Audit of the Office of the Inspector General (OIG) — Review of Cybersecurity Awareness Training –

Official websites use
A website belongs to an official government organization in Massachusetts.

Secure websites use HTTPS certificate
A lock icon ( ) or https:// means you’ve safely connected to the official website. Share sensitive information only on official, secure websites.
Top-requested sites to log in to services provided by the state
Top-requested sites to log in to services provided by the state
The Office of the Inspector General is an independent agency that prevents and detects abuse of public funds and promotes transparency in state government. Our audit found the office was conducting cybersecurity awareness training for its staff as required by the state.

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Office of the Inspector General (OIG)1 for the period January 1, 2019 through December 31, 2020. In this performance audit, we determined whether OIG administered a cybersecurity awareness training program that complied with the Executive Office of Technology Services and Security’s (EOTSS’s) requirements and industry best practices.
Our audit revealed no significant instances of noncompliance by OIG that must be reported under generally accepted government auditing standards. However, in performing our audit testing, we found an internal control issue: OIG had not established a written policy regarding its cybersecurity awareness training. This written policy would include establishing a requirement for all employees to receive cybersecurity awareness training upon hire and annually thereafter as required by EOTSS standards. We brought this matter to the attention of OIG officials who established a formal, written cybersecurity awareness training policy after our audit.
A PDF copy of the audit of the Office of the Inspector General is available here.
1.     Generally accepted government auditing standards require that organizations be free from organizational impairments to independence with respect to the entities they audit. In accordance with Section 2 of Chapter 12A of the General Laws, the Inspector General is appointed by a majority vote of the Attorney General, State Auditor, and Governor. Additionally, pursuant to Section 3 of Chapter 12A of the General Laws, State Auditor Suzanne M. Bump serves on the eight-member Inspector General Council along with the Attorney General; the Secretary of Public Safety; the State Comptroller; and four other members appointed separately by the Attorney General, State Auditor, and Governor. This disclosure is made for informational purposes only, and this circumstance did not interfere with our ability to perform our audit work and report its results impartially.
We will use this information to improve the site.
Do not include sensitive information, such as Social Security or bank account numbers.
This form only gathers feedback about the website.
Would you like to provide additional feedback to help improve
How much do you agree with the following statements in the scale of 1, Strongly Disagree, to 5, Strongly Agree?
If you would like to continue helping us improve, join our user panel to test new features for the site.
© 2021 Commonwealth of Massachusetts.® is a registered service mark of the Commonwealth of Massachusetts.