Massachusetts Auditor Releases Audit Of Cannabis Control Commission

Among the findings: CCC did not provide cybersecurity awareness training to its employees.

We just received word about this report, and still need to dig in for a further analysis. But even though it covers old ground from before the current Cannabis Control Commission members were seated, it’s notable because it comes on the heels of the suspension of Chair Shannon O’Brien. And while the CCC managed to get regulatory work done in the wake of that news breaking earlier this month, the agency has also been hit by criticisms from Beacon Hill lawmakers among others.

We are still combing through this new report from the Office of State Auditor (OSA) Diana DiZoglio, which “conducted a performance audit of the Cannabis Control Commission (CCC) for the period January 1, 2019 through December 31, 2020 … to determine whether CCC ensured that recreational marijuana products sold met the safety standards required by the following [the law].” But for now, we wanted to get you the basics. Their general findings include:

  • CCC did not identify all products considered expired and prevent their sale to consumers before they were retested.
  • CCC did not ensure that marijuana establishments (MEs) and independent testing laboratories (ITLs) properly reported marijuana products that tested positive for pesticides.
  • CCC did not provide cybersecurity awareness training to its employees.

Some of the granular findings, while extremely outdated, show the extent of their investigation. For example:

Of the 160,625 packages that were completely tested and sold by marijuana establishments (MEs) during the audit period, we determined that 1,517 (less than 1%) contained some amount of product that had been last tested for contaminants more than one year before. Sales of these products totaled $10,192,986 and consisted of 130,875 individual products in various forms and another 737 pounds of flower or buds.

The CCC was given the opportunity to reply to all of the auditor’s findings. You can read the full report here.