Federal programs: Federal Pell Grant Program; Federal Direct Loan Program ALN Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of Title IV aid and the corresponding program participation agreement requirements, we observed the following deficiencies: 1. Consumer Information Requirements ? The Institution is failing to provide their students and prospective students with specific consumer information so that students can make informed decisions regarding their own educational goals, costs, and other requirements. Specifically, the current University?s Catalog containing the general disclosures for enrolled or prospective students has not been updated since the academic years 2014-2016. The Institution revised the Catalog, and an updated version was submitted to the Institution?s Board of Directors for their review and approval. The new school Catalog covering the academic years 2022 to 2024 was approved by the Board of Trustees on December 17, 2022, and published on December 22, 2022. As a result of this matter, the catalog made available to the students during the academic year 2022 did not include actual academic programs offered for all prospective students. It must be provided on an individual basis through an appropriate mailing or publication, including direct mailing through the U.S. Postal Service, campus mail, or electronic mail. Posting on an Internet or intranet website does not constitute a notice. This is a repeated finding. 2. Drug and Alcohol Abuse Prevention Program ? For the academic year 2022, the Institution did not design and implemented a policy of Drug and Alcohol Abuse Prevention Program as required by 34 CFR 86. This policy must be distributed in writing to each student and to each employee of the institution annually. Students who enroll or employees who are hired after the annual distribution must also receive the information. In addition, the Institution must make available, upon request, to the U.S. Department of Education and to the public, the information distributed to students and employees and the results of a biennial review of the school?s program. On March 27, 2023, the policy was approved by the Board of Trustees and was distributed to the students on April 4, 2023. This is a repeated finding. Criteria 34 CFR 668.41(c) and (d) establish that an institution must distribute annually to all enrolled students a notice of the availability of the information required to be disclosed pursuant to paragraphs (d), (e), and (g) of this section. Also, 34 CFR 99.7 sets forth the notification requirements of the Family Educational Rights and Privacy Act of 1974. The notice must list and briefly describe the information and tell the student how to obtain the information. An institution that discloses information to enrolled students as required under paragraphs (d), (e), (g), or (h) of this section by posting the information on an Internet website or an Intranet website must include in the notice described in paragraph (c)(1) of this section - (i) The exact electronic address at which the information is posted; and (ii) A statement that the institution will provide a paper copy of the information on request. An institution must make available to any enrolled student or prospective student through appropriate publications, mailings or electronic media, information concerning - (1) Financial assistance available to students enrolled in the institution (pursuant to ?668.42); (2) The institution (pursuant to ?668.43). 34 CFR 668.42 (a), (b), and (c) establish that: (1) Information on financial assistance that the institution must publish and make readily available to current and prospective students under this subpart includes, but is not limited to, a description of all the Federal, State, local, private and institutional student financial assistance programs available to students who enroll at that institution; (2) These programs include both need-based and non-need-based programs; (3) The institution may describe its own financial assistance programs by listing them in general categories; (4) The institution must describe the terms and conditions of the loans students receive under the Federal Family Education Loan Program, the William D. Ford Federal Direct Student Loan Program, and the Federal Perkins Loan Program. For each program referred to in paragraph (a) of this section, the information provided by the institution must describe: (1) The procedures and forms by which students apply for assistance; (2) The student eligibility requirements; (3) The criteria for selecting recipients from the group of eligible applicants; and (4) The criteria for determining the amount of a student?s award. The institution must describe the rights and responsibilities of students receiving financial assistance and, specifically, assistance under the title IV, HEA programs. This description must include specific information regarding: (1) Criteria for continued student eligibility under each program; (2)(i) Standards which the student must maintain in order to be considered to be making satisfactory progress in his or her course of study for the purpose of receiving financial assistance; and (ii) Criteria by which the student who has failed to maintain satisfactory progress may re-establish his or her eligibility for financial assistance; (3) The method by which financial assistance disbursements will be made to the students and the frequency of those disbursements; (4) The terms of any loan received by a student as part of the student?s financial assistance package, a sample loan repayment schedule for sample loans and the necessity for repaying loans; (5) The general conditions and terms applicable to any employment provided to a student as part of the student?s financial assistance package; and (6) The exit counseling information the institution provides and collects as required by 34 CFR 674.42 for borrowers under the Federal Perkins Loan Program, by 34 CFR 685.304 for borrowers under the William D. Ford Federal Direct Student Loan Program, and by 34 CFR 682.604 for borrowers under the Federal Stafford Loan Program. 34 CFR 668.43 (a) (5) establishes that Institutional information that the institution must make readily available to enrolled and prospective students under this subpart includes, but is not limited to: The academic program of the institution, including - (i) The current degree programs and other educational and training programs; (ii) The instructional, laboratory, and other physical facilities which relate to the academic program; (iii) The institution?s faculty and other instructional personnel; (iv) Any plans by the institution for improving the academic program of the institution, upon a determination by the institution that such a plan exists; and (v) If an educational program is designed to meet educational requirements for a specific professional license or certification that is required for employment in an occupation, or is advertised as meeting such requirements, information regarding whether completion of that program would be sufficient to meet licensure requirements in a State for that occupation, including a list of all States for which the institution has determined that its curriculum meets the State educational requirements for licensure or certification. 34 CFR 86.3 (a) establishes that an IHE shall adopt and implement a drug prevention program as described in ?86.100 to prevent the unlawful possession, use, or distribution of illicit drugs and alcohol by all students and employees on school premises or as part of any of its activities. 34 CFR 86.100 (a) (1) to (5) establish that the IHE?s drug prevention program must, at a minimum, include the following: (a) The annual distribution in writing to each employee, and to each student who is taking one or more classes for any type of academic credit except for continuing education units, regardless of the length of the student?s program of study, of: Standards of conduct that clearly prohibit, at a minimum, the unlawful possession, use, or distribution of illicit drugs and alcohol by students and employees on its property or as part of any of its activities; A description of the applicable legal sanctions under local, State, or Federal law for the unlawful possession or distribution of illicit drugs and alcohol; A description of the health risks associated with the use of illicit drugs and the abuse of alcohol; A description of any drug or alcohol counseling, treatment, or rehabilitation or re-entry programs that are available to employees or students; and A clear statement that the IHE will impose disciplinary sanctions on students and employees (consistent with local, State, and Federal law), and a description of those sanctions, up to and including expulsion or termination of employment and referral for prosecution, for violations of the standards of conduct required by paragraph (a)(1) of this section. For the purpose of this section, a disciplinary sanction may include the completion of an appropriate rehabilitation program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause Lack of an action plan identifying the Institution?s pending tasks classified by risk and priorities. The Institution has not established procedures for the evaluation of policies and procedures that should be evaluated and approved by the Board of Directors in a timely manner. Effect Noncompliance with the above-mentioned requirements could lead to administrative sanctions or civil fines by the grantor, for each violation. It could also be interpreted as a failure to achieve the programs? objectives. Also, it could lead to limiting, suspending, or terminating the participation of any school that fails to comply with the consumer information requirements. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-001. Recommendations We recommend the Institution to review and update its policies and procedures in a timely manner to assure that they accurately represent the vision and goals for the current operations. As organizations change, the policies and procedures must be adapted to meet the new changes. Also, the Institution shall establish a work plan for the matters that the Board of Directors need to review and approve and maintain a calendar to track the frequency that the Institution?s documents, policies, and procedures need to be reviewed by the Board of Directors. The Board of Directors should appoint a Compliance Committee that shall be responsible for the evaluation and tracking of the frequency that the policies and procedures need to be reviewed to ascertain that the Institution is in compliance with federal, state, and accreditation entities. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Material Weakness Compliance requirement: Special tests and provisions ? Return of Title IV Funds Condition and context In testing compliance with the return of Title IV requirement applicable after a student begins attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $5,547 in SFA funds from a population of ten (10) students who withdrew, dropped out, or failed to attend to the Institution, who received $12,918 in Title IV (SFA) funds. Our sample was a statistically valid sample. We noted in two (2) cases of our sample (50%) that the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. Also, in testing compliance with the return of Title IV requirement applicable for a student who does not begin attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $4,557 in SFA funds from a population of nine (9) students who received $28,024 in Title IV (SFA) funds. We reviewed their academic and enrollment records (including class attendance records) to ascertain whether the students sufficiently completed the payment or enrollment period to earn the Title IV funds received. The sample was a statistically valid sample. We noted the following deficiencies: a. In one case of the four students selected (25%) we noted that the Institution failed to perform an administrative withdrawal because the student stopped attending the enrolled courses. During the term the student was granted an incomplete grade before attending 60% of the payment period, the student failed to comply with the incomplete course requirements. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $439. b. In one case (25%) the Institution failed to perform an administrative withdrawal for a student that stopped attending the enrolled courses. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $581. c. For the two cases (50%) mentioned in items a and b, the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. d. For the two cases (50%) mentioned in items a and b, the Institution failed to return Title IV funds within the 45 days? timeframe. Criteria The Volume 5 - Withdrawals and the Return of Title IV Funds 2021?2022 of the Financial Student Aid Handbook establishes in page 5-72 that if a student who began attendance and has not officially withdrawn fails to earn a passing grade in at least one course offered over an entire period, the institution must assume, for Title IV purposes, that the student has unofficially withdrawn, unless the institution can document that the student completed the period. Keep in mind that a grade of ?incomplete? is not considered a passing grade or successful completion. Dear Colleague Letter GEN-04-03 (Revised November 2004) ? states in item 2 that an institution may have a grading policy as follows: F (Failing) Awarded to students who complete the course but fail to achieve the course objectives. U (Unauthorized Incomplete) Awarded to students who did not officially withdraw from the course, but who failed to participate in course activities through the end of the period. It is used when, in the opinion of the instructor, completed assignments or course activities or both were insufficient to make normal evaluation of academic performance possible. A student who did not officially withdraw and did not receive either a passing grade or an `F? in at least one course must be considered to have unofficially withdrawn. Important: Compliance audits and program reviews may examine whether a school accurately assigns failing grades to students if the school uses its grading policy to determine whether a student with failing grades has unofficially withdrawn. 34 CFR 668.22 ?Treatment of title IV funds when a student withdraws?, section (a) General, (1) states that when a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student?s withdrawal date in accordance with paragraph (e) of this section. Also, in (b) ?Withdrawal date for a student who withdraws from an institution that is required to take attendance?, section (1) states that for purposes of this section, for a student who ceases attendance at an institution that is required to take attendance, including a student who does not return from an approved leave of absence, as defined in paragraph (d) of this section, or a student who takes a leave of absence that does not meet the requirements of paragraph (d) of this section, the student?s withdrawal date is the last date of academic attendance as determined by the institution from its attendance records and section (2) states that an institution must document a student?s withdrawal date determined in accordance with paragraph (b)(1) of this section and maintain the documentation as of the date of the institution?s determination that the student withdrew. 34 CFR 668.22 (j), ?Timeframe for the return of title IV funds?, establishes that: (1) An institution must return the amount of title IV funds for which it is responsible as soon as possible but no later than 45 days after the date of the institution?s determination that the student withdrew. The timeframe for returning funds is further described in ? 668.173(b); (2) For an institution that is not required to take attendance, an institution must determine the withdrawal date for a student who withdraws without providing notification to the institution no later than 30 days after the end of the earlier of the - (i) Payment period or period of enrollment, as appropriate. 34 CFR 668.173 (b), ?Timely return of title IV, HEA program funds?, establishes that in accordance with procedures established by the secretary, an institution returns unearned title IV, HEA program funds timely if - (1) the institution deposits or transfers the funds into the bank account it maintains under ? 668.163 no later than 45 days after the date it determines that the student withdrew. Dear Colleague Letter GEN-04-03 (Revised November 2004) - Subject: Return of Title IV Aid states that Institutions are expected to have procedures to determine when a student's absence is a withdrawal. Institutions that are required to take attendance are expected to have a procedure in place for routinely monitoring attendance records to determine in a timely manner when a student withdraws. Except in unusual instances, at an institution that is required to take attendance, they would expect that the date of the institution's determination that the student withdrew would be no later than 14 days after the student's withdrawal date - the last date of academic attendance as determined by the institution from its attendance records (34 CFR 668.22(b)(1)). Cause The Institution?s internal controls for tracking and calculating the return of title IV funds of the students who withdrew, drop out or stopped attending the Institution failed to identify and process these cases as required and on a timely basis. Effect The failure to correct these deficiencies which have been cited in prior audits may result in the Institution being referred to the Department?s Administrative Actions and Appeals Service Group (AAASG) for possible adverse action. Such action may include a fine, or the limitation, suspension, or termination of the eligibility of the Institution. Such action may also include the revocation of the institution?s program participation agreement (if provisional), or, if the Institution has an application pending for renewal of its certification, denial of that application. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-003. Recommendations We recommend the Institution to improve its procedures to ascertain that the return of Title IV funds requirements is properly followed and unearned funds are properly calculated and returned timely to the USDE. Also, the Institution should consider creating a position of compliance officer. Educational institutions must meet and observe a wide variety of guidelines and regulations set by both government agencies and nongovernmental associations to receive financial support and maintain accreditation. A school's compliance officer spreads awareness of policies, coordinates programs to promote the observation of guidelines and reports to a top-level administrator. