FAC Explorer

Audit 12966

FY End
2023-06-30
Total Expended
$8.10M
Findings
20
Programs
7
Organization: Warner University, Inc. (CO)
Year: 2023 Accepted: 2024-01-23
Auditor: Capincrouse LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
9460 2023-001 Significant Deficiency - N
9461 2023-001 Significant Deficiency - N
9462 2023-001 Significant Deficiency - N
9463 2023-001 Significant Deficiency - N
9464 2023-001 Significant Deficiency - N
9465 2023-001 Significant Deficiency - N
9466 2023-002 - Yes N
9467 2023-002 - Yes N
9468 2023-002 - Yes N
9469 2023-002 - Yes N
585902 2023-001 Significant Deficiency - N
585903 2023-001 Significant Deficiency - N
585904 2023-001 Significant Deficiency - N
585905 2023-001 Significant Deficiency - N
585906 2023-001 Significant Deficiency - N
585907 2023-001 Significant Deficiency - N
585908 2023-002 - Yes N
585909 2023-002 - Yes N
585910 2023-002 - Yes N
585911 2023-002 - Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $5.56M Yes 2
84.063 Federal Pell Grant Program $2.18M Yes 2
84.038 Federal Perkins Loan Program $142,347 Yes 1
84.007 Federal Supplemental Educational Opportunity Grants $107,206 Yes 2
84.033 Federal Work-Study Program $80,763 Yes 1
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $16,974 Yes 2
84.425 Covid-19 Education Stabilization Fund Heerf - Institutional Portion $14,136 - 0

Contacts

Name Title Type
EQ6GMFADBSN1 Mandy Ramos Auditee
8636387255 Christian Mantegna, CPA Auditor
No contacts on file

Notes to SEFA

Title: RELATIONSHIP TO FINANCIAL STATEMENTS Accounting Policies: The accompanying schedule of expenditures of federal awards and state financial assistance (the schedule) includes the federal and state grant activity of Warner University, Inc. (University) under programs of the federal government and the State of Florida for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and Chapter 10.650, Rules of Auditor General. Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal or state assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table
Title: SUBRECIPIENTS, NON-CASH ASSISTANCE, FEDERAL INSURANCE, LOANS, AND LOAN GUARANTEES Accounting Policies: The accompanying schedule of expenditures of federal awards and state financial assistance (the schedule) includes the federal and state grant activity of Warner University, Inc. (University) under programs of the federal government and the State of Florida for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and Chapter 10.650, Rules of Auditor General. Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal or state assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate The University did not provide any federal funds to subrecipients nor did they receive any federal non-cash assistance, insurance, loans, or loan guarantees.
Title: FEDERAL PERKINS LOAN PROGRAM Accounting Policies: The accompanying schedule of expenditures of federal awards and state financial assistance (the schedule) includes the federal and state grant activity of Warner University, Inc. (University) under programs of the federal government and the State of Florida for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and Chapter 10.650, Rules of Auditor General. Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal or state assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table
Title: ZONE ALTERNATIVE Accounting Policies: The accompanying schedule of expenditures of federal awards and state financial assistance (the schedule) includes the federal and state grant activity of Warner University, Inc. (University) under programs of the federal government and the State of Florida for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and Chapter 10.650, Rules of Auditor General. Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal or state assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate The University was operating under the Provisional Certification Alternative for failure to meet the Department of Education’s standards of financial responsibility. The University must comply with all the requirements specified for the Provisional Certification Alternative including the Zone Alternative. As part of the audit procedures, the University’s compliance with the Zone Alternative including their administration of the heightened cash monitoring payment method, disbursing aid and paying out credit balances before requesting reimbursement and timely notification requirements was tested. No non-compliance with the requirements was noted. The University was released from the zone alternative requirements at Janaury 2023 as they again met the standards of financial responsibility as of June 30, 2022.

Finding Details

Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Gramm Leach Bliley Act (GLBA) Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038 and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on all systems containing personally identifiable information (PII), or implemented a continuous monitoring solution, such as once a year penetration testing and twice a year vulnerability scanning. Additionally, the University has not implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Late Return of Title IV (R2T4) DEPARTMENT OF EDUCATION ALN #: 84.063, 84.007, 84.268, and 84.379 Federal Award Identification #: 2022-23 Financial Aid Year Condition: The University did not properly assess R2T4s under the modular withdrawal regulations that went into effect July 1, 2021. The University had an incorrect assumption of the 49% exemption for zero credit students in modular programs. Criteria: 34 CFR 668.22 Questioned Costs: $2,954 Context: Out of 25 students who withdrew during the audit period, 2 students in modular programs did not have an R2T4 calculated and unearned funds returned timely. $2,954 in Federal Direct Loans were returned as part of the audit process. The University completed additional review of their students in modular programs who withdrew officially or unofficially and no other late returns were identified. Cause: Complexity of modular withdraw regulations. University originally assessed the students as having met an exemption when the exemption did not apply. Effect: Unearned Title IV funds not returned timely. Identification as repeat finding, if applicable: 2022-001 Recommendation: We recommend that the financial aid office continues to attend compliance training on the modular regulations and consult with Department of Education on the implementation of new regulations where necessary. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.