Department of Youth Services
August 12, 2015 · Read the full official report (PDF) ↗
source
“Below is a summary of our findings and recommendations, with links to each page listed.”
Read the plain-English breakdown
This is a Massachusetts State Auditor performance audit of the Department of Youth Services covering July 1, 2012 through June 30, 2014.
“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, July 1, 2012 through June 30, 2014.”
Auditors reviewed whether DYS properly provided education services to youths in its custody and whether its new JJEMS system fixed problems found in an earlier audit.
“The purpose of this audit was to determine whether DYS was properly administering educational services to youths in its custody in accordance with applicable state requirements and to determine whether the implementation of DYS’s new Juvenile Justice Enterprise Management System (JJEMS) had adequately addressed deficiencies in its legacy systems that were detailed in our prior audit report (No. 2008‐0512‐4T).”
DYS works with young people in the juvenile justice system and is responsible for services such as education, health care, behavioral health, and substance-abuse support.
“In addition to medical, behavioral‐health, and substance‐abuse services, DYS is responsible for providing youths under its supervision with year‐round educational services, which it does through approximately 35 programs that offer general, special, and limited vocational education.”
For residents, this audit is about whether a state agency spending public money is protecting sensitive youth information, keeping accurate records, and planning for emergencies.
“In fiscal years 2013 and 2014, DYS’s annual appropriations were approximately $155 million and $160 million, respectively.”
The auditor found real weaknesses: some former users still had system access, most sampled intake cases were missing required information, and DYS lacked or had not updated important oversight plans.
“DYS’s internal control plan (ICP) and risk assessment need improvement, and the Internal Control Questionnaire (ICQ) it submitted to the Office of the State Comptroller (OSC) was inaccurate.”
The report recommends that DYS tighten system access, improve intake data checks, create and test recovery planning, establish the required advisory committee, and update internal controls.
“DYS should update its ICP, beginning with the risk assessment, and ensure that it includes JJEMS.”
The most immediate risk is that missing or unavailable information could affect care decisions for youths and make it harder for staff to respond properly.
“Incomplete youth intake information could result in untimely or inappropriate treatment of a youth’s medical, psychological, or behavioral needs.”
JJEMS is the main computer system DYS uses to track youth cases and outcomes; an intake is the admission screening and assessment process when a youth enters a DYS residential program.
“JJEMS is the system DYS uses to track outcomes and manage cases.”
1 figure(s) pending source verification - not shown
What the Auditor checked
- Did not comply Did DYS implement its new Juvenile Justice Enterprise Management System (JJEMS), and is all required and pertinent youth information maintained and accessible in real time?
- Complied Did DYS collaborate with the Department of Elementary and Secondary Education (DESE) to align curriculum and (in accordance with Chapter 76, Section 1, of the General Laws) receive certification from local educational agencies (LEAs) regarding time and learning requirements?
- Complied Did all educators working in DYS school components hold a valid Massachusetts educator’s license or possess the necessary waiver of this regulatory requirement?
- Complied Did DYS determine the level of educational outcomes students were achieving?
What the Auditor found
Why it matters: Incomplete intake information could delay or impair treatment and leave clinicians, caseworkers, vendors, management, and other users without needed information.
Standard: DYS Policy 02.01.01(c), Intake Procedures. ( DYS Policy 02.01.01(c), Intake Procedures )
2 recommendations
- DYS should continue running daily quality assurance reports to identify omissions and ensure all mandatory JJEMS intake fields are completed.agency: agreed
- DYS should develop and update policies, procedures, and internal controls to ensure JJEMS users properly complete youth intake files.agency: agreed
Agency response & Auditor reply
Agency: "DYS acknowledges that data integrity is an area that needs greater focus by staff at all levels."
Auditor: "Based on its response, DYS is taking measures to address our concerns on this matter."
Why it matters: DYS could experience delays restoring mission-critical functions after an interruption, including youth intake, access to medical and clinical information, and recovery of backups.
Standard: Executive Order 490 and EOHHS 2014 information security plan business-continuity planning expectations. ( EOHHS 2014 information security plan )
2 recommendations
- DYS, with EOHHS, should assess its dependence on information systems, develop a recovery plan for critical systems, test it, and incorporate the results.
- DYS should identify an emergency relocation site for inaccessible offices.agency: already implemented
Agency response & Auditor reply
Agency: "In the event of an emergency, the COG provides that the DYS Main office will relocate to its Central Region Office at 288 Lyman Street, Westborough, MA."
Auditor: "However, because we did not perform a review and test of these plans, we cannot attest to whether the plans are operating as prescribed by management and fulfilled all regulatory obligations."
Why it matters: DYS was not benefiting from the required committee’s expertise in policy, program development, and governance.
Standard: Chapter 18A, Section 9, of the General Laws. ( Chapter 18A, Section 9, of the General Laws )
1 recommendation
- DYS, with the secretary of EOHHS, should work with the Governor to establish an advisory committee.agency: disagreed
Agency response & Auditor reply
Agency: "DYS is in constant collaboration with the agencies who would otherwise serve on such a commission."
Auditor: "It is DYS’s responsibility to comply with its enabling legislation."
Why it matters: DYS was at risk of not achieving its objectives, and OSC could not effectively assess the adequacy of the agency’s internal control system.
Standard: OSC Internal Control Guide, DYS Policy 01.01.01(b), and OSC annual Internal Control Questionnaire requirements. ( OSC Internal Control Guide; DYS Policy 01.01.01(b), Policy Administration; OSC Fiscal Year Update Internal Control Questionnaire )
3 recommendations
- DYS should update its ICP, beginning with the risk assessment, and include JJEMS.agency: already implemented
- DYS should evaluate policies and procedures and make necessary changes at least annually or when conditions warrant.agency: already implemented
- DYS should ensure annual ICQs submitted to OSC are accurate.agency: already implemented
Agency response & Auditor reply
Agency: "In the past two months, the Chief Financial Officer (“CFO”) has comprehensively reviewed and updated the ICP, including updates related to JJEMS."
Auditor: "Based on its response, DYS is taking measures to address our concerns on this matter."
Prior findings revisited
"Our current audit indicated that DYS has not implemented our prior audit recommendation to develop a BCP."
More audits of this entity
Other Office of the State Auditor reports on Department of Youth Services , including the prior audits referenced above.
- Audit of the Department of Youth ServicesState Agency / Office · March 14, 2022
-
Audit of Settlement Agreements and Confidentiality Clauses Across Multiple State Agencies - Department of Youth Services (January 28, 2025)State Agency / Office · January 28, 2025 - Audit of the Department of Youth Services (April 24, 2026)State Agency / Office · April 24, 2026