Audit Advises DHE to Ensure Employees Receive Cybersecurity Training
BOSTON — the Office of State Auditor Suzanne M. Bump (OSA) released an audit of the Department of Higher Education (DHE), which identified that DHE did not ensure all employees responsible for managing and administering Governor's Emergency Education Relief (GEER) Funds, completed annual cybersecurity awareness training.
Additionally, the audit found DHE did not meet annually with the Commonwealth Commitment Advisory Board (CCAB) to review key aspects of the MassTransfer Commonwealth Commitment program. Some areas required to review include cost structures, operations, accreditation and licensure-related issues. As a result of not meeting annually DHE did not provide follow-up reports or communications to the Board of Higher Education (BHE) regarding CCAB's review of the MassTransfer program.
"DHE did a number of things correctly, including updating their internal control plan (ICP) to respond to the COVID-19 pandemic, as well as completing proper paperwork to receive and administer GEER funding. However, without proper cybersecurity practices in place, DHE's work can be at risk," said State Auditor Suzanne M. Bump. "Additionally, it is troublesome that DHE did not ensure that the CCAB met, at least annually, to review the MassTransfer Commonwealth Commitment program. Any changes in critical components, especially in regard to state funding availability, call for an annual meeting to occur."
The audit recommends that DHE develop internal controls to ensure that all employees complete the required training annually. Additionally, DHE should designate a department or individual to be responsible for overseeing the assignment and completion of required training. DHE should meet with CCAB at least annually to review the MassTransfer Commonwealth Commitment Program and make recommendations about its improvement to BHE.
According to its website at www.mass.gov, DHE "is the staff to the 13-member Board of Higher Education (BHE), responsible for executing the Board's policies and day-to-day operations." DHE was created by Section 6 of Chapter 15A of the General Laws and is headed by a commissioner. DHE had 67 employees and a budget of $5,186,847 in fiscal year 2021.
The audit can be viewed here