Framingham State University
December 20, 2012 · Read the full official report (PDF) ↗ · official site ↗
source
“Two individuals enrolled in FSU’s student health insurance plan had not been students at FSU for over eight years and therefore were not eligible to receive health insurance benefits.”
Read the plain-English breakdown
This is a state audit of Framingham State University covering July 1, 2010 through September 30, 2011.
“We conducted this performance audit, which covered the period July 1, 2010 through September 30, 2011, in accordance with generally accepted government auditing standards.”
The audit happened because Framingham State University reported that two people were on its student health plan even though they were not students.
“The Chapter 647 report submitted by FSU disclosed a situation in May 2011 in which FSU administrators identified two individuals enrolled in FSU’s student health insurance plan who were not students at FSU and therefore were not eligible to receive health insurance benefits.”
The issue matters because weak account controls let an employee use old student accounts to add ineligible people to a health insurance plan.
“This employee was able to enroll these former students by adding the charges for the health care plan to each of their individual student accounts, which were still accessible even though they have been inactive for over eight years.”
For taxpayers and students, the audit is about making sure university benefits go only to people who qualify and that old accounts cannot be misused.
“To be eligible for the health insurance, a student must be enrolled in at least three classes at FSU.”
The auditor found no other fraud or abuse in the areas tested, and the university changed its procedures.
“For the areas tested, our audit revealed no other occurrences of fraud or abuse regarding enrollment of ineligible individuals.”
FSU said it would review whether inactive student records need more security and make sure monitoring is documented.
“The University will carefully consider the recommendation of the Auditor to determine what additional security enhancements can be instituted regarding inactive students’ records.”
The larger lesson is that keeping inactive student accounts open without restrictions can create a real opportunity for misuse.
“We also learned that FSU maintains all student accounts indefinitely with no restrictive access to inactive accounts.”
“Internal controls” means the rules, checks, and monitoring that should stop unauthorized or inaccurate activity in systems like student accounts.
“We recommend that FSU management reexamine its internal controls over inactive student accounts and determine whether additional controls are needed to ensure that access to student accounts after they become inactive is properly restricted, secured from unauthorized access, and periodically monitored to identify inaccurate or inconsistent activity.”
What the Auditor checked
- Partially Assess the adequacy of FSU’s internal controls over its student health insurance program.
- Complied Review the conditions that led to the enrollment of two ineligible individuals in the student health plan and determine whether other instances of fraud or abuse regarding the enrollment of ineligible individuals occurred.
- Complied Identify any corrective actions that need to be taken.
What the Auditor found
Why it matters: Ineligible individuals received access to student health insurance benefits, creating risk of unauthorized benefits and improper claims.
Standard: To be eligible for FSU student health insurance, a student must be enrolled in at least three classes at FSU. ( Chapter 647 of the Acts of 1989; Massachusetts Law requires student health insurance coverage for certain students enrolled at institutions of higher learning in Massachusetts )
1 recommendation
- Reexamine internal controls over inactive student accounts and determine whether additional controls are needed to restrict, secure, and monitor access after accounts become inactive.agency: agreed
Agency response & Auditor reply
Agency: "The University will carefully consider the recommendation of the Auditor to determine what additional security enhancements can be instituted regarding inactive students’ records."
More audits of this entity
Other Office of the State Auditor reports on Framingham State University .
-
Audit of Cybersecurity Awareness Training Compliance Across Multiple State Agencies - Framingham State UniversityCollege / University · November 8, 2024 -
Audit of the Framingham State University (FSU)College / University · November 23, 2020 - Framingham State University's Use of American Recovery and Reinvestment Act FundsCollege / University · May 26, 2011