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Enrollment reporting Condition and context During our enrollment reporting test, for a statistically valid sample of nine (9) students from a population of fifty-one (51) records that had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted the following deficiencies: a.) In one (1) case (11%) the information of enrollment reporting was not available for examination. The student withdrew and received Pell grant funds for the enrolled term. b.) In six (6) cases (67%), we noted that the Institution failed to report the enrollment status before the thirty (30) days deadline for NSLDS web reporting. The reporting was made between five (5) to nineteen (19) days after the required deadline. From this sample, three (3) students received Direct Loan for the 2021-22 award year. Additionally, the enrollment reporting requirement applicable to institutions under the Pell Grant and ED loan programs requires that institutions complete and return within 15 days the Enrollment Reporting roster file (formerly the Student Status Confirmation Report (SSCR) placed in their Student Aid Internet Gateway (SAIG) mailboxes sent by ED via NSLDS. Regarding this, during our evaluation of compliance with the Roster File return requirement, we requested the NSLDS SCHER1 report. We noted one (1) instance where the roster was updated after the fifteen (15) days deadline (35 days) from which the Institution received a late letter on November 26, 2021. Criteria Dear College Letter (DCL) GEN-14-07, Subject: Changes to NSLDS Enrollment Reporting: Program - Level Reporting and More Frequent Reporting, states that, under the authority of these regulations, beginning July 1, 2014, we will request enrollment information from schools every 60 days and schools will be required to respond to those requests within 15 days of the date that we send the electronic enrollment reporting roster to the school or to its designated third-party servicer. Also, the section of the letter titled Program-Level Enrollment Reporting Required, states that if the student is or was enrolled in more than one program, the student?s enrollment information must be reported for each of the programs. The NSLDS enrollment reporting rosters include recipients of all Title IV loans and Federal Pell Grants. Including Pell Grant recipients will allow the Department to meet the Congressional reporting requirements noted earlier. Note that a student will only be included on the roster once, regardless of the number of different Title IV programs from which the student received funding. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. Cause The Institution?s internal controls for tracking and reporting the enrollment changes failed to identify the enrollment status changes performed manually by the Registrar?s office personnel. Effect A student?s enrollment status determines eligibility for in-school status, deferment, and grace periods, as well as for the payment of interest subsidies to FFEL Program loan holders by ED. Enrollment reporting in a timely and accurate manner is critical for effective management of the programs. Failure to report will likely result in the school being out of compliance with the regulatory requirements and possibly subject to sanctions. Also, failing to report completions at all may cause borrowers to lose interest subsidy when they should not. And, because such determinations are based on the student?s enrollment (and completion) at the program level, it is critically important that schools correctly and promptly report a student?s completion at the program level. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-004. Recommendations We recommend the Institution to determine what parts of the manual processes for this requirement can be monitored electronically or using tools available in the USDE website with the assistance of the IT consultant to help the Institution to comply with the deadline of the roster reporting. Also, we recommend reinforcing the controls to report the enrollment status changes of the participant students of the Pell and Direct Loan programs. In addition, a compliance officer may assist in the reporting process. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Gramm-Leach Bliley Act- Student Information Security Condition and context During the examination of the Institution?s compliance with requirements of the Gramm-Leach-Bliley Act (Public Law 106-102) we noted that the Institution is in the process of implementation of the required safeguards related to the results of the risk assessment performed. After performing our procedures, we noted the following deficiencies: a. The Institution designated an external consultant as the coordinator of the Information Security Program. The Information Security Program Coordinator?s functions were not specified in a formal written contract; therefore, the consultant does not have a detail of the functions and responsibilities of his designation. b. The documentation of the safeguards performed by the Institution indicates that they are still in the process of implementation of the safeguards, policies and procedures required as result of the risk assessment. We reviewed the Institution?s written information security program to ascertain that it complies with the nine elements included in the FTC (Federal Trade Commission) regulations. We noted that the Institution?s still needs to comply with the following elements: i. Element #3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 C.F.R. 314.4(c)(1) through (8). This element is still in process. ii. Element #4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. 314.4(d)). This element is still in process. iii. Element #5: Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 C.F.R. 314.4(e)). This element is still in process. We selected a sample of policies and procedures that were completed during the year and noted that four of the policies did not include a signature as evidence of approval and did not have an effective date. Also, the twelve written policies and procedures were evaluated and approved by the Board of Directors. iv. Element #6: Addresses how the institution or servicer will oversee its information system service providers (16 C.F.R. 314.4(f)). This element is still in process. v. Element #7: Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact on the information security program (16 C.F.R. 314.4(g)). The coordinator provided documents showing the results of all the tests carried out. Some of the actions necessary to correct the deficiencies found are still in progress. Criteria The Dear Colleague Letter GEN-15-18, published on July 29, 2015, by the USDE and titled ?Protecting Student Information? reminds institutions of higher education and their third-party servicers of their continuing obligations to protect data used in all aspects of the administration of the Title IV Federal student financial aid programs. The Student Aid Internet Gateway (SAIG) Enrollment Agreement entered into by each Title IV participating institution includes a provision that the institution ?must ensure that all Federal Student Aid applicant information is protected from access by or disclosure to unauthorized personnel.? Institutions are reminded that under various Federal and state laws and other authorities, including the HEA; the Family Educational Rights and Privacy Act (FERPA); the Privacy Act of 1974, as amended; the Gramm-Leach-Bliley Act; state data breach and privacy laws; and potentially other laws, they may be responsible for losses, fines, and penalties (including criminal penalties) caused by data breaches. 16 CFR 314.3 (a) and (b) establish that institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in 16 CFR 314.4 and shall be reasonably designed to achieve the objectives of this part. The objectives are to: (1) Insure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. 16 CFR 314.4 (a) requires to designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, ?Qualified Individual?). The Qualified Individual may be employed by you, an affiliate, or a service provider. To the extent the requirement in this paragraph (a) is met using a service provider or an affiliate, you shall: (1) retain responsibility for compliance with this part; (2) designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual; and (3) require the service provider or affiliate to maintain an information security program that protects you in accordance with the requirements of this part. 16 CFR 314.4 (b) (2) establishes that you shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks. 16 CFR 314.4 (d) (1) and (2) require to regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. For information systems, the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments. Absent effective continuous monitoring or other systems to detect, on an ongoing basis, changes in information systems that may create vulnerabilities, you shall conduct: (i) annual penetration testing of your information systems determined each given year based on relevant identified risks in accordance with the risk assessment; and (ii) vulnerability assessments, including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment, at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (f) requires to oversee service providers, by: (1) taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; (2) requiring your service providers by contract to implement and maintain such safeguards; and (3) periodically assessing your service providers based on the risk they present and the continued adequacy of their safeguards. 16 CFR 314.4 (g) requires to evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (d) of this section; any material changes to your operations or business arrangements; the results of risk assessments performed under paragraph (b)(2) of this section; or any other circumstances that you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (i) requires your Qualified Individual to report in writing, regularly and at least annually, to your board of directors or equivalent governing body. If no such board of directors or equivalent governing body exists, such report shall be timely presented to a senior officer responsible for your information security program. The report shall include the following information: (1) the overall status of the information security program and your compliance with this part; and (2) material matters related to the information security program, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management's responses thereto, and recommendations for changes in the information security program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution established a plan with due dates to complete all the tasks needed to comply with this requirement during the fourth quarter of the academic year end of July 31, 2022. The estimated date to complete the plan is by the summer of 2023. Effect When an audit report includes a GLBA audit finding, the Department will refer the audit to the FTC (Federal Trade Commission). The FTC will determine what action may be needed because of the GLBA audit finding. Federal Student Aid?s Postsecondary Institution Cybersecurity Team (Cybersecurity Team) will be informed of findings related to GLBA and may request additional documentation from the institution in order to assess the level of risk to student data presented by the institution or servicer?s information security system. If the Cybersecurity Team determines that the institution or servicer poses substantial risk to the security of student information, the Cybersecurity Team may temporarily or permanently disable the institution or servicer?s access to the Department?s information systems. Additionally, if the Cybersecurity Team determines that as a result of very serious internal control weaknesses of the general controls over technology that the Institution or servicer?s administrative capability is impaired or it has a history of non-compliance, it may refer the institution to the Department?s Administrative Actions and Appeals Service Group for consideration of a fine or other appropriate administrative action by the Department. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-005. Recommendations We recommend the Institution?s management and Board of Directors to subscribe a contract with the Information Security Program Coordinator and lay down the specific responsibilities that are expected from him related to the GLBA requirements. Also, the Institution?s governance should request periodic reports of the progress of the Institution action plan to comply with this requirement. In addition, they should require from a Qualified Individual a report in writing, regularly and at least annually. The Institution?s management should monitor the progress of the action and document properly any delay in the estimated time to complete the pending tasks. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program ALN Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of Title IV aid and the corresponding program participation agreement requirements, we observed the following deficiencies: 1. Consumer Information Requirements ? The Institution is failing to provide their students and prospective students with specific consumer information so that students can make informed decisions regarding their own educational goals, costs, and other requirements. Specifically, the current University?s Catalog containing the general disclosures for enrolled or prospective students has not been updated since the academic years 2014-2016. The Institution revised the Catalog, and an updated version was submitted to the Institution?s Board of Directors for their review and approval. The new school Catalog covering the academic years 2022 to 2024 was approved by the Board of Trustees on December 17, 2022, and published on December 22, 2022. As a result of this matter, the catalog made available to the students during the academic year 2022 did not include actual academic programs offered for all prospective students. It must be provided on an individual basis through an appropriate mailing or publication, including direct mailing through the U.S. Postal Service, campus mail, or electronic mail. Posting on an Internet or intranet website does not constitute a notice. This is a repeated finding. 2. Drug and Alcohol Abuse Prevention Program ? For the academic year 2022, the Institution did not design and implemented a policy of Drug and Alcohol Abuse Prevention Program as required by 34 CFR 86. This policy must be distributed in writing to each student and to each employee of the institution annually. Students who enroll or employees who are hired after the annual distribution must also receive the information. In addition, the Institution must make available, upon request, to the U.S. Department of Education and to the public, the information distributed to students and employees and the results of a biennial review of the school?s program. On March 27, 2023, the policy was approved by the Board of Trustees and was distributed to the students on April 4, 2023. This is a repeated finding. Criteria 34 CFR 668.41(c) and (d) establish that an institution must distribute annually to all enrolled students a notice of the availability of the information required to be disclosed pursuant to paragraphs (d), (e), and (g) of this section. Also, 34 CFR 99.7 sets forth the notification requirements of the Family Educational Rights and Privacy Act of 1974. The notice must list and briefly describe the information and tell the student how to obtain the information. An institution that discloses information to enrolled students as required under paragraphs (d), (e), (g), or (h) of this section by posting the information on an Internet website or an Intranet website must include in the notice described in paragraph (c)(1) of this section - (i) The exact electronic address at which the information is posted; and (ii) A statement that the institution will provide a paper copy of the information on request. An institution must make available to any enrolled student or prospective student through appropriate publications, mailings or electronic media, information concerning - (1) Financial assistance available to students enrolled in the institution (pursuant to ?668.42); (2) The institution (pursuant to ?668.43). 34 CFR 668.42 (a), (b), and (c) establish that: (1) Information on financial assistance that the institution must publish and make readily available to current and prospective students under this subpart includes, but is not limited to, a description of all the Federal, State, local, private and institutional student financial assistance programs available to students who enroll at that institution; (2) These programs include both need-based and non-need-based programs; (3) The institution may describe its own financial assistance programs by listing them in general categories; (4) The institution must describe the terms and conditions of the loans students receive under the Federal Family Education Loan Program, the William D. Ford Federal Direct Student Loan Program, and the Federal Perkins Loan Program. For each program referred to in paragraph (a) of this section, the information provided by the institution must describe: (1) The procedures and forms by which students apply for assistance; (2) The student eligibility requirements; (3) The criteria for selecting recipients from the group of eligible applicants; and (4) The criteria for determining the amount of a student?s award. The institution must describe the rights and responsibilities of students receiving financial assistance and, specifically, assistance under the title IV, HEA programs. This description must include specific information regarding: (1) Criteria for continued student eligibility under each program; (2)(i) Standards which the student must maintain in order to be considered to be making satisfactory progress in his or her course of study for the purpose of receiving financial assistance; and (ii) Criteria by which the student who has failed to maintain satisfactory progress may re-establish his or her eligibility for financial assistance; (3) The method by which financial assistance disbursements will be made to the students and the frequency of those disbursements; (4) The terms of any loan received by a student as part of the student?s financial assistance package, a sample loan repayment schedule for sample loans and the necessity for repaying loans; (5) The general conditions and terms applicable to any employment provided to a student as part of the student?s financial assistance package; and (6) The exit counseling information the institution provides and collects as required by 34 CFR 674.42 for borrowers under the Federal Perkins Loan Program, by 34 CFR 685.304 for borrowers under the William D. Ford Federal Direct Student Loan Program, and by 34 CFR 682.604 for borrowers under the Federal Stafford Loan Program. 