Audit 14009

Federal Agency: U.S. Department of Education Federal Program Title: Education Stabilization Fund – Higher Educational Emergency Relief Fund Assistance Listing Number: 84.425E – COVID-19 - HEERF – Student Aid Portion 84.425F – COVID-19 - HEERF – Institutional Portion Federal Award Identification Number and Year: P425E202061 – 2021, P425F200625 – 2021 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The initial reporting for this grant requires the report to be submitted to the Institution’s website within 30 days of the signed Certification Agreement or 30 days after the electronic announcement dated May 6, whichever is later. Institutions were then required to update their websites every 45 days after initial upload. This was changed to quarterly on August 31, 2020. In addition, an annual report is required. In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: The College did not follow requirements for timely reporting for the Quarterly Student and Institutional program. Questioned Costs: None Context: During our testing of the reporting process, we noted one of four quarterly reports tested was not published within 10 days after the calendar quarter. Cause: The College did not follow procedures in place to ensure reports were published timely. Effect: The College was not in compliance with the U.S. Department of Education (ED) regulations for timely HEERF reporting. Repeat Finding: Yes. Prior year finding 2022-001 Recommendation: We recommend the College review their reporting procedures to ensure they encompass controls regarding timeliness of reporting. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Education Stabilization Fund – Higher Educational Emergency Relief Fund Assistance Listing Number: 84.425E – COVID-19 - HEERF – Student Aid Portion 84.425F – COVID-19 - HEERF – Institutional Portion Federal Award Identification Number and Year: P425E202061 – 2021, P425F200625 – 2021 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The initial reporting for this grant requires the report to be submitted to the Institution’s website within 30 days of the signed Certification Agreement or 30 days after the electronic announcement dated May 6, whichever is later. Institutions were then required to update their websites every 45 days after initial upload. This was changed to quarterly on August 31, 2020. In addition, an annual report is required. In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: The College did not follow requirements for timely reporting for the Quarterly Student and Institutional program. Questioned Costs: None Context: During our testing of the reporting process, we noted one of four quarterly reports tested was not published within 10 days after the calendar quarter. Cause: The College did not follow procedures in place to ensure reports were published timely. Effect: The College was not in compliance with the U.S. Department of Education (ED) regulations for timely HEERF reporting. Repeat Finding: Yes. Prior year finding 2022-001 Recommendation: We recommend the College review their reporting procedures to ensure they encompass controls regarding timeliness of reporting. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Student Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing of the submission of disbursement records to COD, we noted the disbursement dates on COD were different than the disbursement date per the College’s records. Questioned Costs: None Context: During our testing of the submission of disbursements records to COD, we noted the disbursement date for 7 of 29 direct loan disbursements tested were different by one day between COD and the College’s records. Cause: The College reported the disbursement date to COD and the disbursements were not posted to student accounts until the next day. Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards. Repeat Finding: Yes. Prior year finding 2022-003 Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported timely. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College over paid federal direct loans. Questioned Costs: None Context: During our eligibility testing of 40 students, we noted one student had a subsidized loan over payment due to reaching their subsidized aggregate loan limit. Cause: When doing the award packaging for this student, the College did not adjust award amounts based on the student’s subsidized aggregate loan limit activity. Effect: The institution paid this student an amount of subsidized loans that was above the subsidized aggregate loan limit. Repeat Finding: No. Recommendation: We recommend that the College review their awarding procedures and implement procedures to ensure direct loans are paid within the aggregate limits. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: Per the 2022-2023 FSA Handbook Volume 4 Chapter 6, A school that participates in the Direct Loan Program is required to reconcile cash (funds it received from the G5 system to pay its students) with disbursements (actual disbursement records) it submitted to the Common Origination and Disbursement (COD) system monthly. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College did not perform monthly direct loan reconciliations and reconciliations were not reviewed by someone other than the preparer. Questioned Costs: None Context: During our testing, we noted that the College did not perform one of three reconciliations selected for testing, and the College could not provide support for review performed of the other two of the three reconciliations selected for testing. Cause: The College started but never finished or saved the missing direct loan reconciliation. In addition, the College did not set up procedures to include review of the reconciliation. Effect: The College is not in compliance with the requirement to perform monthly reconciliations and establishing and maintaining good internal controls. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure direct loan reconciliations are performed monthly and are reviewed by someone other than the preparer. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Education Stabilization Fund – Higher Educational Emergency Relief Fund Assistance Listing Number: 84.425E – COVID-19 - HEERF – Student Aid Portion 84.425F – COVID-19 - HEERF – Institutional Portion Federal Award Identification Number and Year: P425E202061 – 2021, P425F200625 – 2021 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The initial reporting for this grant requires the report to be submitted to the Institution’s website within 30 days of the signed Certification Agreement or 30 days after the electronic announcement dated May 6, whichever is later. Institutions were then required to update their websites every 45 days after initial upload. This was changed to quarterly on August 31, 2020. In addition, an annual report is required. In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: The College did not follow requirements for timely reporting for the Quarterly Student and Institutional program. Questioned Costs: None Context: During our testing of the reporting process, we noted one of four quarterly reports tested was not published within 10 days after the calendar quarter. Cause: The College did not follow procedures in place to ensure reports were published timely. Effect: The College was not in compliance with the U.S. Department of Education (ED) regulations for timely HEERF reporting. Repeat Finding: Yes. Prior year finding 2022-001 Recommendation: We recommend the College review their reporting procedures to ensure they encompass controls regarding timeliness of reporting. