Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Division of Standards Examination of Annual Internal Control Questionnaire

June 23, 2015 · Read the full official report (PDF) ↗

Published June 23, 2015 Audit covers July 1, 2013 – June 30, 2014 Under Suzanne M. Bump · 2011–2023

In plain English
The auditor found that the Division of Standards gave inaccurate or undocumented answers about its internal controls, risk review, asset inventory, and required sign-off.
source
“Some of the information that the Division of Standards (DOS) reported in its Internal Control Questionnaire (ICQ) to the Office of the State Comptroller (OSC) for fiscal year 2014 was inaccurate or not supported by documentation.”
Read the plain-English breakdown
What is this?

This is a limited state audit checking whether the Division of Standards accurately answered parts of its yearly internal control questionnaire for fiscal year 2014.

“The objective of our audit was to determine whether certain responses that DOS provided to OSC in its fiscal year 2014 ICQ were accurate.”
Why was it audited?

The State Auditor reviewed selected questionnaire answers because state agencies use them to report whether their financial and management controls are working.

“The overall objective of our audit was to determine whether DOS accurately reported certain information about its overall internal control system to OSC in its 2014 ICQ.”
Why it matters

Bad or unsupported answers make it harder for the state to know whether public money, equipment, and records are being managed properly.

“In addition, inaccurate information in the ICQ prevents OSC from effectively assessing the adequacy of DOS’s internal control system for the purposes of financial reporting.”
What's in it for me?

The Division of Standards affects everyday consumers because it checks things like gas pumps, price scanners, weighing devices, and certain licenses.

“DOS is responsible for enforcing standards for weighing and measuring devices used in the sale of items such as food and fuels.”
The bottom line

The main problem was not that the audit found stolen money or property, but that DOS could not show it had followed required control, risk, inventory, and certification practices.

“DOS’s 2014 ICQ had inaccurate responses on the subjects of its internal control plan (ICP), risk assessment, and capital asset inventory.”
What happens next

The auditor told DOS to fix the issues, follow Comptroller requirements, keep signed certification records, and ask the Comptroller for help if needed.

“DOS should take the measures necessary to address the issues we identified during our audit and should ensure that it adheres to all OSC’s requirements for developing an ICP and accurately reporting information about its ICP and capital-asset inventory.”
Why it's significant

The finding is significant because the agency’s control plan was incomplete, risk assessment was not documented, asset inventory was not properly handled, and the questionnaire was not properly certified.

“Specifically, although DOS indicated that it was in compliance with OSC guidelines in all of the areas we reviewed, its internal control plan (ICP) was not based on guidelines issued by OSC; it could not document that it had conducted an organization-wide risk assessment that included fraud; it had not updated its ICP within the past year; it had not performed an annual physical inventory of its capital assets; and it did not have procedures encompassing all phases of the inventory process.”
Jargon, unpacked

An ICQ is the state’s yearly questionnaire where agencies report whether their internal controls are in place and working.

“Each year, OSC issues a memorandum (Fiscal Year Update) to internal control officers, single audit liaisons, and chief fiscal officers instructing departments to complete an Internal Control Questionnaire designed to provide an indication of the effectiveness of the Commonwealth’s internal controls.”

What the Auditor checked

What the Auditor found

DOS reported inaccurate or unsupported information about internal controls in its 2014 Internal Control Questionnaire.
recordkeeping/documentationinternal controlsasset/inventory control

Why it matters: The inaccurate or unsupported information prevented effective assessment of internal controls, increased risk that DOS would not meet objectives in compliance with requirements, and weakened safeguards over capital assets.

Standard: OSC guidelines for internal control plans, OSC ICQ certification instructions, COSO enterprise risk management components, and OSC capital-asset inventory requirements. ( Chapter 11, Section 12, of the Massachusetts General Laws; OSC Internal Control Guide; OSC Fixed Assets Acquisition Policy (2006) )

2 recommendations
  • DOS should take the measures necessary to address the issues identified during the audit, follow OSC requirements for developing an ICP and reporting ICP and capital-asset information, and retain a signed ICQ certification.agency: partially agreed
  • DOS should request guidance from OSC if necessary.
Agency response & Auditor reply
Agency: "Contrary to the audit conclusions the information reported in the ICQ was accurate but some of the information was as stated in the “DRAFT” audit undocumented."
Auditor: "We believe that the measures DOS is taking, as indicated in its reply, are responsive to some of our concerns."