34 CFR 668.43 (a) (5) establishes that Institutional information that the institution must make readily available to enrolled and prospective students under this subpart includes, but is not limited to: The academic program of the institution, including - (i) The current degree programs and other educational and training programs; (ii) The instructional, laboratory, and other physical facilities which relate to the academic program; (iii) The institution?s faculty and other instructional personnel; (iv) Any plans by the institution for improving the academic program of the institution, upon a determination by the institution that such a plan exists; and (v) If an educational program is designed to meet educational requirements for a specific professional license or certification that is required for employment in an occupation, or is advertised as meeting such requirements, information regarding whether completion of that program would be sufficient to meet licensure requirements in a State for that occupation, including a list of all States for which the institution has determined that its curriculum meets the State educational requirements for licensure or certification. 34 CFR 86.3 (a) establishes that an IHE shall adopt and implement a drug prevention program as described in ?86.100 to prevent the unlawful possession, use, or distribution of illicit drugs and alcohol by all students and employees on school premises or as part of any of its activities. 34 CFR 86.100 (a) (1) to (5) establish that the IHE?s drug prevention program must, at a minimum, include the following: (a) The annual distribution in writing to each employee, and to each student who is taking one or more classes for any type of academic credit except for continuing education units, regardless of the length of the student?s program of study, of: Standards of conduct that clearly prohibit, at a minimum, the unlawful possession, use, or distribution of illicit drugs and alcohol by students and employees on its property or as part of any of its activities; A description of the applicable legal sanctions under local, State, or Federal law for the unlawful possession or distribution of illicit drugs and alcohol; A description of the health risks associated with the use of illicit drugs and the abuse of alcohol; A description of any drug or alcohol counseling, treatment, or rehabilitation or re-entry programs that are available to employees or students; and A clear statement that the IHE will impose disciplinary sanctions on students and employees (consistent with local, State, and Federal law), and a description of those sanctions, up to and including expulsion or termination of employment and referral for prosecution, for violations of the standards of conduct required by paragraph (a)(1) of this section. For the purpose of this section, a disciplinary sanction may include the completion of an appropriate rehabilitation program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause Lack of an action plan identifying the Institution?s pending tasks classified by risk and priorities. The Institution has not established procedures for the evaluation of policies and procedures that should be evaluated and approved by the Board of Directors in a timely manner. Effect Noncompliance with the above-mentioned requirements could lead to administrative sanctions or civil fines by the grantor, for each violation. It could also be interpreted as a failure to achieve the programs? objectives. Also, it could lead to limiting, suspending, or terminating the participation of any school that fails to comply with the consumer information requirements. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-001. Recommendations We recommend the Institution to review and update its policies and procedures in a timely manner to assure that they accurately represent the vision and goals for the current operations. As organizations change, the policies and procedures must be adapted to meet the new changes. Also, the Institution shall establish a work plan for the matters that the Board of Directors need to review and approve and maintain a calendar to track the frequency that the Institution?s documents, policies, and procedures need to be reviewed by the Board of Directors. The Board of Directors should appoint a Compliance Committee that shall be responsible for the evaluation and tracking of the frequency that the policies and procedures need to be reviewed to ascertain that the Institution is in compliance with federal, state, and accreditation entities. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Material Weakness Compliance requirement: Special tests and provisions ? Return of Title IV Funds Condition and context In testing compliance with the return of Title IV requirement applicable after a student begins attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $5,547 in SFA funds from a population of ten (10) students who withdrew, dropped out, or failed to attend to the Institution, who received $12,918 in Title IV (SFA) funds. Our sample was a statistically valid sample. We noted in two (2) cases of our sample (50%) that the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. Also, in testing compliance with the return of Title IV requirement applicable for a student who does not begin attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $4,557 in SFA funds from a population of nine (9) students who received $28,024 in Title IV (SFA) funds. We reviewed their academic and enrollment records (including class attendance records) to ascertain whether the students sufficiently completed the payment or enrollment period to earn the Title IV funds received. The sample was a statistically valid sample. We noted the following deficiencies: a. In one case of the four students selected (25%) we noted that the Institution failed to perform an administrative withdrawal because the student stopped attending the enrolled courses. During the term the student was granted an incomplete grade before attending 60% of the payment period, the student failed to comply with the incomplete course requirements. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $439. b. In one case (25%) the Institution failed to perform an administrative withdrawal for a student that stopped attending the enrolled courses. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $581. c. For the two cases (50%) mentioned in items a and b, the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. d. For the two cases (50%) mentioned in items a and b, the Institution failed to return Title IV funds within the 45 days? timeframe. Criteria The Volume 5 - Withdrawals and the Return of Title IV Funds 2021?2022 of the Financial Student Aid Handbook establishes in page 5-72 that if a student who began attendance and has not officially withdrawn fails to earn a passing grade in at least one course offered over an entire period, the institution must assume, for Title IV purposes, that the student has unofficially withdrawn, unless the institution can document that the student completed the period. Keep in mind that a grade of ?incomplete? is not considered a passing grade or successful completion. Dear Colleague Letter GEN-04-03 (Revised November 2004) ? states in item 2 that an institution may have a grading policy as follows: F (Failing) Awarded to students who complete the course but fail to achieve the course objectives. U (Unauthorized Incomplete) Awarded to students who did not officially withdraw from the course, but who failed to participate in course activities through the end of the period. It is used when, in the opinion of the instructor, completed assignments or course activities or both were insufficient to make normal evaluation of academic performance possible. A student who did not officially withdraw and did not receive either a passing grade or an `F? in at least one course must be considered to have unofficially withdrawn. Important: Compliance audits and program reviews may examine whether a school accurately assigns failing grades to students if the school uses its grading policy to determine whether a student with failing grades has unofficially withdrawn. 34 CFR 668.22 ?Treatment of title IV funds when a student withdraws?, section (a) General, (1) states that when a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student?s withdrawal date in accordance with paragraph (e) of this section. Also, in (b) ?Withdrawal date for a student who withdraws from an institution that is required to take attendance?, section (1) states that for purposes of this section, for a student who ceases attendance at an institution that is required to take attendance, including a student who does not return from an approved leave of absence, as defined in paragraph (d) of this section, or a student who takes a leave of absence that does not meet the requirements of paragraph (d) of this section, the student?s withdrawal date is the last date of academic attendance as determined by the institution from its attendance records and section (2) states that an institution must document a student?s withdrawal date determined in accordance with paragraph (b)(1) of this section and maintain the documentation as of the date of the institution?s determination that the student withdrew. 34 CFR 668.22 (j), ?Timeframe for the return of title IV funds?, establishes that: (1) An institution must return the amount of title IV funds for which it is responsible as soon as possible but no later than 45 days after the date of the institution?s determination that the student withdrew. The timeframe for returning funds is further described in ? 668.173(b); (2) For an institution that is not required to take attendance, an institution must determine the withdrawal date for a student who withdraws without providing notification to the institution no later than 30 days after the end of the earlier of the - (i) Payment period or period of enrollment, as appropriate. 34 CFR 668.173 (b), ?Timely return of title IV, HEA program funds?, establishes that in accordance with procedures established by the secretary, an institution returns unearned title IV, HEA program funds timely if - (1) the institution deposits or transfers the funds into the bank account it maintains under ? 668.163 no later than 45 days after the date it determines that the student withdrew. Dear Colleague Letter GEN-04-03 (Revised November 2004) - Subject: Return of Title IV Aid states that Institutions are expected to have procedures to determine when a student's absence is a withdrawal. Institutions that are required to take attendance are expected to have a procedure in place for routinely monitoring attendance records to determine in a timely manner when a student withdraws. Except in unusual instances, at an institution that is required to take attendance, they would expect that the date of the institution's determination that the student withdrew would be no later than 14 days after the student's withdrawal date - the last date of academic attendance as determined by the institution from its attendance records (34 CFR 668.22(b)(1)). Cause The Institution?s internal controls for tracking and calculating the return of title IV funds of the students who withdrew, drop out or stopped attending the Institution failed to identify and process these cases as required and on a timely basis. Effect The failure to correct these deficiencies which have been cited in prior audits may result in the Institution being referred to the Department?s Administrative Actions and Appeals Service Group (AAASG) for possible adverse action. Such action may include a fine, or the limitation, suspension, or termination of the eligibility of the Institution. Such action may also include the revocation of the institution?s program participation agreement (if provisional), or, if the Institution has an application pending for renewal of its certification, denial of that application. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-003. Recommendations We recommend the Institution to improve its procedures to ascertain that the return of Title IV funds requirements is properly followed and unearned funds are properly calculated and returned timely to the USDE. Also, the Institution should consider creating a position of compliance officer. Educational institutions must meet and observe a wide variety of guidelines and regulations set by both government agencies and nongovernmental associations to receive financial support and maintain accreditation. A school's compliance officer spreads awareness of policies, coordinates programs to promote the observation of guidelines and reports to a top-level administrator. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Enrollment reporting Condition and context During our enrollment reporting test, for a statistically valid sample of nine (9) students from a population of fifty-one (51) records that had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted the following deficiencies: a.) In one (1) case (11%) the information of enrollment reporting was not available for examination. The student withdrew and received Pell grant funds for the enrolled term. b.) In six (6) cases (67%), we noted that the Institution failed to report the enrollment status before the thirty (30) days deadline for NSLDS web reporting. The reporting was made between five (5) to nineteen (19) days after the required deadline. From this sample, three (3) students received Direct Loan for the 2021-22 award year. Additionally, the enrollment reporting requirement applicable to institutions under the Pell Grant and ED loan programs requires that institutions complete and return within 15 days the Enrollment Reporting roster file (formerly the Student Status Confirmation Report (SSCR) placed in their Student Aid Internet Gateway (SAIG) mailboxes sent by ED via NSLDS. Regarding this, during our evaluation of compliance with the Roster File return requirement, we requested the NSLDS SCHER1 report. We noted one (1) instance where the roster was updated after the fifteen (15) days deadline (35 days) from which the Institution received a late letter on November 26, 2021. Criteria Dear College Letter (DCL) GEN-14-07, Subject: Changes to NSLDS Enrollment Reporting: Program - Level Reporting and More Frequent Reporting, states that, under the authority of these regulations, beginning July 1, 2014, we will request enrollment information from schools every 60 days and schools will be required to respond to those requests within 15 days of the date that we send the electronic enrollment reporting roster to the school or to its designated third-party servicer. Also, the section of the letter titled Program-Level Enrollment Reporting Required, states that if the student is or was enrolled in more than one program, the student?s enrollment information must be reported for each of the programs. The NSLDS enrollment reporting rosters include recipients of all Title IV loans and Federal Pell Grants. Including Pell Grant recipients will allow the Department to meet the Congressional reporting requirements noted earlier. Note that a student will only be included on the roster once, regardless of the number of different Title IV programs from which the student received funding. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. Cause The Institution?s internal controls for tracking and reporting the enrollment changes failed to identify the enrollment status changes performed manually by the Registrar?s office personnel. Effect A student?s enrollment status determines eligibility for in-school status, deferment, and grace periods, as well as for the payment of interest subsidies to FFEL Program loan holders by ED. Enrollment reporting in a timely and accurate manner is critical for effective management of the programs. Failure to report will likely result in the school being out of compliance with the regulatory requirements and possibly subject to sanctions. Also, failing to report completions at all may cause borrowers to lose interest subsidy when they should not. And, because such determinations are based on the student?s enrollment (and completion) at the program level, it is critically important that schools correctly and promptly report a student?s completion at the program level. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-004. Recommendations We recommend the Institution to determine what parts of the manual processes for this requirement can be monitored electronically or using tools available in the USDE website with the assistance of the IT consultant to help the Institution to comply with the deadline of the roster reporting. Also, we recommend reinforcing the controls to report the enrollment status changes of the participant students of the Pell and Direct Loan programs. In addition, a compliance officer may assist in the reporting process. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Gramm-Leach Bliley Act- Student Information Security Condition and context During the examination of the Institution?s compliance with requirements of the Gramm-Leach-Bliley Act (Public Law 106-102) we noted that the Institution is in the process of implementation of the required safeguards related to the results of the risk assessment performed. After performing our procedures, we noted the following deficiencies: a. The Institution designated an external consultant as the coordinator of the Information Security Program. The Information Security Program Coordinator?s functions were not specified in a formal written contract; therefore, the consultant does not have a detail of the functions and responsibilities of his designation. b. The documentation of the safeguards performed by the Institution indicates that they are still in the process of implementation of the safeguards, policies and procedures required as result of the risk assessment. We reviewed the Institution?s written information security program to ascertain that it complies with the nine elements included in the FTC (Federal Trade Commission) regulations. We noted that the Institution?s still needs to comply with the following elements: i. Element #3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 C.F.R. 314.4(c)(1) through (8). This element is still in process. ii. Element #4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. 