significant because weak or outdated controls can make it harder for DPU to meet its mission, protect assets, follow laws, and respond to major changes.

“Improvements to the ICP are necessary to provide better assurance that DPU will successfully achieve its fundamental mission, goals, and objectives through the guidance of comprehensive internal controls.”
Jargon, unpacked

An internal control plan is basically an agency's written plan for reducing risks and making sure its policies and procedures help it meet its goals.

“An internal control plan is a description of how a department expects to meet its various goals and objectives by using policies and procedures to minimize risk.”

What the Auditor found

DPU's internal control plan was outdated, incomplete, and incorrectly certified as current.
internal controlsrecordkeeping/documentation

Why it matters: Without an adequate department-wide risk assessment and current internal control plan, DPU may be hindered from fulfilling responsibilities, achieving goals, and ensuring effective internal controls.

Standard: Chapter 647 of the Acts of 1989 and the Office of the State Comptroller's Internal Control Guide. ( Chapter 647 of the Acts of 1989; Office of the State Comptroller's Internal Control Guide, dated September 13, 2007 )

1 recommendation
  • DPU should comply with Chapter 647 and the OSC's Internal Control Guide and ensure its ICP includes a department-wide risk assessment, high-level department-wide summary of risks and controls, supporting policies and procedures, all eight ERM components, department-wide goals and objectives, distribution information, annual updates, and accurate ICQ representation.
Agency response & Auditor reply
Agency: "Our new CFO has been working with all of the DPU’s division directors and senior level management to update our ICP by identifying department-wide goals and objectives, identifying risk assessment and controls to mitigate such risk, and to include in the plan the eight components of enterprise risk management."