FAC Explorer

Audit 15031

FY End
2023-06-30
Total Expended
$17.50M
Findings
16
Programs
17
Organization: College of Lake County (IL)
Year: 2023 Accepted: 2024-02-01
Auditor: Rsm US LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
11244 2023-002 Significant Deficiency - L
11245 2023-003 Significant Deficiency - B
11246 2023-002 Significant Deficiency - L
11247 2023-003 Significant Deficiency - B
11248 2023-004 Significant Deficiency - N
11249 2023-004 Significant Deficiency - N
11250 2023-004 Significant Deficiency - N
11251 2023-004 Significant Deficiency - N
587686 2023-002 Significant Deficiency - L
587687 2023-003 Significant Deficiency - B
587688 2023-002 Significant Deficiency - L
587689 2023-003 Significant Deficiency - B
587690 2023-004 Significant Deficiency - N
587691 2023-004 Significant Deficiency - N
587692 2023-004 Significant Deficiency - N
587693 2023-004 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $11.79M Yes 1
84.268 Federal Direct Student Loans $1.33M Yes 1
84.002 Adult Education - Basic Grants to States $700,114 - 0
84.048 Career and Technical Education -- Basic Grants to States $587,709 - 0
84.044 Trio_talent Search $414,415 - 0
59.037 Small Business Development Centers $301,267 - 0
93.575 Child Care and Development Block Grant $277,497 - 0
84.007 Federal Supplemental Educational Opportunity Grants $188,600 Yes 1
84.042 Trio_student Support Services $181,734 - 0
84.033 Federal Work-Study Program $172,882 Yes 1
47.076 Education and Human Resources $171,079 - 0
84.425 Education Stabilization Fund $109,923 Yes 0
84.335 Child Care Access Means Parents in School $96,341 - 0
17.268 H-1b Job Training Grants $84,462 - 0
21.027 Coronavirus State and Local Fiscal Recovery Funds $59,949 - 0
17.289 Community Project Funding/congressionally Directed Spending $33,927 - 0
84.015 National Resource Centers Program for Foreign Language and Area Studies Or Foreign Language and International Studies Program and Foreign Language and Area Studies Fellowship Program $300 - 0

Contacts

Name Title Type
UDPDU3NFNEP7 Kevin Appleton Auditee
8475432631 Kelly Kirkman Auditor
No contacts on file

Notes to SEFA

Title: Note 1 - Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10 percent de minimis indirect cost rate as allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of the College of Lake County, Community College District No. 532 (the College) under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position, or cash flows of the College.
Title: Note 3 - Indirect Cost Rate Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10 percent de minimis indirect cost rate as allowed under the Uniform Guidance. The College has elected to use the 10 percent de minimis indirect cost rate as allowed under the Uniform Guidance.
Title: Note 4 - Federal Student Loans Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10 percent de minimis indirect cost rate as allowed under the Uniform Guidance. During the fiscal year ended June 30, 2023, the College issued new loans to students under the Federal Direct Student Loan Program (FDLP) Assistance Listing Number 84.268. The loan program includes subsidized and unsubsidized Stafford Loans and Parent PLUS Loans for undergraduate students. The value of loans issued for the FDLP is based on disbursed amounts. The loan amounts issued during the year are disclosed on the Schedule. The College is responsible only for the performance of certain administrative duties with respect to the federally guaranteed student loan programs and, accordingly, balances and transactions relating to these loan programs are not included in the College’s basic financial statements. Therefore, it is not practicable to determine the balance of loans outstanding to students and former students of the College at June 30, 2023.