314.4(d)). This element is still in process. iii. Element #5: Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 C.F.R. 314.4(e)). This element is still in process. We selected a sample of policies and procedures that were completed during the year and noted that four of the policies did not include a signature as evidence of approval and did not have an effective date. Also, the twelve written policies and procedures were evaluated and approved by the Board of Directors. iv. Element #6: Addresses how the institution or servicer will oversee its information system service providers (16 C.F.R. 314.4(f)). This element is still in process. v. Element #7: Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact on the information security program (16 C.F.R. 314.4(g)). The coordinator provided documents showing the results of all the tests carried out. Some of the actions necessary to correct the deficiencies found are still in progress. Criteria The Dear Colleague Letter GEN-15-18, published on July 29, 2015, by the USDE and titled ?Protecting Student Information? reminds institutions of higher education and their third-party servicers of their continuing obligations to protect data used in all aspects of the administration of the Title IV Federal student financial aid programs. The Student Aid Internet Gateway (SAIG) Enrollment Agreement entered into by each Title IV participating institution includes a provision that the institution ?must ensure that all Federal Student Aid applicant information is protected from access by or disclosure to unauthorized personnel.? Institutions are reminded that under various Federal and state laws and other authorities, including the HEA; the Family Educational Rights and Privacy Act (FERPA); the Privacy Act of 1974, as amended; the Gramm-Leach-Bliley Act; state data breach and privacy laws; and potentially other laws, they may be responsible for losses, fines, and penalties (including criminal penalties) caused by data breaches. 16 CFR 314.3 (a) and (b) establish that institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in 16 CFR 314.4 and shall be reasonably designed to achieve the objectives of this part. The objectives are to: (1) Insure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. 16 CFR 314.4 (a) requires to designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, ?Qualified Individual?). The Qualified Individual may be employed by you, an affiliate, or a service provider. To the extent the requirement in this paragraph (a) is met using a service provider or an affiliate, you shall: (1) retain responsibility for compliance with this part; (2) designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual; and (3) require the service provider or affiliate to maintain an information security program that protects you in accordance with the requirements of this part. 16 CFR 314.4 (b) (2) establishes that you shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks. 16 CFR 314.4 (d) (1) and (2) require to regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. For information systems, the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments. Absent effective continuous monitoring or other systems to detect, on an ongoing basis, changes in information systems that may create vulnerabilities, you shall conduct: (i) annual penetration testing of your information systems determined each given year based on relevant identified risks in accordance with the risk assessment; and (ii) vulnerability assessments, including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment, at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (f) requires to oversee service providers, by: (1) taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; (2) requiring your service providers by contract to implement and maintain such safeguards; and (3) periodically assessing your service providers based on the risk they present and the continued adequacy of their safeguards. 16 CFR 314.4 (g) requires to evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (d) of this section; any material changes to your operations or business arrangements; the results of risk assessments performed under paragraph (b)(2) of this section; or any other circumstances that you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (i) requires your Qualified Individual to report in writing, regularly and at least annually, to your board of directors or equivalent governing body. If no such board of directors or equivalent governing body exists, such report shall be timely presented to a senior officer responsible for your information security program. The report shall include the following information: (1) the overall status of the information security program and your compliance with this part; and (2) material matters related to the information security program, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management's responses thereto, and recommendations for changes in the information security program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution established a plan with due dates to complete all the tasks needed to comply with this requirement during the fourth quarter of the academic year end of July 31, 2022. The estimated date to complete the plan is by the summer of 2023. Effect When an audit report includes a GLBA audit finding, the Department will refer the audit to the FTC (Federal Trade Commission). The FTC will determine what action may be needed because of the GLBA audit finding. Federal Student Aid?s Postsecondary Institution Cybersecurity Team (Cybersecurity Team) will be informed of findings related to GLBA and may request additional documentation from the institution in order to assess the level of risk to student data presented by the institution or servicer?s information security system. If the Cybersecurity Team determines that the institution or servicer poses substantial risk to the security of student information, the Cybersecurity Team may temporarily or permanently disable the institution or servicer?s access to the Department?s information systems. Additionally, if the Cybersecurity Team determines that as a result of very serious internal control weaknesses of the general controls over technology that the Institution or servicer?s administrative capability is impaired or it has a history of non-compliance, it may refer the institution to the Department?s Administrative Actions and Appeals Service Group for consideration of a fine or other appropriate administrative action by the Department. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-005. Recommendations We recommend the Institution?s management and Board of Directors to subscribe a contract with the Information Security Program Coordinator and lay down the specific responsibilities that are expected from him related to the GLBA requirements. Also, the Institution?s governance should request periodic reports of the progress of the Institution action plan to comply with this requirement. In addition, they should require from a Qualified Individual a report in writing, regularly and at least annually. The Institution?s management should monitor the progress of the action and document properly any delay in the estimated time to complete the pending tasks. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) CFDA Number: 84.425E / 84.425F Federal award identification number: P425E205418 / P425F204999 Grant period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Material Weakness Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of federal programs, and grant term and conditions, we noted the following deficiencies: a. There is no written policy, nor the procedures designed and implemented by the Institution related to Cash Management were documented. The Institution opted to request the funds on a reimbursement basis. b. There were no written procedures for determining the allowability of costs in accordance with 2 CFR 200 subpart E of this part and the terms and conditions of the Federal award. c. After examination of the Institution procurement policy, we noted that the document was not signed by all members required from management and was not dated. Upon inquiry, we noted that the procurement policy was drafted and submitted to the Institution for review in February 2023. Therefore, no written policy and formal procedures were designed and implemented for the procurement transactions tested for the fiscal year ended July 31, 2022 and thereafter. Criteria 2 CFR 200.302 (b) (6) and (7) establish that the financial management system of each non-Federal entity must provide for the following: written procedures to implement the requirements of ? 200.305, and written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 establish that the non-Federal entity must: (a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO); (b) comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards; (c) evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; (d) take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings; and (e) take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, State, local, and tribal laws regarding privacy and responsibility over confidentiality. 2 CFR 200.318 (a) establishes that the non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non-Federal entity's documented procurement procedures must conform to the procurement standards identified in 2 CFR 200.317 through 200.327. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) the non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices; (b) the non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award; (c) the non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award; (d) the application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal award. Cause The Institution?s federal programs received prior the fiscal year ended July 31, 2020 did not require the implementation of written procedures as mentioned in the condition and context section, except for Cash Management policies and procedures for the Student Financial Assistance Programs Cluster for which the Institution has designed and implemented written procedures for such compliance requirement. The Covid-19 pandemic related programs were the reason why this new federal program funds were received, and the entity failed to design and implement on a timely basis the required written documentation and procedures. Effect Noncompliance with the above-mentioned requirement could lead to administrative sanctions by the grantor, including disallowance of costs. It could also be interpreted as a failure to achieve the program?s objectives. Questioned costs None. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to implement written policies and procedures needed for the administration of federal grants before the acceptance of new grants. Having well sounded policies and procedures will reduce the Institution risk of non-compliance with federal regulations and grants terms and conditions. Also, they will provide guidance to the Institution?s personnel on how to carry-out their responsibilities and functions in relation to the administration of federal programs transactions. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Cash Management Condition and context In testing compliance and internal controls over cash management, we selected a sample of four (4) drawdowns which amounted to $342,787 of the total HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our test, we noted that in one (25%) of the four (4) drawdowns selected, for three payments made by the Institution the time elapsed between the receipt of funds and the check issuance was between 20 to 48 days. The total amount disbursed after the three elapsed days requirement was $4,020 from a drawdown total of $56,065. Criteria 2 CFR 200.302 (b) (6) requires written procedures to implement the requirements of 200.305. 2 CFR 200.305 (b) and (b) (1) establish that for non-Federal entities other than states, payments methods must minimize the time elapsing between the transfer of funds from the United States Treasury or the pass-through entity and the disbursement by the non-Federal entity whether the payment is made by electronic funds transfer, or issuance or redemption of checks, warrants, or payment by other means. See also 200.302(b)(6). Except as noted elsewhere in this part, Federal agencies must require recipients to use only OMB-approved, governmentwide information collection requests to request payment. The non-Federal entity must be paid in advance, provided it maintains or demonstrates the willingness to maintain both written procedures that minimize the time elapsing between the transfer of funds and disbursement by the non-Federal entity, and financial management systems that meet the standards for fund control and accountability as established in this part. Advance payments to a non-Federal entity must be limited to the minimum amounts needed and be timed to be in accordance with the actual, immediate cash requirements of the non-Federal entity in carrying out the purpose of the approved program or project. The timing and amount of advance payments must be as close as is administratively feasible to the actual disbursements by the non-Federal entity for direct program or project costs and the proportionate share of any allowable indirect costs. The non-Federal entity must make timely payment to contractors in accordance with the contract provisions. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution did not design and implemented internal controls and procedures for this compliance requirement, including written policies and procedures. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to design and implement written internal controls and procedures for the administration of federal funds requests in accordance with the requirements of grant agreements and 2 CFR 200. Internal controls and procedures must consider maintaining adequate documentation to support the petitions of funds and to maintain the audit trail of the payments that will be issued. The Institution shall request only the amount of funds necessary to meet its immediate cash needs to prevent excess cash balances. Whenever payment amounts are adjusted after the funds were requested or received, such excess cash should be returned to the federal agency immediately. Establishing reliable and thorough cash forecasting procedures and subjecting such forecasts to the formal review and approval of Institution?s management should meet this objective. Also, the Institution shall coordinate and provide pertinent training to the finance personnel regarding the federal regulations related to the cash management requirements. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) CFDA Number: 84.425E / 84.425F Federal award identification number: P425E205418 / P425F204999 Grant period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Material Weakness Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of federal programs, and grant term and conditions, we noted the following deficiencies: a. There is no written policy, nor the procedures designed and implemented by the Institution related to Cash Management were documented. The Institution opted to request the funds on a reimbursement basis. b. There were no written procedures for determining the allowability of costs in accordance with 2 CFR 200 subpart E of this part and the terms and conditions of the Federal award. c. After examination of the Institution procurement policy, we noted that the document was not signed by all members required from management and was not dated. Upon inquiry, we noted that the procurement policy was drafted and submitted to the Institution for review in February 2023. Therefore, no written policy and formal procedures were designed and implemented for the procurement transactions tested for the fiscal year ended July 31, 2022 and thereafter. Criteria 2 CFR 200.302 (b) (6) and (7) establish that the financial management system of each non-Federal entity must provide for the following: written procedures to implement the requirements of ? 200.305, and written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 establish that the non-Federal entity must: (a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO); (b) comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards; (c) evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; (d) take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings; and (e) take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, State, local, and tribal laws regarding privacy and responsibility over confidentiality. 2 CFR 200.318 (a) establishes that the non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non-Federal entity's documented procurement procedures must conform to the procurement standards identified in 2 CFR 200.317 through 200.327. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) the non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices; (b) the non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award; (c) the non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award; (d) the application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal award. Cause The Institution?s federal programs received prior the fiscal year ended July 31, 2020 did not require the implementation of written procedures as mentioned in the condition and context section, except for Cash Management policies and procedures for the Student Financial Assistance Programs Cluster for which the Institution has designed and implemented written procedures for such compliance requirement. The Covid-19 pandemic related programs were the reason why this new federal program funds were received, and the entity failed to design and implement on a timely basis the required written documentation and procedures. Effect Noncompliance with the above-mentioned requirement could lead to administrative sanctions by the grantor, including disallowance of costs. It could also be interpreted as a failure to achieve the program?s objectives. Questioned costs None. