Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Office of Consumer Affairs & Business Regulations - Examiniation of Annual Internal Control Questionnaires

April 28, 2015 · Read the full official report (PDF) ↗

Published April 28, 2015 Audit covers July 1, 2013 – June 30, 2014 Under Suzanne M. Bump · 2011–2023

In plain English
The audit found that the Office of Consumer Affairs and Business Regulation gave some inaccurate or unsupported answers on its 2014 internal-control questionnaire, including about its internal control plan, risk assessment, inventory procedures, and certification of the questionnaire.
source
“OCABR’s 2014 ICQ had inaccurate responses on the subjects of its internal control plan (ICP), risk assessment, and capital-asset inventory.”
Read the plain-English breakdown
What is this?

This is a limited-scope performance audit of a Massachusetts state agency’s answers on an annual questionnaire about internal controls for the period July 1, 2013 through June 30, 2014.

“This report details the audit objectives, scope, methodology, findings, and recommendations for the audit period, July 1, 2013 through June 30, 2014.”
Why was it audited?

The State Auditor checked whether certain answers OCABR gave to the State Comptroller on its fiscal year 2014 Internal Control Questionnaire were accurate.

“The objective of our audit was to determine whether certain responses provided by OCABR to OSC in its fiscal year 2014 ICQ were accurate.”
Why it matters

Accurate internal-control reporting matters because the Comptroller uses it to judge whether the agency has adequate controls, especially for financial reporting.

“Further, inaccurate information in the ICQ prevents OSC from effectively assessing the adequacy of OCABR’s internal control system for the purposes of financial reporting.”
What's in it for me?

For ordinary residents, this matters because OCABR is supposed to protect consumers and regulate businesses fairly, and weak or poorly documented controls can make it harder for the agency to do that effectively.

“OCABR’s mission is to advocate for, inform, and protect consumers and ensure fair and sound regulation of businesses and professionals while working to strike a balance between the needs of businesses and those of consumers.”
The bottom line

The main issue was not that money was proven missing, but that OCABR’s paperwork and answers about its controls were not reliable enough in several key areas.

“Some of the information that the Office of Consumer Affairs and Business Regulation (OCABR) reported in its Internal Control Questionnaire (ICQ) to the Office of the State Comptroller (OSC) for fiscal year 2014 was inaccurate or not supported by documentation.”
What happens next

The auditor recommended that OCABR fix the problems, follow Comptroller requirements, and ask the Comptroller for help if needed.

“If necessary, OCABR should request guidance from OSC on these matters.”
Jargon, unpacked

An Internal Control Questionnaire is a yearly form state departments complete to show how well their safeguards, procedures, and checks are working.

“Each year, the Office of the State Comptroller issues a memo (Fiscal Year Update) to internal control officers, single audit liaisons, and chief fiscal officers instructing departments to complete an Internal Control Questionnaire designed to provide an indication of the effectiveness of the Commonwealth’s internal controls.”

What the Auditor checked

What the Auditor found

OCABR reported inaccurate or unsupported internal-control information in its 2014 Internal Control Questionnaire.
internal controlsrecordkeeping/documentationasset/inventory control

Why it matters: Inaccurate ICQ information prevents OSC from effectively assessing OCABR’s internal controls for financial reporting, and an ICP that does not follow OSC guidance may impair OCABR’s ability to achieve its mission and comply with laws, rules, and regulations.

Standard: OSC ICQ instructions, OSC Internal Control Guide, and COSO enterprise risk management guidance. ( Chapter 11, Section 12, of the Massachusetts General Laws; COSO Enterprise Risk Management—Integrated Framework; OSC Internal Control Guide )

2 recommendations
  • OCABR should address the audit issues and follow OSC requirements for developing an internal control plan and accurately reporting ICQ information about its internal control plan, risk assessment, inventory procedures, and department representations.agency: agreed
  • If necessary, OCABR should request guidance from OSC.agency: agreed
Agency response & Auditor reply
Agency: "OCABR has already begun the process of taking corrective action based on the findings and recommendations of this report."
Auditor: "We again recommend that OCABR conduct and document an organization-wide risk assessment, including the consideration of fraud, as part of its corrective-action plan."