Finding Details

Finding 2023-002
Finding 2023-002 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Reporting Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition The College did not publicly post a certain required report timely. The following instance of noncompliance was identified: • HEERF Institutional Portion and MSI: The College posted a report to their website on October 23, 2023, for the period of April 1, 2023 – June 30, 2023, which was 110 days after the required deadline of July 10, 2023. Criteria There are three components to reporting for HEERF: (1) public reporting on the (a)(1) Student Aid Portion; (2) public reporting on the (a)(1) Institutional Portion, (a)(2), and (a)(3) subprograms, as applicable; and (3) the annual report. The institutional quarterly portion reporting requirements involve publicly posting completed forms on the College’s website. The forms must be conspicuously posted on the College’s primary website on the same page the reports of the College’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. A new, separate form must be posted covering aggregate amounts spent for HEERF I, HEERF II, and HEERF III funds each quarterly reporting period (September 30, December 31, March 31, June 30), concluding after an institution has expended and liquidated all (a)(1) Institutional Portion, (a)(2), and (a)(3) funds and checks the “final report” box. The College must post this quarterly report form no later than 10 days after the end of each calendar quarter (October 10, January 10, April 10, July 10). 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure the timely and accurate posting of reports. Questioned Costs There were no questioned costs with respect to this finding. Cause The College mistakenly overlooked the timely submission of the last quarterly report as this was the end of the grant period. Prevalence Infrequent. 4 quarterly reports and 1 annual report were required to be submitted in fiscal year 2023 relative to HEERF Institutional and MSI. 1 quarterly report was not published timely. Effect The untimely submission of reports is noncompliance with the requirements of the grant award and could result in loss of funding or other penalties. Recommendation We recommend the College implement monitor their internal controls to ensure reports are posted timely. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-003
Finding 2023-003 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Period of Performance Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition For 2 out of 17 (11.7%) expenditures tested, portions of the expenditures had service periods that extended beyond the grant’s period of performance and were charged to the grant for reimbursement. Criteria The period of performance for HEERF / MSI ended on June 30, 2023. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure that expenditures are recorded properly. Questioned Costs The questioned costs amount to $16,001. Cause The College did not have proper controls in place to ensure that expenditures with service periods that extended beyond the grant’s period of performance were not charged to the grant. Prevalence Infrequent. Two out seventeen invoices selected for testing. Effect Failure to properly account for expenditures is noncompliance with Federal regulation. Recommendation We recommend the College implement a review process to ensure all expenditures are properly recorded and prior to applying to the grants. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-002
Finding 2023-002 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Reporting Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition The College did not publicly post a certain required report timely. The following instance of noncompliance was identified: • HEERF Institutional Portion and MSI: The College posted a report to their website on October 23, 2023, for the period of April 1, 2023 – June 30, 2023, which was 110 days after the required deadline of July 10, 2023. Criteria There are three components to reporting for HEERF: (1) public reporting on the (a)(1) Student Aid Portion; (2) public reporting on the (a)(1) Institutional Portion, (a)(2), and (a)(3) subprograms, as applicable; and (3) the annual report. The institutional quarterly portion reporting requirements involve publicly posting completed forms on the College’s website. The forms must be conspicuously posted on the College’s primary website on the same page the reports of the College’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. A new, separate form must be posted covering aggregate amounts spent for HEERF I, HEERF II, and HEERF III funds each quarterly reporting period (September 30, December 31, March 31, June 30), concluding after an institution has expended and liquidated all (a)(1) Institutional Portion, (a)(2), and (a)(3) funds and checks the “final report” box. The College must post this quarterly report form no later than 10 days after the end of each calendar quarter (October 10, January 10, April 10, July 10). 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure the timely and accurate posting of reports. Questioned Costs There were no questioned costs with respect to this finding. Cause The College mistakenly overlooked the timely submission of the last quarterly report as this was the end of the grant period. Prevalence Infrequent. 4 quarterly reports and 1 annual report were required to be submitted in fiscal year 2023 relative to HEERF Institutional and MSI. 1 quarterly report was not published timely. Effect The untimely submission of reports is noncompliance with the requirements of the grant award and could result in loss of funding or other penalties. Recommendation We recommend the College implement monitor their internal controls to ensure reports are posted timely. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-003