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to implement written policies and procedures needed for the administration of federal grants before the acceptance of new grants. Having well sounded policies and procedures will reduce the Institution risk of non-compliance with federal regulations and grants terms and conditions. Also, they will provide guidance to the Institution?s personnel on how to carry-out their responsibilities and functions in relation to the administration of federal programs transactions. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Cash Management Condition and context In testing compliance and internal controls over cash management, we selected a sample of four (4) drawdowns which amounted to $342,787 of the total HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our test, we noted that in one (25%) of the four (4) drawdowns selected, for three payments made by the Institution the time elapsed between the receipt of funds and the check issuance was between 20 to 48 days. The total amount disbursed after the three elapsed days requirement was $4,020 from a drawdown total of $56,065. Criteria 2 CFR 200.302 (b) (6) requires written procedures to implement the requirements of 200.305. 2 CFR 200.305 (b) and (b) (1) establish that for non-Federal entities other than states, payments methods must minimize the time elapsing between the transfer of funds from the United States Treasury or the pass-through entity and the disbursement by the non-Federal entity whether the payment is made by electronic funds transfer, or issuance or redemption of checks, warrants, or payment by other means. See also 200.302(b)(6). Except as noted elsewhere in this part, Federal agencies must require recipients to use only OMB-approved, governmentwide information collection requests to request payment. The non-Federal entity must be paid in advance, provided it maintains or demonstrates the willingness to maintain both written procedures that minimize the time elapsing between the transfer of funds and disbursement by the non-Federal entity, and financial management systems that meet the standards for fund control and accountability as established in this part. Advance payments to a non-Federal entity must be limited to the minimum amounts needed and be timed to be in accordance with the actual, immediate cash requirements of the non-Federal entity in carrying out the purpose of the approved program or project. The timing and amount of advance payments must be as close as is administratively feasible to the actual disbursements by the non-Federal entity for direct program or project costs and the proportionate share of any allowable indirect costs. The non-Federal entity must make timely payment to contractors in accordance with the contract provisions. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution did not design and implemented internal controls and procedures for this compliance requirement, including written policies and procedures. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to design and implement written internal controls and procedures for the administration of federal funds requests in accordance with the requirements of grant agreements and 2 CFR 200. Internal controls and procedures must consider maintaining adequate documentation to support the petitions of funds and to maintain the audit trail of the payments that will be issued. The Institution shall request only the amount of funds necessary to meet its immediate cash needs to prevent excess cash balances. Whenever payment amounts are adjusted after the funds were requested or received, such excess cash should be returned to the federal agency immediately. Establishing reliable and thorough cash forecasting procedures and subjecting such forecasts to the formal review and approval of Institution?s management should meet this objective. Also, the Institution shall coordinate and provide pertinent training to the finance personnel regarding the federal regulations related to the cash management requirements. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program ALN Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of Title IV aid and the corresponding program participation agreement requirements, we observed the following deficiencies: 1. Consumer Information Requirements ? The Institution is failing to provide their students and prospective students with specific consumer information so that students can make informed decisions regarding their own educational goals, costs, and other requirements. Specifically, the current University?s Catalog containing the general disclosures for enrolled or prospective students has not been updated since the academic years 2014-2016. The Institution revised the Catalog, and an updated version was submitted to the Institution?s Board of Directors for their review and approval. The new school Catalog covering the academic years 2022 to 2024 was approved by the Board of Trustees on December 17, 2022, and published on December 22, 2022. As a result of this matter, the catalog made available to the students during the academic year 2022 did not include actual academic programs offered for all prospective students. It must be provided on an individual basis through an appropriate mailing or publication, including direct mailing through the U.S. Postal Service, campus mail, or electronic mail. Posting on an Internet or intranet website does not constitute a notice. This is a repeated finding. 2. Drug and Alcohol Abuse Prevention Program ? For the academic year 2022, the Institution did not design and implemented a policy of Drug and Alcohol Abuse Prevention Program as required by 34 CFR 86. This policy must be distributed in writing to each student and to each employee of the institution annually. Students who enroll or employees who are hired after the annual distribution must also receive the information. In addition, the Institution must make available, upon request, to the U.S. Department of Education and to the public, the information distributed to students and employees and the results of a biennial review of the school?s program. On March 27, 2023, the policy was approved by the Board of Trustees and was distributed to the students on April 4, 2023. This is a repeated finding. Criteria 34 CFR 668.41(c) and (d) establish that an institution must distribute annually to all enrolled students a notice of the availability of the information required to be disclosed pursuant to paragraphs (d), (e), and (g) of this section. Also, 34 CFR 99.7 sets forth the notification requirements of the Family Educational Rights and Privacy Act of 1974. The notice must list and briefly describe the information and tell the student how to obtain the information. An institution that discloses information to enrolled students as required under paragraphs (d), (e), (g), or (h) of this section by posting the information on an Internet website or an Intranet website must include in the notice described in paragraph (c)(1) of this section - (i) The exact electronic address at which the information is posted; and (ii) A statement that the institution will provide a paper copy of the information on request. An institution must make available to any enrolled student or prospective student through appropriate publications, mailings or electronic media, information concerning - (1) Financial assistance available to students enrolled in the institution (pursuant to ?668.42); (2) The institution (pursuant to ?668.43). 34 CFR 668.42 (a), (b), and (c) establish that: (1) Information on financial assistance that the institution must publish and make readily available to current and prospective students under this subpart includes, but is not limited to, a description of all the Federal, State, local, private and institutional student financial assistance programs available to students who enroll at that institution; (2) These programs include both need-based and non-need-based programs; (3) The institution may describe its own financial assistance programs by listing them in general categories; (4) The institution must describe the terms and conditions of the loans students receive under the Federal Family Education Loan Program, the William D. Ford Federal Direct Student Loan Program, and the Federal Perkins Loan Program. For each program referred to in paragraph (a) of this section, the information provided by the institution must describe: (1) The procedures and forms by which students apply for assistance; (2) The student eligibility requirements; (3) The criteria for selecting recipients from the group of eligible applicants; and (4) The criteria for determining the amount of a student?s award. The institution must describe the rights and responsibilities of students receiving financial assistance and, specifically, assistance under the title IV, HEA programs. This description must include specific information regarding: (1) Criteria for continued student eligibility under each program; (2)(i) Standards which the student must maintain in order to be considered to be making satisfactory progress in his or her course of study for the purpose of receiving financial assistance; and (ii) Criteria by which the student who has failed to maintain satisfactory progress may re-establish his or her eligibility for financial assistance; (3) The method by which financial assistance disbursements will be made to the students and the frequency of those disbursements; (4) The terms of any loan received by a student as part of the student?s financial assistance package, a sample loan repayment schedule for sample loans and the necessity for repaying loans; (5) The general conditions and terms applicable to any employment provided to a student as part of the student?s financial assistance package; and (6) The exit counseling information the institution provides and collects as required by 34 CFR 674.42 for borrowers under the Federal Perkins Loan Program, by 34 CFR 685.304 for borrowers under the William D. Ford Federal Direct Student Loan Program, and by 34 CFR 682.604 for borrowers under the Federal Stafford Loan Program. 34 CFR 668.43 (a) (5) establishes that Institutional information that the institution must make readily available to enrolled and prospective students under this subpart includes, but is not limited to: The academic program of the institution, including - (i) The current degree programs and other educational and training programs; (ii) The instructional, laboratory, and other physical facilities which relate to the academic program; (iii) The institution?s faculty and other instructional personnel; (iv) Any plans by the institution for improving the academic program of the institution, upon a determination by the institution that such a plan exists; and (v) If an educational program is designed to meet educational requirements for a specific professional license or certification that is required for employment in an occupation, or is advertised as meeting such requirements, information regarding whether completion of that program would be sufficient to meet licensure requirements in a State for that occupation, including a list of all States for which the institution has determined that its curriculum meets the State educational requirements for licensure or certification. 34 CFR 86.3 (a) establishes that an IHE shall adopt and implement a drug prevention program as described in ?86.100 to prevent the unlawful possession, use, or distribution of illicit drugs and alcohol by all students and employees on school premises or as part of any of its activities. 34 CFR 86.100 (a) (1) to (5) establish that the IHE?s drug prevention program must, at a minimum, include the following: (a) The annual distribution in writing to each employee, and to each student who is taking one or more classes for any type of academic credit except for continuing education units, regardless of the length of the student?s program of study, of: Standards of conduct that clearly prohibit, at a minimum, the unlawful possession, use, or distribution of illicit drugs and alcohol by students and employees on its property or as part of any of its activities; A description of the applicable legal sanctions under local, State, or Federal law for the unlawful possession or distribution of illicit drugs and alcohol; A description of the health risks associated with the use of illicit drugs and the abuse of alcohol; A description of any drug or alcohol counseling, treatment, or rehabilitation or re-entry programs that are available to employees or students; and A clear statement that the IHE will impose disciplinary sanctions on students and employees (consistent with local, State, and Federal law), and a description of those sanctions, up to and including expulsion or termination of employment and referral for prosecution, for violations of the standards of conduct required by paragraph (a)(1) of this section. For the purpose of this section, a disciplinary sanction may include the completion of an appropriate rehabilitation program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause Lack of an action plan identifying the Institution?s pending tasks classified by risk and priorities. The Institution has not established procedures for the evaluation of policies and procedures that should be evaluated and approved by the Board of Directors in a timely manner. Effect Noncompliance with the above-mentioned requirements could lead to administrative sanctions or civil fines by the grantor, for each violation. It could also be interpreted as a failure to achieve the programs? objectives. Also, it could lead to limiting, suspending, or terminating the participation of any school that fails to comply with the consumer information requirements. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-001. Recommendations We recommend the Institution to review and update its policies and procedures in a timely manner to assure that they accurately represent the vision and goals for the current operations. As organizations change, the policies and procedures must be adapted to meet the new changes. Also, the Institution shall establish a work plan for the matters that the Board of Directors need to review and approve and maintain a calendar to track the frequency that the Institution?s documents, policies, and procedures need to be reviewed by the Board of Directors. The Board of Directors should appoint a Compliance Committee that shall be responsible for the evaluation and tracking of the frequency that the policies and procedures need to be reviewed to ascertain that the Institution is in compliance with federal, state, and accreditation entities. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Material Weakness Compliance requirement: Special tests and provisions ? Return of Title IV Funds Condition and context In testing compliance with the return of Title IV requirement applicable after a student begins attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $5,547 in SFA funds from a population of ten (10) students who withdrew, dropped out, or failed to attend to the Institution, who received $12,918 in Title IV (SFA) funds. Our sample was a statistically valid sample. We noted in two (2) cases of our sample (50%) that the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. Also, in testing compliance with the return of Title IV requirement applicable for a student who does not begin attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $4,557 in SFA funds from a population of nine (9) students who received $28,024 in Title IV (SFA) funds. We reviewed their academic and enrollment records (including class attendance records) to ascertain whether the students sufficiently completed the payment or enrollment period to earn the Title IV funds received. The sample was a statistically valid sample. We noted the following deficiencies: a. In one case of the four students selected (25%) we noted that the Institution failed to perform an administrative withdrawal because the student stopped attending the enrolled courses. During the term the student was granted an incomplete grade before attending 60% of the payment period, the student failed to comply with the incomplete course requirements. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $439. b. In one case (25%) the Institution failed to perform an administrative withdrawal for a student that stopped attending the enrolled courses. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $581. c. For the two cases (50%) mentioned in items a and b, the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. d. For the two cases (50%) mentioned in items a and b, the Institution failed to return Title IV funds within the 45 days? timeframe. Criteria The Volume 5 - Withdrawals and the Return of Title IV Funds 2021?2022 of the Financial Student Aid Handbook establishes in page 5-72 that if a student who began attendance and has not officially withdrawn fails to earn a passing grade in at least one course offered over an entire period, the institution must assume, for Title IV purposes, that the student has unofficially withdrawn, unless the institution can document that the student completed the period. Keep in mind that a grade of ?incomplete? is not considered a passing grade or successful completion. Dear Colleague Letter GEN-04-03 (Revised November 2004) ? states in item 2 that an institution may have a grading policy as follows: F (Failing) Awarded to students who complete the course but fail to achieve the course objectives. U (Unauthorized Incomplete) Awarded to students who did not officially withdraw from the course, but who failed to participate in course activities through the end of the period. It is used when, in the opinion of the instructor, completed assignments or course activities or both were insufficient to make normal evaluation of academic performance possible. A student who did not officially withdraw and did not receive either a passing grade or an `F? in at least one course must be considered to have unofficially withdrawn. Important: Compliance audits and program reviews may examine whether a school accurately assigns failing grades to students if the school uses its grading policy to determine whether a student with failing grades has unofficially withdrawn. 