Audit Advises Massachusetts Department of Higher Education to Ensure All Employees Receive Cybersecurity Awareness Training

BOSTON – Today the Office of State Auditor Suzanne M. Bump (OSA) released an audit of the Department of Higher Education (DHE), which identified that DHE did not ensure all employees responsible for managing and administering Governor’s Emergency Education Relief (GEER) Funds, completed annual cybersecurity awareness training.

Additionally, the audit found DHE did not meet annually with the Commonwealth Commitment Advisory Board (CCAB) to review key aspects of the MassTransfer Commonwealth Commitment program. Some areas required to review include cost structures, operations, accreditation and licensure-related issues. As a result of not meeting annually DHE did not provide follow-up reports or communications to the Board of Higher Education (BHE) regarding CCAB’s review of the MassTransfer program.

“DHE did a number of things correctly, including updating their internal control plan (ICP) to respond to the COVID-19 pandemic, as well as completing proper paperwork to receive and administer GEER funding. However, without proper cybersecurity practices in place, DHE’s work can be at risk,” said State Auditor Suzanne M. Bump. “Additionally, it is troublesome that DHE did not ensure that the CCAB met, at least annually, to review the MassTransfer Commonwealth Commitment program. Any changes in critical components, especially in regard to state funding availability, call for an annual meeting to occur.”

The audit recommends that DHE develop internal controls to ensure that all employees complete the required training annually. Additionally, DHE should designate a department or individual to be responsible for overseeing the assignment and completion of required training. DHE should meet with CCAB at least annually to review the MassTransfer Commonwealth Commitment Program and make recommendations about its improvement to BHE.

According to its website at, DHE “is the staff to the 13-member Board of Higher Education (BHE), responsible for executing the Board’s policies and day-to-day operations.” DHE was created by Section 6 of Chapter 15A of the General Laws and is headed by a commissioner. DHE had 67 employees and a budget of $5,186,847 in fiscal year 2021.

The audit can be viewed HERE.


About the Office of the State Auditor
The Office of the State Auditor conducts performance audits of state government programs, departments, agencies, authorities, contracts, and vendors. With its reports, the OSA issues recommendations to improve accountability, efficiency, and transparency. The OSA has identified approximately $1.4 billion in unallowable, questionable, or potentially fraudulent spending and saving opportunities for the Commonwealth since 2011. Last year, auditees reported implementation of 90 percent of the OSA’s audit recommendations.

For more information, visit or follow Auditor Bump on Twitter @MassAuditor, on Facebook, or subscribe to the Auditor’s Report e-newsletter.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.