Finding 2023-003 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Period of Performance Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition For 2 out of 17 (11.7%) expenditures tested, portions of the expenditures had service periods that extended beyond the grant’s period of performance and were charged to the grant for reimbursement. Criteria The period of performance for HEERF / MSI ended on June 30, 2023. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure that expenditures are recorded properly. Questioned Costs The questioned costs amount to $16,001. Cause The College did not have proper controls in place to ensure that expenditures with service periods that extended beyond the grant’s period of performance were not charged to the grant. Prevalence Infrequent. Two out seventeen invoices selected for testing. Effect Failure to properly account for expenditures is noncompliance with Federal regulation. Recommendation We recommend the College implement a review process to ensure all expenditures are properly recorded and prior to applying to the grants. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-002
Finding 2023-002 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Reporting Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition The College did not publicly post a certain required report timely. The following instance of noncompliance was identified: • HEERF Institutional Portion and MSI: The College posted a report to their website on October 23, 2023, for the period of April 1, 2023 – June 30, 2023, which was 110 days after the required deadline of July 10, 2023. Criteria There are three components to reporting for HEERF: (1) public reporting on the (a)(1) Student Aid Portion; (2) public reporting on the (a)(1) Institutional Portion, (a)(2), and (a)(3) subprograms, as applicable; and (3) the annual report. The institutional quarterly portion reporting requirements involve publicly posting completed forms on the College’s website. The forms must be conspicuously posted on the College’s primary website on the same page the reports of the College’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. A new, separate form must be posted covering aggregate amounts spent for HEERF I, HEERF II, and HEERF III funds each quarterly reporting period (September 30, December 31, March 31, June 30), concluding after an institution has expended and liquidated all (a)(1) Institutional Portion, (a)(2), and (a)(3) funds and checks the “final report” box. The College must post this quarterly report form no later than 10 days after the end of each calendar quarter (October 10, January 10, April 10, July 10). 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure the timely and accurate posting of reports. Questioned Costs There were no questioned costs with respect to this finding. Cause The College mistakenly overlooked the timely submission of the last quarterly report as this was the end of the grant period. Prevalence Infrequent. 4 quarterly reports and 1 annual report were required to be submitted in fiscal year 2023 relative to HEERF Institutional and MSI. 1 quarterly report was not published timely. Effect The untimely submission of reports is noncompliance with the requirements of the grant award and could result in loss of funding or other penalties. Recommendation We recommend the College implement monitor their internal controls to ensure reports are posted timely. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-003
Finding 2023-003 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Period of Performance Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition For 2 out of 17 (11.7%) expenditures tested, portions of the expenditures had service periods that extended beyond the grant’s period of performance and were charged to the grant for reimbursement. Criteria The period of performance for HEERF / MSI ended on June 30, 2023. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure that expenditures are recorded properly. Questioned Costs The questioned costs amount to $16,001. Cause The College did not have proper controls in place to ensure that expenditures with service periods that extended beyond the grant’s period of performance were not charged to the grant. Prevalence Infrequent. Two out seventeen invoices selected for testing. Effect Failure to properly account for expenditures is noncompliance with Federal regulation. Recommendation We recommend the College implement a review process to ensure all expenditures are properly recorded and prior to applying to the grants. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-002
Finding 2023-002 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Reporting Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition The College did not publicly post a certain required report timely. The following instance of noncompliance was identified: • HEERF Institutional Portion and MSI: The College posted a report to their website on October 23, 2023, for the period of April 1, 2023 – June 30, 2023, which was 110 days after the required deadline of July 10, 2023. Criteria There are three components to reporting for HEERF: (1) public reporting on the (a)(1) Student Aid Portion; (2) public reporting on the (a)(1) Institutional Portion, (a)(2), and (a)(3) subprograms, as applicable; and (3) the annual report. The institutional quarterly portion reporting requirements involve publicly posting completed forms on the College’s website. The forms must be conspicuously posted on the College’s primary website on the same page the reports of the College’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. A new, separate form must be posted covering aggregate amounts spent for HEERF I, HEERF II, and HEERF III funds each quarterly reporting period (September 30, December 31, March 31, June 30), concluding after an institution has expended and liquidated all (a)(1) Institutional Portion, (a)(2), and (a)(3) funds and checks the “final report” box. The College must post this quarterly report form no later than 10 days after the end of each calendar quarter (October 10, January 10, April 10, July 10). 