UMass Dartmouth Audit Finds Missing Bank Card Transaction Documents and Lack of Cybersecurity Training
Boston — Today, State Auditor Diana DiZoglio’s Office released an audit of the University of Massachusetts Dartmouth (UMD) for the period of July 1, 2020 through December 31, 2021. Our audit looked at UMass Dartmouth’s bank card transactions and cybersecurity awareness training for employees.
Our audit determined that UMD’s bank card transactions did not always comply with UMass system policies and standards. There were instances where some transactions were missing some or all supporting documents. We also found in some cases cardholders did not perform monthly bank statement reconciliations in a timely manner or at all.
It is our recommendation that UMD ensure cardholders reconcile and upload their bank statements in a timely manner, confirm each bank card transaction receipt captures the full business purpose, verify that sales tax is not charged when bank card purchases are made, and that travel authorization numbers are referenced on the bank statement and receipts.
In addition, our office found that UMD did not provide all newly hired employees or existing employees with cybersecurity awareness training. UMD should establish and implement a cybersecurity awareness training component to its information security policy. We also recommend all employees receive proper cybersecurity training when they are hired and annually thereafter.
###