FAC Explorer

Audit 10258

FY End
2023-06-30
Total Expended
$3.16M
Findings
16
Programs
6
Organization: West Shore Community College (MI)
Year: 2023 Accepted: 2024-01-08
Auditor: Rehmann Robson LLC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
7878 2023-001 Significant Deficiency - E
7879 2023-001 Significant Deficiency - E
7880 2023-001 Significant Deficiency - E
7881 2023-001 Significant Deficiency - E
7882 2023-002 Significant Deficiency - N
7883 2023-002 Significant Deficiency - N
7884 2023-002 Significant Deficiency - N
7885 2023-002 Significant Deficiency - N
584320 2023-001 Significant Deficiency - E
584321 2023-001 Significant Deficiency - E
584322 2023-001 Significant Deficiency - E
584323 2023-001 Significant Deficiency - E
584324 2023-002 Significant Deficiency - N
584325 2023-002 Significant Deficiency - N
584326 2023-002 Significant Deficiency - N
584327 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $1.29M Yes 2
84.425 Education Stabilization Fund $822,050 Yes 0
84.268 Federal Direct Student Loans $278,537 Yes 2
84.048 Career and Technical Education -- Basic Grants to States $108,106 - 0
84.007 Federal Supplemental Educational Opportunity Grants $80,151 Yes 2
84.033 Federal Work-Study Program $21,478 Yes 2

Contacts

Name Title Type
XAD7SXLMNQB6 Conny Bax Auditee
2318435710 Paula Bedford, CPA Auditor
No contacts on file

Notes to SEFA

Accounting Policies: The accompanying schedule of expenditures of federal awards (the “Schedule”) includes the federal grant activity of West Shore Community College (the “College”) under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the net position, changes in net position or cash flows of the College. Expenditures reported on the Schedule are reported on the accrual basis of accounting, which is described in Note 1 to the College's financial statements. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, and other applicable guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Pass-through entity identifying numbers are presented where available. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate.

Finding Details

Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-001
2023-001 – Pell Grant Calculation. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Eligibility). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Uniform Guidance states that the College must determine the maximum scheduled award a student would receive based on their Expected Family Contribution (EFC) and Cost of Attendance (COA) using the payment schedule provided by the U.S. Department of Education. Students must be awarded on the basis of a COA comprised of allowable costs assessed to all students carrying the same academic workload. COA must be prorated for students who are attending less than an academic year, or who are less than full-time in a term-based program. Condition. Three students out of the 40 tested had an incorrect COA and/or EFC recorded in PowerFAIDS. The error was isolated to the population of students enrolled less-than-half-time at the College. The College determined that they did not properly adjust the COA for the year. Subsequent to initial testing, the College adjusted and re-calculated the COA and EFC for all less-than-half-time students during the audit fieldwork. From the population of less-than-half-time students who received a Pell Grant during fiscal year 2023, a total of 34 students were awarded a higher amount of Pell than they were eligible to receive. Cause. This condition was caused by insufficient review of the COA and EFC data being used by the College in determining the Pell Grant amount for students. Effect. As a result of this condition, the College was exposed to an increased risk that incorrect information would be used to determine students' Pell Grant award amounts. Questioned Costs. No costs are required to be questioned as the amounts did not exceed the reporting threshold. Recommendation. We recommend the College implement procedures to ensure the COA and EFC used to calculate each student's Pell Grant is updated for each academic year and reviewed by an independent official. View of Responsible Officials. Management concurs with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
Finding 2023-002
2023-002 - Gramm Leach Bliley Missing Compliance Requirements. Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests & Provisions). Programs. Student Financial Assistance Cluster; U.S. Department of Education; Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222103, P033A222103, P063P225088, and P268K225088. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The most recent written security policy fails to address how the College will oversee its information system service providers and the evaluation and adjustment of its information security program for any changes in the College's operations or the results of risk assessments. Additionally, the College's policy does not include performing annual penetration tests or biannual vulnerability assessments, as required by the Gramm Leach Bliley Act. Cause. The College does not have a review process in place to ensure all safeguard policies set forth in the Gramm Leach Bliley Act are met in the written security policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley policies are met and confirmed by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.