Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Massachusetts Cultural Council-Examination of Annual Internal Control Questionnaire

October 3, 2016 · Massachusetts Cultural Council · Read the full official report (PDF) ↗

Published October 3, 2016 Audit covers July 1, 2014 – June 30, 2015 Under Suzanne M. Bump · 2011–2023

In plain English
The auditor found that the Massachusetts Cultural Council gave inaccurate or undocumented answers on its 2015 internal controls questionnaire.
source
“Some of the information that the Massachusetts Cultural Council (MCC) reported on its Internal Control Questionnaire (ICQ) to the Office of the State Comptroller (OSC) for fiscal year 2015 was inaccurate or not supported by documentation.”
Read the plain-English breakdown
What is this?

This is a state audit checking whether the Massachusetts Cultural Council accurately reported certain internal control information for July 1, 2014 through June 30, 2015.

“The objective of our audit was to determine whether certain responses that MCC provided to OSC on its fiscal year 2015 ICQ were accurate.”
Why was it audited?

The audit was done because state agencies fill out an Internal Control Questionnaire, and the auditor wanted to verify whether MCC's selected answers were true.

“The overall objective of our audit was to determine whether MCC accurately reported certain information about its overall internal control system to OSC on its 2015 ICQ.”
Why it matters

If MCC's internal controls and reporting are weak, the state may not be able to rely on MCC's information, protect assets, or know whether important systems are secure.

“Without accurate information on the ICQ, OSC cannot effectively assess the adequacy of MCC’s internal control system for the purposes of financial reporting.”
What's in it for me?

For an ordinary resident, this matters because MCC is a taxpayer-funded agency, and the audit says it needed better controls over records, assets, and security.

“For fiscal year 2015, MCC had a budget of $12,864,100 and had 25 full-time employees.”
The bottom line

MCC said it had key controls in place, but the auditor found that several of those claims were wrong or not backed up.

“MCC’s 2015 ICQ had inaccurate responses on the subjects of its internal control plan (ICP), risk assessment, information system and data security, and capital-asset inventory.”
What happens next

The auditor recommended that MCC fix the problems, follow Comptroller rules, check future questionnaire answers carefully, and ask the Comptroller for help if needed.

“MCC should take the measures necessary to address the issues we identified during our audit and should ensure that it adheres to all of OSC’s requirements for developing an ICP and accurately reporting information about its ICP, risk assessment, information system and data security, and capital-asset inventory on its ICQ.”
Why it's significant

The audit found no money loss finding, but it did find that MCC's oversight paperwork and asset controls were not reliable enough, which can create risk over time.

“Without establishing formal inventory policies and procedures, and performing and documenting an annual physical inventory, MCC is not ensuring that its capital assets are properly safeguarded against loss, theft, and misuse and that its inventory records are complete and accurate.”
Jargon, unpacked

An ICQ is the state's yearly questionnaire about whether an agency has good internal controls; an ICP is the agency's written plan for those controls.

“The ICQ is a document designed by OSC that is sent to departments each year requesting information and department representations on their internal controls over 12 areas: management oversight, accounting system controls, budget controls, revenue, procurement and contract management, invoices and payments, payroll and personnel, investments held by the Commonwealth, material and supply inventory, capital-asset inventory, federal funds, and IT security and personal data.”

3 figure(s) pending source verification - not shown

What the Auditor checked

What the Auditor found

MCC reported inaccurate or unsupported internal-control information on its ICQ.
internal controlsrecordkeeping/documentationasset/inventory controldata privacycybersecurity

Why it matters: OSC could not effectively assess MCC's internal controls, and MCC risked not properly safeguarding capital assets or securing its information systems and data.

Standard: OSC internal control guidelines, OSC ICQ certification requirements, OSC capital asset policies, and MassIT information security policy. ( Section 12 of Chapter 11 of the Massachusetts General Laws; Chapter 647 of the Acts of 1989; Section 3 of Chapter 93H of the General Laws; Chapter 93I of the General Laws )

2 recommendations
  • MCC should address the audit issues, comply with OSC requirements for its ICP, risk assessment, information system and data security, capital-asset inventory, and ICQ reporting, and review ICQ questions for accuracy before certification and submission.agency: agreed
  • MCC should request guidance from OSC if necessary.agency: agreed
Agency response & Auditor reply
Agency: "Based on the findings listed in the draft of the audit, MCC is taking or will take the following steps."
Auditor: "Based on its response, we believe MCC is taking appropriate measures to address the issues we identified during our audit."

More audits of this entity

Other Office of the State Auditor reports on Massachusetts Cultural Council .

See this entity's page with all 3 audits →