34 CFR 668.22 ?Treatment of title IV funds when a student withdraws?, section (a) General, (1) states that when a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student?s withdrawal date in accordance with paragraph (e) of this section. Also, in (b) ?Withdrawal date for a student who withdraws from an institution that is required to take attendance?, section (1) states that for purposes of this section, for a student who ceases attendance at an institution that is required to take attendance, including a student who does not return from an approved leave of absence, as defined in paragraph (d) of this section, or a student who takes a leave of absence that does not meet the requirements of paragraph (d) of this section, the student?s withdrawal date is the last date of academic attendance as determined by the institution from its attendance records and section (2) states that an institution must document a student?s withdrawal date determined in accordance with paragraph (b)(1) of this section and maintain the documentation as of the date of the institution?s determination that the student withdrew. 34 CFR 668.22 (j), ?Timeframe for the return of title IV funds?, establishes that: (1) An institution must return the amount of title IV funds for which it is responsible as soon as possible but no later than 45 days after the date of the institution?s determination that the student withdrew. The timeframe for returning funds is further described in ? 668.173(b); (2) For an institution that is not required to take attendance, an institution must determine the withdrawal date for a student who withdraws without providing notification to the institution no later than 30 days after the end of the earlier of the - (i) Payment period or period of enrollment, as appropriate. 34 CFR 668.173 (b), ?Timely return of title IV, HEA program funds?, establishes that in accordance with procedures established by the secretary, an institution returns unearned title IV, HEA program funds timely if - (1) the institution deposits or transfers the funds into the bank account it maintains under ? 668.163 no later than 45 days after the date it determines that the student withdrew. Dear Colleague Letter GEN-04-03 (Revised November 2004) - Subject: Return of Title IV Aid states that Institutions are expected to have procedures to determine when a student's absence is a withdrawal. Institutions that are required to take attendance are expected to have a procedure in place for routinely monitoring attendance records to determine in a timely manner when a student withdraws. Except in unusual instances, at an institution that is required to take attendance, they would expect that the date of the institution's determination that the student withdrew would be no later than 14 days after the student's withdrawal date - the last date of academic attendance as determined by the institution from its attendance records (34 CFR 668.22(b)(1)). Cause The Institution?s internal controls for tracking and calculating the return of title IV funds of the students who withdrew, drop out or stopped attending the Institution failed to identify and process these cases as required and on a timely basis. Effect The failure to correct these deficiencies which have been cited in prior audits may result in the Institution being referred to the Department?s Administrative Actions and Appeals Service Group (AAASG) for possible adverse action. Such action may include a fine, or the limitation, suspension, or termination of the eligibility of the Institution. Such action may also include the revocation of the institution?s program participation agreement (if provisional), or, if the Institution has an application pending for renewal of its certification, denial of that application. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-003. Recommendations We recommend the Institution to improve its procedures to ascertain that the return of Title IV funds requirements is properly followed and unearned funds are properly calculated and returned timely to the USDE. Also, the Institution should consider creating a position of compliance officer. Educational institutions must meet and observe a wide variety of guidelines and regulations set by both government agencies and nongovernmental associations to receive financial support and maintain accreditation. A school's compliance officer spreads awareness of policies, coordinates programs to promote the observation of guidelines and reports to a top-level administrator. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Enrollment reporting Condition and context During our enrollment reporting test, for a statistically valid sample of nine (9) students from a population of fifty-one (51) records that had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted the following deficiencies: a.) In one (1) case (11%) the information of enrollment reporting was not available for examination. The student withdrew and received Pell grant funds for the enrolled term. b.) In six (6) cases (67%), we noted that the Institution failed to report the enrollment status before the thirty (30) days deadline for NSLDS web reporting. The reporting was made between five (5) to nineteen (19) days after the required deadline. From this sample, three (3) students received Direct Loan for the 2021-22 award year. Additionally, the enrollment reporting requirement applicable to institutions under the Pell Grant and ED loan programs requires that institutions complete and return within 15 days the Enrollment Reporting roster file (formerly the Student Status Confirmation Report (SSCR) placed in their Student Aid Internet Gateway (SAIG) mailboxes sent by ED via NSLDS. Regarding this, during our evaluation of compliance with the Roster File return requirement, we requested the NSLDS SCHER1 report. We noted one (1) instance where the roster was updated after the fifteen (15) days deadline (35 days) from which the Institution received a late letter on November 26, 2021. Criteria Dear College Letter (DCL) GEN-14-07, Subject: Changes to NSLDS Enrollment Reporting: Program - Level Reporting and More Frequent Reporting, states that, under the authority of these regulations, beginning July 1, 2014, we will request enrollment information from schools every 60 days and schools will be required to respond to those requests within 15 days of the date that we send the electronic enrollment reporting roster to the school or to its designated third-party servicer. Also, the section of the letter titled Program-Level Enrollment Reporting Required, states that if the student is or was enrolled in more than one program, the student?s enrollment information must be reported for each of the programs. The NSLDS enrollment reporting rosters include recipients of all Title IV loans and Federal Pell Grants. Including Pell Grant recipients will allow the Department to meet the Congressional reporting requirements noted earlier. Note that a student will only be included on the roster once, regardless of the number of different Title IV programs from which the student received funding. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. Cause The Institution?s internal controls for tracking and reporting the enrollment changes failed to identify the enrollment status changes performed manually by the Registrar?s office personnel. Effect A student?s enrollment status determines eligibility for in-school status, deferment, and grace periods, as well as for the payment of interest subsidies to FFEL Program loan holders by ED. Enrollment reporting in a timely and accurate manner is critical for effective management of the programs. Failure to report will likely result in the school being out of compliance with the regulatory requirements and possibly subject to sanctions. Also, failing to report completions at all may cause borrowers to lose interest subsidy when they should not. And, because such determinations are based on the student?s enrollment (and completion) at the program level, it is critically important that schools correctly and promptly report a student?s completion at the program level. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-004. Recommendations We recommend the Institution to determine what parts of the manual processes for this requirement can be monitored electronically or using tools available in the USDE website with the assistance of the IT consultant to help the Institution to comply with the deadline of the roster reporting. Also, we recommend reinforcing the controls to report the enrollment status changes of the participant students of the Pell and Direct Loan programs. In addition, a compliance officer may assist in the reporting process. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Gramm-Leach Bliley Act- Student Information Security Condition and context During the examination of the Institution?s compliance with requirements of the Gramm-Leach-Bliley Act (Public Law 106-102) we noted that the Institution is in the process of implementation of the required safeguards related to the results of the risk assessment performed. After performing our procedures, we noted the following deficiencies: a. The Institution designated an external consultant as the coordinator of the Information Security Program. The Information Security Program Coordinator?s functions were not specified in a formal written contract; therefore, the consultant does not have a detail of the functions and responsibilities of his designation. b. The documentation of the safeguards performed by the Institution indicates that they are still in the process of implementation of the safeguards, policies and procedures required as result of the risk assessment. We reviewed the Institution?s written information security program to ascertain that it complies with the nine elements included in the FTC (Federal Trade Commission) regulations. We noted that the Institution?s still needs to comply with the following elements: i. Element #3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 C.F.R. 314.4(c)(1) through (8). This element is still in process. ii. Element #4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. 314.4(d)). This element is still in process. iii. Element #5: Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 C.F.R. 314.4(e)). This element is still in process. We selected a sample of policies and procedures that were completed during the year and noted that four of the policies did not include a signature as evidence of approval and did not have an effective date. Also, the twelve written policies and procedures were evaluated and approved by the Board of Directors. iv. Element #6: Addresses how the institution or servicer will oversee its information system service providers (16 C.F.R. 314.4(f)). This element is still in process. v. Element #7: Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact on the information security program (16 C.F.R. 314.4(g)). The coordinator provided documents showing the results of all the tests carried out. Some of the actions necessary to correct the deficiencies found are still in progress. Criteria The Dear Colleague Letter GEN-15-18, published on July 29, 2015, by the USDE and titled ?Protecting Student Information? reminds institutions of higher education and their third-party servicers of their continuing obligations to protect data used in all aspects of the administration of the Title IV Federal student financial aid programs. The Student Aid Internet Gateway (SAIG) Enrollment Agreement entered into by each Title IV participating institution includes a provision that the institution ?must ensure that all Federal Student Aid applicant information is protected from access by or disclosure to unauthorized personnel.? Institutions are reminded that under various Federal and state laws and other authorities, including the HEA; the Family Educational Rights and Privacy Act (FERPA); the Privacy Act of 1974, as amended; the Gramm-Leach-Bliley Act; state data breach and privacy laws; and potentially other laws, they may be responsible for losses, fines, and penalties (including criminal penalties) caused by data breaches. 16 CFR 314.3 (a) and (b) establish that institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in 16 CFR 314.4 and shall be reasonably designed to achieve the objectives of this part. The objectives are to: (1) Insure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. 16 CFR 314.4 (a) requires to designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, ?Qualified Individual?). The Qualified Individual may be employed by you, an affiliate, or a service provider. To the extent the requirement in this paragraph (a) is met using a service provider or an affiliate, you shall: (1) retain responsibility for compliance with this part; (2) designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual; and (3) require the service provider or affiliate to maintain an information security program that protects you in accordance with the requirements of this part. 16 CFR 314.4 (b) (2) establishes that you shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks. 16 CFR 314.4 (d) (1) and (2) require to regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. For information systems, the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments. Absent effective continuous monitoring or other systems to detect, on an ongoing basis, changes in information systems that may create vulnerabilities, you shall conduct: (i) annual penetration testing of your information systems determined each given year based on relevant identified risks in accordance with the risk assessment; and (ii) vulnerability assessments, including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment, at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (f) requires to oversee service providers, by: (1) taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; (2) requiring your service providers by contract to implement and maintain such safeguards; and (3) periodically assessing your service providers based on the risk they present and the continued adequacy of their safeguards. 16 CFR 314.4 (g) requires to evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (d) of this section; any material changes to your operations or business arrangements; the results of risk assessments performed under paragraph (b)(2) of this section; or any other circumstances that you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (i) requires your Qualified Individual to report in writing, regularly and at least annually, to your board of directors or equivalent governing body. If no such board of directors or equivalent governing body exists, such report shall be timely presented to a senior officer responsible for your information security program. The report shall include the following information: (1) the overall status of the information security program and your compliance with this part; and (2) material matters related to the information security program, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management's responses thereto, and recommendations for changes in the information security program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution established a plan with due dates to complete all the tasks needed to comply with this requirement during the fourth quarter of the academic year end of July 31, 2022. The estimated date to complete the plan is by the summer of 2023. Effect When an audit report includes a GLBA audit finding, the Department will refer the audit to the FTC (Federal Trade Commission). The FTC will determine what action may be needed because of the GLBA audit finding. Federal Student Aid?s Postsecondary Institution Cybersecurity Team (Cybersecurity Team) will be informed of findings related to GLBA and may request additional documentation from the institution in order to assess the level of risk to student data presented by the institution or servicer?s information security system. If the Cybersecurity Team determines that the institution or servicer poses substantial risk to the security of student information, the Cybersecurity Team may temporarily or permanently disable the institution or servicer?s access to the Department?s information systems. Additionally, if the Cybersecurity Team determines that as a result of very serious internal control weaknesses of the general controls over technology that the Institution or servicer?s administrative capability is impaired or it has a history of non-compliance, it may refer the institution to the Department?s Administrative Actions and Appeals Service Group for consideration of a fine or other appropriate administrative action by the Department. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-005. Recommendations We recommend the Institution?s management and Board of Directors to subscribe a contract with the Information Security Program Coordinator and lay down the specific responsibilities that are expected from him related to the GLBA requirements. Also, the Institution?s governance should request periodic reports of the progress of the Institution action plan to comply with this requirement. In addition, they should require from a Qualified Individual a report in writing, regularly and at least annually. The Institution?s management should monitor the progress of the action and document properly any delay in the estimated time to complete the pending tasks. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program ALN Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of Title IV aid and the corresponding program participation agreement requirements, we observed the following deficiencies: 1. Consumer Information Requirements ? The Institution is failing to provide their students and prospective students with specific consumer information so that students can make informed decisions regarding their own educational goals, costs, and other requirements. Specifically, the current University?s Catalog containing the general disclosures for enrolled or prospective students has not been updated since the academic years 2014-2016. The Institution revised the Catalog, and an updated version was submitted to the Institution?s Board of Directors for their review and approval. The new school Catalog covering the academic years 2022 to 2024 was approved by the Board of Trustees on December 17, 2022, and published on December 22, 2022. As a result of this matter, the catalog made available to the students during the academic year 2022 did not include actual academic programs offered for all prospective students. It must be provided on an individual basis through an appropriate mailing or publication, including direct mailing through the U.S. Postal Service, campus mail, or electronic mail. Posting on an Internet or intranet website does not constitute a notice. This is a repeated finding. 