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Education Stabilization Fund – Higher Educational Emergency Relief Fund Assistance Listing Number: 84.425E – COVID-19 - HEERF – Student Aid Portion 84.425F – COVID-19 - HEERF – Institutional Portion Federal Award Identification Number and Year: P425E202061 – 2021, P425F200625 – 2021 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The initial reporting for this grant requires the report to be submitted to the Institution’s website within 30 days of the signed Certification Agreement or 30 days after the electronic announcement dated May 6, whichever is later. Institutions were then required to update their websites every 45 days after initial upload. This was changed to quarterly on August 31, 2020. In addition, an annual report is required. In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: The College did not follow requirements for timely reporting for the Quarterly Student and Institutional program. Questioned Costs: None Context: During our testing of the reporting process, we noted one of four quarterly reports tested was not published within 10 days after the calendar quarter. Cause: The College did not follow procedures in place to ensure reports were published timely. Effect: The College was not in compliance with the U.S. Department of Education (ED) regulations for timely HEERF reporting. Repeat Finding: Yes. Prior year finding 2022-001 Recommendation: We recommend the College review their reporting procedures to ensure they encompass controls regarding timeliness of reporting. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Student Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing of the submission of disbursement records to COD, we noted the disbursement dates on COD were different than the disbursement date per the College’s records. Questioned Costs: None Context: During our testing of the submission of disbursements records to COD, we noted the disbursement date for 7 of 29 direct loan disbursements tested were different by one day between COD and the College’s records. Cause: The College reported the disbursement date to COD and the disbursements were not posted to student accounts until the next day. Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards. Repeat Finding: Yes. Prior year finding 2022-003 Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported timely. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College over paid federal direct loans. Questioned Costs: None Context: During our eligibility testing of 40 students, we noted one student had a subsidized loan over payment due to reaching their subsidized aggregate loan limit. Cause: When doing the award packaging for this student, the College did not adjust award amounts based on the student’s subsidized aggregate loan limit activity. Effect: The institution paid this student an amount of subsidized loans that was above the subsidized aggregate loan limit. Repeat Finding: No. Recommendation: We recommend that the College review their awarding procedures and implement procedures to ensure direct loans are paid within the aggregate limits. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: During our testing, we noted the College did not update student status changes and enrollment effective dates correctly or timely. Questioned Costs: None Context: During our sample test of 19 students, we noted:  17 students’ enrollment status on NSLDS differed from the College’s records.  17 students’ status change was not reported timely.  16 students’ enrollment effective dates on NSLDS differed from the College’s records.  The enrollment was not certified at least every 60 days for 19 students. Cause: The College did not have proper procedures in place to verify that student and enrollment status changes in NSLDS matched the institutions records, nor were status changes updated in a timely manner. Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS. Repeat Finding: Yes. See prior year finding 2022-006 Recommendation: We recommend a process be put in place to ensure documentation is maintained and available, particularly when making software changes. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Material Weakness in Internal Control over Compliance; Compliance, Other Matter. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule. Questioned Costs: None Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule. Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing. Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place. Repeat Finding: No. Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity 84.268 – Federal Direct Loans 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work Study Program Federal Award Identification Number and Year: P063P210355 - 2023, P268K220355 - 2023, P007A213474 - 2023, P033A213474 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements. Condition: During our testing, we noted that the College did not post required third-party servicer information to the website, nor did they provide the URL for the contract or cost information to ED. Questioned Costs: None Context: During our testing of 8 out of 32 students who have an account with the College’s third-party servicer, we noted the College did not post the third-party servicer's contract to the website, nor did they provide the URL for the contract to ED. Additionally, the required cost information was not on the website, nor was it updated within 60 days after the end of the award year, nor was the URL for the cost information provided to ED. Cause: The College did not have procedures in place to ensure that all requirements were being met. Effect: The College did not meet disclosure requirements of a Tier One arrangement with a third-party servicer. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met. Views of responsible officials: There is no disagreement with the audit finding.

Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.268 – Federal Direct Loans Federal Award Identification Number and Year: P268K220355 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance; Compliance, Other Matter Criteria or specific requirement: Per the 2022-2023 FSA Handbook Volume 4 Chapter 6, A school that participates in the Direct Loan Program is required to reconcile cash (funds it received from the G5 system to pay its students) with disbursements (actual disbursement records) it submitted to the Common Origination and Disbursement (COD) system monthly. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The College did not perform monthly direct loan reconciliations and reconciliations were not reviewed by someone other than the preparer. Questioned Costs: None Context: During our testing, we noted that the College did not perform one of three reconciliations selected for testing, and the College could not provide support for review performed of the other two of the three reconciliations selected for testing. Cause: The College started but never finished or saved the missing direct loan reconciliation. In addition, the College did not set up procedures to include review of the reconciliation. Effect: The College is not in compliance with the requirement to perform monthly reconciliations and establishing and maintaining good internal controls. Repeat Finding: No. Recommendation: We recommend the College implement procedures to ensure direct loan reconciliations are performed monthly and are reviewed by someone other than the preparer. Views of responsible officials: There is no disagreement with the audit finding.