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure the timely and accurate posting of reports. Questioned Costs There were no questioned costs with respect to this finding. Cause The College mistakenly overlooked the timely submission of the last quarterly report as this was the end of the grant period. Prevalence Infrequent. 4 quarterly reports and 1 annual report were required to be submitted in fiscal year 2023 relative to HEERF Institutional and MSI. 1 quarterly report was not published timely. Effect The untimely submission of reports is noncompliance with the requirements of the grant award and could result in loss of funding or other penalties. Recommendation We recommend the College implement monitor their internal controls to ensure reports are posted timely. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-003
Finding 2023-003 – COVID-19 Education Stabilization Fund: Higher Education Emergency Relief Fund Period of Performance Repeat Finding: No Federal Program Title – U.S. Department of Education Pass-Through Entity: Illinois Community College Board COVID-19 Education Stabilization Fund Higher Education Emergency Relief Fund (HEERF) COVID-19: HEERF Institutional Portion: 84.425F COVID-19: HEERF Minority Serving Institutions (MSI): 84.425L Federal Award Year 2022-2023 Condition For 2 out of 17 (11.7%) expenditures tested, portions of the expenditures had service periods that extended beyond the grant’s period of performance and were charged to the grant for reimbursement. Criteria The period of performance for HEERF / MSI ended on June 30, 2023. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure that expenditures are recorded properly. Questioned Costs The questioned costs amount to $16,001. Cause The College did not have proper controls in place to ensure that expenditures with service periods that extended beyond the grant’s period of performance were not charged to the grant. Prevalence Infrequent. Two out seventeen invoices selected for testing. Effect Failure to properly account for expenditures is noncompliance with Federal regulation. Recommendation We recommend the College implement a review process to ensure all expenditures are properly recorded and prior to applying to the grants. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.
Finding 2023-004
Finding 2023-004 – Gramm-Leach Bliley Act—Student Information Security Repeat Finding: No Federal Program Title – U.S. Department of Education Student Financial Assistance Cluster Federal Direct Student Loans: 84.268 Federal Pell Grant Program: 84.063 Federal Work-Study Program: 84.033 Federal Supplemental Educational Opportunity Grants: 84.007 Federal Award Year 2022-2023 Condition While the College does have a program that addresses information security, the College did not have a readily accessible program document to address the required safeguards for the nine required elements under the implementing regulations of the Gramm-Leach Bliley Act (GLBA) known as the “Safeguards Rule” by June 9, 2023. Criteria In accordance with 16 CFR 314.4(c), an institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). This includes the following: (1) implement and periodically review access controls, (2) conduct a periodic inventory of data, noting where it’s collected, stored or transmitted, (3) encrypt customer information on the institution’s system and when it’s in transit, (4) assess apps developed by the institution, (5) implement multi-factor authentication for anyone accessing customer information on the institution’s system, (6) dispose of customer information securely, (7) anticipate and evaluate changes to the information system or network, and (8) maintain a log of authorized users’ activity and keep an eye out for unauthorized users. 2 CFR Section 200.303 requires entities receiving Federal awards establish and maintain internal controls deigned to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures in place to ensure that reviews are being completed over information security policies and that they are in compliance with GLBA requirements. Questioned Costs There were no questioned costs. Cause Due to conflicting priorities, the College’s Information Security Program was not fully documented by June 9, 2023. The formal document is under development with an expected completion date by June 30, 2024. Prevalence Frequent. The required elements were not combined into a single program document that is available upon request by appropriate entities. Effect While substantive work has been completed through the College’s Information Security program in implementing the nine elements of the GLBA Safeguards Rule and eight standards identified above, failure to have a formal program document outlining all of the standards of GLBA, results in the failure to meet the requirements outlined in the Act and is deemed as noncompliance. Recommendation We recommend that the College create a formal Information Security Program document outlining the standards that are in place to address the GLBA requirements. Additionally, we recommend the College place the document in a readily accessible location for distribution to appropriate entities by approved individuals. Views of responsible officials We agree with this finding. See corrective action plan.