2. Drug and Alcohol Abuse Prevention Program ? For the academic year 2022, the Institution did not design and implemented a policy of Drug and Alcohol Abuse Prevention Program as required by 34 CFR 86. This policy must be distributed in writing to each student and to each employee of the institution annually. Students who enroll or employees who are hired after the annual distribution must also receive the information. In addition, the Institution must make available, upon request, to the U.S. Department of Education and to the public, the information distributed to students and employees and the results of a biennial review of the school?s program. On March 27, 2023, the policy was approved by the Board of Trustees and was distributed to the students on April 4, 2023. This is a repeated finding. Criteria 34 CFR 668.41(c) and (d) establish that an institution must distribute annually to all enrolled students a notice of the availability of the information required to be disclosed pursuant to paragraphs (d), (e), and (g) of this section. Also, 34 CFR 99.7 sets forth the notification requirements of the Family Educational Rights and Privacy Act of 1974. The notice must list and briefly describe the information and tell the student how to obtain the information. An institution that discloses information to enrolled students as required under paragraphs (d), (e), (g), or (h) of this section by posting the information on an Internet website or an Intranet website must include in the notice described in paragraph (c)(1) of this section - (i) The exact electronic address at which the information is posted; and (ii) A statement that the institution will provide a paper copy of the information on request. An institution must make available to any enrolled student or prospective student through appropriate publications, mailings or electronic media, information concerning - (1) Financial assistance available to students enrolled in the institution (pursuant to ?668.42); (2) The institution (pursuant to ?668.43). 34 CFR 668.42 (a), (b), and (c) establish that: (1) Information on financial assistance that the institution must publish and make readily available to current and prospective students under this subpart includes, but is not limited to, a description of all the Federal, State, local, private and institutional student financial assistance programs available to students who enroll at that institution; (2) These programs include both need-based and non-need-based programs; (3) The institution may describe its own financial assistance programs by listing them in general categories; (4) The institution must describe the terms and conditions of the loans students receive under the Federal Family Education Loan Program, the William D. Ford Federal Direct Student Loan Program, and the Federal Perkins Loan Program. For each program referred to in paragraph (a) of this section, the information provided by the institution must describe: (1) The procedures and forms by which students apply for assistance; (2) The student eligibility requirements; (3) The criteria for selecting recipients from the group of eligible applicants; and (4) The criteria for determining the amount of a student?s award. The institution must describe the rights and responsibilities of students receiving financial assistance and, specifically, assistance under the title IV, HEA programs. This description must include specific information regarding: (1) Criteria for continued student eligibility under each program; (2)(i) Standards which the student must maintain in order to be considered to be making satisfactory progress in his or her course of study for the purpose of receiving financial assistance; and (ii) Criteria by which the student who has failed to maintain satisfactory progress may re-establish his or her eligibility for financial assistance; (3) The method by which financial assistance disbursements will be made to the students and the frequency of those disbursements; (4) The terms of any loan received by a student as part of the student?s financial assistance package, a sample loan repayment schedule for sample loans and the necessity for repaying loans; (5) The general conditions and terms applicable to any employment provided to a student as part of the student?s financial assistance package; and (6) The exit counseling information the institution provides and collects as required by 34 CFR 674.42 for borrowers under the Federal Perkins Loan Program, by 34 CFR 685.304 for borrowers under the William D. Ford Federal Direct Student Loan Program, and by 34 CFR 682.604 for borrowers under the Federal Stafford Loan Program. 34 CFR 668.43 (a) (5) establishes that Institutional information that the institution must make readily available to enrolled and prospective students under this subpart includes, but is not limited to: The academic program of the institution, including - (i) The current degree programs and other educational and training programs; (ii) The instructional, laboratory, and other physical facilities which relate to the academic program; (iii) The institution?s faculty and other instructional personnel; (iv) Any plans by the institution for improving the academic program of the institution, upon a determination by the institution that such a plan exists; and (v) If an educational program is designed to meet educational requirements for a specific professional license or certification that is required for employment in an occupation, or is advertised as meeting such requirements, information regarding whether completion of that program would be sufficient to meet licensure requirements in a State for that occupation, including a list of all States for which the institution has determined that its curriculum meets the State educational requirements for licensure or certification. 34 CFR 86.3 (a) establishes that an IHE shall adopt and implement a drug prevention program as described in ?86.100 to prevent the unlawful possession, use, or distribution of illicit drugs and alcohol by all students and employees on school premises or as part of any of its activities. 34 CFR 86.100 (a) (1) to (5) establish that the IHE?s drug prevention program must, at a minimum, include the following: (a) The annual distribution in writing to each employee, and to each student who is taking one or more classes for any type of academic credit except for continuing education units, regardless of the length of the student?s program of study, of: Standards of conduct that clearly prohibit, at a minimum, the unlawful possession, use, or distribution of illicit drugs and alcohol by students and employees on its property or as part of any of its activities; A description of the applicable legal sanctions under local, State, or Federal law for the unlawful possession or distribution of illicit drugs and alcohol; A description of the health risks associated with the use of illicit drugs and the abuse of alcohol; A description of any drug or alcohol counseling, treatment, or rehabilitation or re-entry programs that are available to employees or students; and A clear statement that the IHE will impose disciplinary sanctions on students and employees (consistent with local, State, and Federal law), and a description of those sanctions, up to and including expulsion or termination of employment and referral for prosecution, for violations of the standards of conduct required by paragraph (a)(1) of this section. For the purpose of this section, a disciplinary sanction may include the completion of an appropriate rehabilitation program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause Lack of an action plan identifying the Institution?s pending tasks classified by risk and priorities. The Institution has not established procedures for the evaluation of policies and procedures that should be evaluated and approved by the Board of Directors in a timely manner. Effect Noncompliance with the above-mentioned requirements could lead to administrative sanctions or civil fines by the grantor, for each violation. It could also be interpreted as a failure to achieve the programs? objectives. Also, it could lead to limiting, suspending, or terminating the participation of any school that fails to comply with the consumer information requirements. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-001. Recommendations We recommend the Institution to review and update its policies and procedures in a timely manner to assure that they accurately represent the vision and goals for the current operations. As organizations change, the policies and procedures must be adapted to meet the new changes. Also, the Institution shall establish a work plan for the matters that the Board of Directors need to review and approve and maintain a calendar to track the frequency that the Institution?s documents, policies, and procedures need to be reviewed by the Board of Directors. The Board of Directors should appoint a Compliance Committee that shall be responsible for the evaluation and tracking of the frequency that the policies and procedures need to be reviewed to ascertain that the Institution is in compliance with federal, state, and accreditation entities. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021 to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Material Weakness Compliance requirement: Special tests and provisions ? Return of Title IV Funds Condition and context In testing compliance with the return of Title IV requirement applicable after a student begins attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $5,547 in SFA funds from a population of ten (10) students who withdrew, dropped out, or failed to attend to the Institution, who received $12,918 in Title IV (SFA) funds. Our sample was a statistically valid sample. We noted in two (2) cases of our sample (50%) that the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. Also, in testing compliance with the return of Title IV requirement applicable for a student who does not begin attendance, we selected a sample of four (4) participants of the Title IV Student Financial Assistance (SFA) programs who received $4,557 in SFA funds from a population of nine (9) students who received $28,024 in Title IV (SFA) funds. We reviewed their academic and enrollment records (including class attendance records) to ascertain whether the students sufficiently completed the payment or enrollment period to earn the Title IV funds received. The sample was a statistically valid sample. We noted the following deficiencies: a. In one case of the four students selected (25%) we noted that the Institution failed to perform an administrative withdrawal because the student stopped attending the enrolled courses. During the term the student was granted an incomplete grade before attending 60% of the payment period, the student failed to comply with the incomplete course requirements. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $439. b. In one case (25%) the Institution failed to perform an administrative withdrawal for a student that stopped attending the enrolled courses. As a result, the Institution failed to return Title IV funds for the portion of aid not earned by the student. The amount owed to the USDE for this case is $581. c. For the two cases (50%) mentioned in items a and b, the Institution failed to determine that the student withdrew within 14 days after the student?s last date of attendance as determined by the Institution from its attendance records. d. For the two cases (50%) mentioned in items a and b, the Institution failed to return Title IV funds within the 45 days? timeframe. Criteria The Volume 5 - Withdrawals and the Return of Title IV Funds 2021?2022 of the Financial Student Aid Handbook establishes in page 5-72 that if a student who began attendance and has not officially withdrawn fails to earn a passing grade in at least one course offered over an entire period, the institution must assume, for Title IV purposes, that the student has unofficially withdrawn, unless the institution can document that the student completed the period. Keep in mind that a grade of ?incomplete? is not considered a passing grade or successful completion. Dear Colleague Letter GEN-04-03 (Revised November 2004) ? states in item 2 that an institution may have a grading policy as follows: F (Failing) Awarded to students who complete the course but fail to achieve the course objectives. U (Unauthorized Incomplete) Awarded to students who did not officially withdraw from the course, but who failed to participate in course activities through the end of the period. It is used when, in the opinion of the instructor, completed assignments or course activities or both were insufficient to make normal evaluation of academic performance possible. A student who did not officially withdraw and did not receive either a passing grade or an `F? in at least one course must be considered to have unofficially withdrawn. Important: Compliance audits and program reviews may examine whether a school accurately assigns failing grades to students if the school uses its grading policy to determine whether a student with failing grades has unofficially withdrawn. 34 CFR 668.22 ?Treatment of title IV funds when a student withdraws?, section (a) General, (1) states that when a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student?s withdrawal date in accordance with paragraph (e) of this section. Also, in (b) ?Withdrawal date for a student who withdraws from an institution that is required to take attendance?, section (1) states that for purposes of this section, for a student who ceases attendance at an institution that is required to take attendance, including a student who does not return from an approved leave of absence, as defined in paragraph (d) of this section, or a student who takes a leave of absence that does not meet the requirements of paragraph (d) of this section, the student?s withdrawal date is the last date of academic attendance as determined by the institution from its attendance records and section (2) states that an institution must document a student?s withdrawal date determined in accordance with paragraph (b)(1) of this section and maintain the documentation as of the date of the institution?s determination that the student withdrew. 34 CFR 668.22 (j), ?Timeframe for the return of title IV funds?, establishes that: (1) An institution must return the amount of title IV funds for which it is responsible as soon as possible but no later than 45 days after the date of the institution?s determination that the student withdrew. The timeframe for returning funds is further described in ? 668.173(b); (2) For an institution that is not required to take attendance, an institution must determine the withdrawal date for a student who withdraws without providing notification to the institution no later than 30 days after the end of the earlier of the - (i) Payment period or period of enrollment, as appropriate. 34 CFR 668.173 (b), ?Timely return of title IV, HEA program funds?, establishes that in accordance with procedures established by the secretary, an institution returns unearned title IV, HEA program funds timely if - (1) the institution deposits or transfers the funds into the bank account it maintains under ? 668.163 no later than 45 days after the date it determines that the student withdrew. Dear Colleague Letter GEN-04-03 (Revised November 2004) - Subject: Return of Title IV Aid states that Institutions are expected to have procedures to determine when a student's absence is a withdrawal. Institutions that are required to take attendance are expected to have a procedure in place for routinely monitoring attendance records to determine in a timely manner when a student withdraws. Except in unusual instances, at an institution that is required to take attendance, they would expect that the date of the institution's determination that the student withdrew would be no later than 14 days after the student's withdrawal date - the last date of academic attendance as determined by the institution from its attendance records (34 CFR 668.22(b)(1)). Cause The Institution?s internal controls for tracking and calculating the return of title IV funds of the students who withdrew, drop out or stopped attending the Institution failed to identify and process these cases as required and on a timely basis. Effect The failure to correct these deficiencies which have been cited in prior audits may result in the Institution being referred to the Department?s Administrative Actions and Appeals Service Group (AAASG) for possible adverse action. Such action may include a fine, or the limitation, suspension, or termination of the eligibility of the Institution. Such action may also include the revocation of the institution?s program participation agreement (if provisional), or, if the Institution has an application pending for renewal of its certification, denial of that application. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-003. Recommendations We recommend the Institution to improve its procedures to ascertain that the return of Title IV funds requirements is properly followed and unearned funds are properly calculated and returned timely to the USDE. Also, the Institution should consider creating a position of compliance officer. Educational institutions must meet and observe a wide variety of guidelines and regulations set by both government agencies and nongovernmental associations to receive financial support and maintain accreditation. A school's compliance officer spreads awareness of policies, coordinates programs to promote the observation of guidelines and reports to a top-level administrator. