FAC Explorer

Audit 17880

FY End
2022-05-31
Total Expended
$45.72M
Findings
10
Programs
10
Organization: Faulkner University (AL)
Year: 2022 Accepted: 2022-10-31
Auditor: Jackson Thornton Certified Public Accountants

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
19878 2022-001 Significant Deficiency - N
19879 2022-001 Significant Deficiency - N
19880 2022-001 Significant Deficiency - N
19881 2022-001 Significant Deficiency - N
19882 2022-001 Significant Deficiency - N
596320 2022-001 Significant Deficiency - N
596321 2022-001 Significant Deficiency - N
596322 2022-001 Significant Deficiency - N
596323 2022-001 Significant Deficiency - N
596324 2022-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $30.28M Yes 1
84.063 Federal Pell Grant Program $4.62M Yes 1
84.425 Education Stabilization Fund $3.97M Yes 0
21.019 Coronavirus Relief Fund $1.92M - 0
84.007 Federal Supplemental Educational Opportunity Grants $337,619 Yes 1
84.033 Federal Work-Study Program $270,155 Yes 1
84.382 Strengthening Minority-Serving Institutions $165,236 - 0
84.038 Federal Perkins Loan Program $158,948 Yes 1
84.031 Higher Education_institutional Aid $78,893 - 0
10.558 Child and Adult Care Food Program $21,891 - 0

Contacts

Name Title Type
X4N7WEDBEKK4 Jamie Horn Auditee
3343867168 Marty Lee Auditor
No contacts on file

Notes to SEFA

Title: Loan/loan guarantee outstanding balances NOTE 2 Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Faulkner University (the University) under programs of the federal government for the year ended May 31, 2022. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the Schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does note present the financial position, changes in net assets, or cash flows of the University. De Minimis Rate Used: Y Rate Explanation: The University has elected to use the 10% de minimus indirect cost rate allowed under Uniform Guidance for the Education Stabilization Fund. The University administers a Federal Perkins Loan Program (CFDA No. 84.038) funded by the United States Department of Education. At May 31, 2022, the loans receivable balance for the program totaled $158,948. Total program disbursements under the program for the year ended May 31, 2022 were $0 for student loans.
Title: Federal Direct Student Loans NOTE 3 Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Faulkner University (the University) under programs of the federal government for the year ended May 31, 2022. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the Schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does note present the financial position, changes in net assets, or cash flows of the University. De Minimis Rate Used: Y Rate Explanation: The University has elected to use the 10% de minimus indirect cost rate allowed under Uniform Guidance for the Education Stabilization Fund. Students of the University received $30,275,509 in new Federal Direct Student Loans (CFDA NO. 84.268) during the year ended May 31, 2022. These loans were not made by the University.

Finding Details

Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.
Finding 2022-001
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.