Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Massachusetts Teachers Retirement Board/System

April 29, 2015 · Read the full official report (PDF) ↗

Published April 29, 2015 Audit covers July 1, 2011 – June 30, 2013 Under Suzanne M. Bump · 2011–2023

In plain English
Auditors found two main problems: some former employees still had system access, and MTRS records about money owed to or from deceased retirees’ estates were inaccurate.
source
“When employees leave MTRS, their user access to the agency’s benefit-administration system (MyTRS) is not promptly deactivated.”
Read the plain-English breakdown
What is this?

This is a state performance audit of the Massachusetts Teachers’ Retirement System, covering July 1, 2011 through June 30, 2013.

“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, July 1, 2011 through June 30, 2013.”
Why was it audited?

The auditor reviewed selected financial and management activities to see whether MTRS was doing its job efficiently, effectively, and legally.

“In this performance audit, we reviewed and assessed selected financial and management activities of MTRS to evaluate its ability to perform and administer its functions and responsibilities efficiently, effectively, and in compliance with laws and regulations.”
Why it matters

MTRS handles retirement benefits and sensitive information for a very large number of Massachusetts educators, retirees, survivors, and families.

“The Massachusetts Teachers’ Retirement System (MTRS), the Commonwealth’s largest contributory retirement system, provides retirement, disability, and survivor benefits to public-school teachers and administrators and their families.”
What's in it for me?

If you are connected to MTRS, the audit matters because weak controls could affect private member information or money owed to surviving beneficiaries.

“Insufficient controls over user access could place sensitive and confidential information—member data in particular—at risk of unauthorized access, modification, misuse, and/or loss.”
The bottom line

MTRS generally handled several audited areas properly, but it needed better controls over system access and better accounting for money owed to and from retiree estates.

“Without accurate financial records, MTRS may not be collecting or otherwise resolving all funds due the Commonwealth and paying all funds owed to surviving beneficiaries.”
What happens next

MTRS said it was adding written procedures, quarterly reviews, better reconciliation, and updated handling of unclaimed funds and old receivables.

“At the November 21, 2014 board meeting, the board approved the aforementioned policy revisions and recommended to the Office of the State Comptroller the write-off of $1,063,412.59 in accounts receivable for the period 1988 through 2011.”
Why it's significant

The problems were not just paperwork issues: inaccurate lists could mean families do not learn about money owed to them, and the public cannot be sure all old balances are being resolved.

“Therefore, surviving beneficiaries may not know MTRS has unclaimed funds on account for them, and there is no assurance that this list is an effective tool to communicate and resolve instances of funds owed to the public.”
Jargon, unpacked

“Accounts payable” here means money MTRS owed to beneficiaries or estates; “accounts receivable” means money owed back to the Commonwealth because too much was paid.

“MTRS notifies the beneficiary of the funds owed and requests a completed claim form and a copy of a death certificate.”

4 figure(s) pending source verification - not shown

What the Auditor checked

What the Auditor found

Former employees’ MyTRS user accounts were not promptly deactivated.
cybersecuritydata privacyinternal controls

Why it matters: Sensitive and confidential member data could be at risk of unauthorized access, modification, misuse, or loss.

Standard: MassIT Enterprise Staff Information Technology Security Policy and Enterprise Access Control Security Standards require timely termination and review of access privileges. ( MassIT Enterprise Staff Information Technology Security Policy, Section 3; MassIT Enterprise Access Control Security Standards, Section 2.4 )

2 recommendations
  • Develop formal written policies and procedures requiring Human Resources to notify Information Technology Services of employee status changes that require access changes or deactivation and requiring periodic reviews of user access rights.agency: already implemented
  • Immediately review all active MyTRS users and deactivate access for individuals who no longer require or are not authorized to have access.agency: already implemented
Agency response & Auditor reply
Agency: "While we agree that this is an issue that requires remediation, and as detailed below, we have taken immediate corrective steps, I want to clarify the limits of access that those six employees retained."
Auditor: "MTRS’s response indicates that its written policies and procedures and periodic reviews of active user accounts will strengthen the security of the MyTRS application."
Accounts payable and receivable records for retiree estates were inaccurate.
recordkeeping/documentationinternal controls

Why it matters: MTRS may not collect or resolve all funds due the Commonwealth or pay all funds owed to surviving beneficiaries.

Standard: Chapter 32, Sections 20(5)(h) and 21(1)(a) of the Massachusetts General Laws require retirement systems to file accurate financial statements and maintain data needed to value assets and determine liabilities. ( Chapter 32, Section 20(5)(h), of the Massachusetts General Laws; Chapter 32, Section 21(1)(a), of the Massachusetts General Laws )

1 recommendation
  • Implement supervisory oversight controls to ensure accounts payable and receivable aging-list balances are accurate and complete, agree to financial-statement balances, and are included in documented policies and procedures.agency: agreed
Agency response & Auditor reply
Agency: "We do agree that some of the entries were mislabeled and they have been corrected."
Auditor: "Based on its response, MTRS is taking appropriate measures to address concerns we identified."
MTRS’s Unclaimed Funds List was not current, accurate, and complete.
recordkeeping/documentationinternal controls

Why it matters: Surviving beneficiaries may not know MTRS has unclaimed funds for them, and the list may not effectively communicate or resolve funds owed to the public.

Standard: MTRS must maintain accurate financial records to support its reporting and liabilities under Chapter 32, Sections 20(5)(h) and 21(1)(a) of the Massachusetts General Laws. ( Chapter 32, Section 20(5)(h), of the Massachusetts General Laws; Chapter 32, Section 21(1)(a), of the Massachusetts General Laws )

1 recommendation
  • Implement supervisory oversight controls to ensure the Unclaimed Funds List is accurately maintained and include those controls in documented policies and procedures.agency: already implemented
Agency response & Auditor reply
Agency: "While the MTRS has had a three-step procedure in place to locate and notify named beneficiaries and estates of accounts payable due to a benefit recipient’s death, we agree that improvements were needed to our procedures for adding new estate accounts payable to our Unclaimed Funds list when beneficiaries and estates do not respond in a timely manner."
Auditor: "Based on its response, MTRS is taking appropriate measures to address concerns we identified."

Prior findings revisited

Being worked on
"Prior audit results partially resolved—Accounts payable and receivable to and from retiree estates were not recorded in MTRS’s financial records."