Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Framingham State University

December 20, 2012 · Read the full official report (PDF) ↗ · official site ↗

Published December 20, 2012 Audit covers July 1, 2010 – September 30, 2011 Under Suzanne M. Bump · 2011–2023

In plain English
Framingham State University had a control weakness that let two people who were not current students get enrolled in the student health insurance plan.
source
“Two individuals enrolled in FSU’s student health insurance plan had not been students at FSU for over eight years and therefore were not eligible to receive health insurance benefits.”
Read the plain-English breakdown
What is this?

This is a state audit of Framingham State University covering July 1, 2010 through September 30, 2011.

“We conducted this performance audit, which covered the period July 1, 2010 through September 30, 2011, in accordance with generally accepted government auditing standards.”
Why was it audited?

The audit happened because Framingham State University reported that two people were on its student health plan even though they were not students.

“The Chapter 647 report submitted by FSU disclosed a situation in May 2011 in which FSU administrators identified two individuals enrolled in FSU’s student health insurance plan who were not students at FSU and therefore were not eligible to receive health insurance benefits.”
Why it matters

The issue matters because weak account controls let an employee use old student accounts to add ineligible people to a health insurance plan.

“This employee was able to enroll these former students by adding the charges for the health care plan to each of their individual student accounts, which were still accessible even though they have been inactive for over eight years.”
What's in it for me?

For taxpayers and students, the audit is about making sure university benefits go only to people who qualify and that old accounts cannot be misused.

“To be eligible for the health insurance, a student must be enrolled in at least three classes at FSU.”
The bottom line

The auditor found no other fraud or abuse in the areas tested, and the university changed its procedures.

“For the areas tested, our audit revealed no other occurrences of fraud or abuse regarding enrollment of ineligible individuals.”
What happens next

FSU said it would review whether inactive student records need more security and make sure monitoring is documented.

“The University will carefully consider the recommendation of the Auditor to determine what additional security enhancements can be instituted regarding inactive students’ records.”
Why it's significant

The larger lesson is that keeping inactive student accounts open without restrictions can create a real opportunity for misuse.

“We also learned that FSU maintains all student accounts indefinitely with no restrictive access to inactive accounts.”
Jargon, unpacked

“Internal controls” means the rules, checks, and monitoring that should stop unauthorized or inaccurate activity in systems like student accounts.

“We recommend that FSU management reexamine its internal controls over inactive student accounts and determine whether additional controls are needed to ensure that access to student accounts after they become inactive is properly restricted, secured from unauthorized access, and periodically monitored to identify inaccurate or inconsistent activity.”

What the Auditor checked

What the Auditor found

FSU allowed two ineligible former students to be enrolled in its student health insurance program.
internal controlseligibility determinationdata privacy

Why it matters: Ineligible individuals received access to student health insurance benefits, creating risk of unauthorized benefits and improper claims.

Standard: To be eligible for FSU student health insurance, a student must be enrolled in at least three classes at FSU. ( Chapter 647 of the Acts of 1989; Massachusetts Law requires student health insurance coverage for certain students enrolled at institutions of higher learning in Massachusetts )

1 recommendation
  • Reexamine internal controls over inactive student accounts and determine whether additional controls are needed to restrict, secure, and monitor access after accounts become inactive.agency: agreed
Agency response & Auditor reply
Agency: "The University will carefully consider the recommendation of the Auditor to determine what additional security enhancements can be instituted regarding inactive students’ records."

More audits of this entity

Other Office of the State Auditor reports on Framingham State University .

See this entity's page with all 4 audits →