Criteria: 34 CFR 668.22(a)(6)(iii)(A) requires an institution to provide, within 30 days of the date the institution determines that a student has withdrawn, written notification to the student, or the parent in the case of a Parent PLUS loan, detailing the specific items outlined in paragraphs 1-5 of the aforementioned section.
Condition/context: Of the 20 students selected for testing the proper return of Title IV funds, we noted one instance in which the student was eligible for a post-withdrawal disbursement of loan funds. In this instance, the College did not provide written notification to the student and the student was disbursed loan funds.
Cause: The Student Financial Aid Office does not have a control in place to ensure that it provides written notification of post-withdrawal eligibility prior to a disbursement.
Effect: The College could disburse funds to students or parents who did not wish to receive them.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The Student Financial Aid Office should implement a control to ensure that the proper notification is sent to students who are eligible for a post-withdrawal disbursement.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 34 CFR 668.22(a)(6)(iii)(A) requires an institution to provide, within 30 days of the date the institution determines that a student has withdrawn, written notification to the student, or the parent in the case of a Parent PLUS loan, detailing the specific items outlined in paragraphs 1-5 of the aforementioned section.
Condition/context: Of the 20 students selected for testing the proper return of Title IV funds, we noted one instance in which the student was eligible for a post-withdrawal disbursement of loan funds. In this instance, the College did not provide written notification to the student and the student was disbursed loan funds.
Cause: The Student Financial Aid Office does not have a control in place to ensure that it provides written notification of post-withdrawal eligibility prior to a disbursement.
Effect: The College could disburse funds to students or parents who did not wish to receive them.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The Student Financial Aid Office should implement a control to ensure that the proper notification is sent to students who are eligible for a post-withdrawal disbursement.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all of the elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and updated in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials: Management concurs with the finding. See Exhibit I for the corrective action plan.