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Enrollment reporting Condition and context During our enrollment reporting test, for a statistically valid sample of nine (9) students from a population of fifty-one (51) records that had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted the following deficiencies: a.) In one (1) case (11%) the information of enrollment reporting was not available for examination. The student withdrew and received Pell grant funds for the enrolled term. b.) In six (6) cases (67%), we noted that the Institution failed to report the enrollment status before the thirty (30) days deadline for NSLDS web reporting. The reporting was made between five (5) to nineteen (19) days after the required deadline. From this sample, three (3) students received Direct Loan for the 2021-22 award year. Additionally, the enrollment reporting requirement applicable to institutions under the Pell Grant and ED loan programs requires that institutions complete and return within 15 days the Enrollment Reporting roster file (formerly the Student Status Confirmation Report (SSCR) placed in their Student Aid Internet Gateway (SAIG) mailboxes sent by ED via NSLDS. Regarding this, during our evaluation of compliance with the Roster File return requirement, we requested the NSLDS SCHER1 report. We noted one (1) instance where the roster was updated after the fifteen (15) days deadline (35 days) from which the Institution received a late letter on November 26, 2021. Criteria Dear College Letter (DCL) GEN-14-07, Subject: Changes to NSLDS Enrollment Reporting: Program - Level Reporting and More Frequent Reporting, states that, under the authority of these regulations, beginning July 1, 2014, we will request enrollment information from schools every 60 days and schools will be required to respond to those requests within 15 days of the date that we send the electronic enrollment reporting roster to the school or to its designated third-party servicer. Also, the section of the letter titled Program-Level Enrollment Reporting Required, states that if the student is or was enrolled in more than one program, the student?s enrollment information must be reported for each of the programs. The NSLDS enrollment reporting rosters include recipients of all Title IV loans and Federal Pell Grants. Including Pell Grant recipients will allow the Department to meet the Congressional reporting requirements noted earlier. Note that a student will only be included on the roster once, regardless of the number of different Title IV programs from which the student received funding. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. 34 CFR 690.83 (b) (2) establishes that an institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. Cause The Institution?s internal controls for tracking and reporting the enrollment changes failed to identify the enrollment status changes performed manually by the Registrar?s office personnel. Effect A student?s enrollment status determines eligibility for in-school status, deferment, and grace periods, as well as for the payment of interest subsidies to FFEL Program loan holders by ED. Enrollment reporting in a timely and accurate manner is critical for effective management of the programs. Failure to report will likely result in the school being out of compliance with the regulatory requirements and possibly subject to sanctions. Also, failing to report completions at all may cause borrowers to lose interest subsidy when they should not. And, because such determinations are based on the student?s enrollment (and completion) at the program level, it is critically important that schools correctly and promptly report a student?s completion at the program level. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-004. Recommendations We recommend the Institution to determine what parts of the manual processes for this requirement can be monitored electronically or using tools available in the USDE website with the assistance of the IT consultant to help the Institution to comply with the deadline of the roster reporting. Also, we recommend reinforcing the controls to report the enrollment status changes of the participant students of the Pell and Direct Loan programs. In addition, a compliance officer may assist in the reporting process. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Federal Pell Grant Program; Federal Direct Loan Program CFDA Number: 84.063 / 84.268 Federal award identification number: P063P214207 / P268K224207 Grant period: August 1, 2021, to July 31, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Compliance / Internal Control Finding Type: Significant Deficiency Compliance requirement: Special tests and provisions ? Gramm-Leach Bliley Act- Student Information Security Condition and context During the examination of the Institution?s compliance with requirements of the Gramm-Leach-Bliley Act (Public Law 106-102) we noted that the Institution is in the process of implementation of the required safeguards related to the results of the risk assessment performed. After performing our procedures, we noted the following deficiencies: a. The Institution designated an external consultant as the coordinator of the Information Security Program. The Information Security Program Coordinator?s functions were not specified in a formal written contract; therefore, the consultant does not have a detail of the functions and responsibilities of his designation. b. The documentation of the safeguards performed by the Institution indicates that they are still in the process of implementation of the safeguards, policies and procedures required as result of the risk assessment. We reviewed the Institution?s written information security program to ascertain that it complies with the nine elements included in the FTC (Federal Trade Commission) regulations. We noted that the Institution?s still needs to comply with the following elements: i. Element #3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 C.F.R. 314.4(c)(1) through (8). This element is still in process. ii. Element #4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. 314.4(d)). This element is still in process. iii. Element #5: Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 C.F.R. 314.4(e)). This element is still in process. We selected a sample of policies and procedures that were completed during the year and noted that four of the policies did not include a signature as evidence of approval and did not have an effective date. Also, the twelve written policies and procedures were evaluated and approved by the Board of Directors. iv. Element #6: Addresses how the institution or servicer will oversee its information system service providers (16 C.F.R. 314.4(f)). This element is still in process. v. Element #7: Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact on the information security program (16 C.F.R. 314.4(g)). The coordinator provided documents showing the results of all the tests carried out. Some of the actions necessary to correct the deficiencies found are still in progress. Criteria The Dear Colleague Letter GEN-15-18, published on July 29, 2015, by the USDE and titled ?Protecting Student Information? reminds institutions of higher education and their third-party servicers of their continuing obligations to protect data used in all aspects of the administration of the Title IV Federal student financial aid programs. The Student Aid Internet Gateway (SAIG) Enrollment Agreement entered into by each Title IV participating institution includes a provision that the institution ?must ensure that all Federal Student Aid applicant information is protected from access by or disclosure to unauthorized personnel.? Institutions are reminded that under various Federal and state laws and other authorities, including the HEA; the Family Educational Rights and Privacy Act (FERPA); the Privacy Act of 1974, as amended; the Gramm-Leach-Bliley Act; state data breach and privacy laws; and potentially other laws, they may be responsible for losses, fines, and penalties (including criminal penalties) caused by data breaches. 16 CFR 314.3 (a) and (b) establish that institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in 16 CFR 314.4 and shall be reasonably designed to achieve the objectives of this part. The objectives are to: (1) Insure the security and confidentiality of customer information; (2) Protect against any anticipated threats or hazards to the security or integrity of such information; and (3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. 16 CFR 314.4 (a) requires to designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program (for purposes of this part, ?Qualified Individual?). The Qualified Individual may be employed by you, an affiliate, or a service provider. To the extent the requirement in this paragraph (a) is met using a service provider or an affiliate, you shall: (1) retain responsibility for compliance with this part; (2) designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual; and (3) require the service provider or affiliate to maintain an information security program that protects you in accordance with the requirements of this part. 16 CFR 314.4 (b) (2) establishes that you shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks. 16 CFR 314.4 (d) (1) and (2) require to regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. For information systems, the monitoring and testing shall include continuous monitoring or periodic penetration testing and vulnerability assessments. Absent effective continuous monitoring or other systems to detect, on an ongoing basis, changes in information systems that may create vulnerabilities, you shall conduct: (i) annual penetration testing of your information systems determined each given year based on relevant identified risks in accordance with the risk assessment; and (ii) vulnerability assessments, including any systemic scans or reviews of information systems reasonably designed to identify publicly known security vulnerabilities in your information systems based on the risk assessment, at least every six months; and whenever there are material changes to your operations or business arrangements; and whenever there are circumstances you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (f) requires to oversee service providers, by: (1) taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; (2) requiring your service providers by contract to implement and maintain such safeguards; and (3) periodically assessing your service providers based on the risk they present and the continued adequacy of their safeguards. 16 CFR 314.4 (g) requires to evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (d) of this section; any material changes to your operations or business arrangements; the results of risk assessments performed under paragraph (b)(2) of this section; or any other circumstances that you know or have reason to know may have a material impact on your information security program. 16 CFR 314.4 (i) requires your Qualified Individual to report in writing, regularly and at least annually, to your board of directors or equivalent governing body. If no such board of directors or equivalent governing body exists, such report shall be timely presented to a senior officer responsible for your information security program. The report shall include the following information: (1) the overall status of the information security program and your compliance with this part; and (2) material matters related to the information security program, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management's responses thereto, and recommendations for changes in the information security program. 2 CFR 200.303 (a), (c) and (d) establish that the non-Federal entity must: i. establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ii. evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; and iii. take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution established a plan with due dates to complete all the tasks needed to comply with this requirement during the fourth quarter of the academic year end of July 31, 2022. The estimated date to complete the plan is by the summer of 2023. Effect When an audit report includes a GLBA audit finding, the Department will refer the audit to the FTC (Federal Trade Commission). The FTC will determine what action may be needed because of the GLBA audit finding. Federal Student Aid?s Postsecondary Institution Cybersecurity Team (Cybersecurity Team) will be informed of findings related to GLBA and may request additional documentation from the institution in order to assess the level of risk to student data presented by the institution or servicer?s information security system. If the Cybersecurity Team determines that the institution or servicer poses substantial risk to the security of student information, the Cybersecurity Team may temporarily or permanently disable the institution or servicer?s access to the Department?s information systems. Additionally, if the Cybersecurity Team determines that as a result of very serious internal control weaknesses of the general controls over technology that the Institution or servicer?s administrative capability is impaired or it has a history of non-compliance, it may refer the institution to the Department?s Administrative Actions and Appeals Service Group for consideration of a fine or other appropriate administrative action by the Department. Questioned costs None. Identification as a Repeat Finding A finding related to this compliance requirement was included in the prior year audit as Finding No. 2021-005. Recommendations We recommend the Institution?s management and Board of Directors to subscribe a contract with the Information Security Program Coordinator and lay down the specific responsibilities that are expected from him related to the GLBA requirements. Also, the Institution?s governance should request periodic reports of the progress of the Institution action plan to comply with this requirement. In addition, they should require from a Qualified Individual a report in writing, regularly and at least annually. The Institution?s management should monitor the progress of the action and document properly any delay in the estimated time to complete the pending tasks. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) CFDA Number: 84.425E / 84.425F Federal award identification number: P425E205418 / P425F204999 Grant period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Material Weakness Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of federal programs, and grant term and conditions, we noted the following deficiencies: a. There is no written policy, nor the procedures designed and implemented by the Institution related to Cash Management were documented. The Institution opted to request the funds on a reimbursement basis. b. There were no written procedures for determining the allowability of costs in accordance with 2 CFR 200 subpart E of this part and the terms and conditions of the Federal award. c. After examination of the Institution procurement policy, we noted that the document was not signed by all members required from management and was not dated. Upon inquiry, we noted that the procurement policy was drafted and submitted to the Institution for review in February 2023. Therefore, no written policy and formal procedures were designed and implemented for the procurement transactions tested for the fiscal year ended July 31, 2022 and thereafter. Criteria 2 CFR 200.302 (b) (6) and (7) establish that the financial management system of each non-Federal entity must provide for the following: written procedures to implement the requirements of ? 200.305, and written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 establish that the non-Federal entity must: (a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO); (b) comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards; (c) evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; (d) take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings; and (e) take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, State, local, and tribal laws regarding privacy and responsibility over confidentiality. 2 CFR 200.318 (a) establishes that the non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non-Federal entity's documented procurement procedures must conform to the procurement standards identified in 2 CFR 200.317 through 200.327. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) the non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices; (b) the non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award; (c) the non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award; (d) the application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal award. Cause The Institution?s federal programs received prior the fiscal year ended July 31, 2020 did not require the implementation of written procedures as mentioned in the condition and context section, except for Cash Management policies and procedures for the Student Financial Assistance Programs Cluster for which the Institution has designed and implemented written procedures for such compliance requirement. The Covid-19 pandemic related programs were the reason why this new federal program funds were received, and the entity failed to design and implement on a timely basis the required written documentation and procedures. Effect Noncompliance with the above-mentioned requirement could lead to administrative sanctions by the grantor, including disallowance of costs. It could also be interpreted as a failure to achieve the program?s objectives. Questioned costs None. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to implement written policies and procedures needed for the administration of federal grants before the acceptance of new grants. Having well sounded policies and procedures will reduce the Institution risk of non-compliance with federal regulations and grants terms and conditions. Also, they will provide guidance to the Institution?s personnel on how to carry-out their responsibilities and functions in relation to the administration of federal programs transactions. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Cash Management Condition and context In testing compliance and internal controls over cash management, we selected a sample of four (4) drawdowns which amounted to $342,787 of the total HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our test, we noted that in one (25%) of the four (4) drawdowns selected, for three payments made by the Institution the time elapsed between the receipt of funds and the check issuance was between 20 to 48 days. The total amount disbursed after the three elapsed days requirement was $4,020 from a drawdown total of $56,065. Criteria 2 CFR 200.302 (b) (6) requires written procedures to implement the requirements of 200.305. 2 CFR 200.305 (b) and (b) (1) establish that for non-Federal entities other than states, payments methods must minimize the time elapsing between the transfer of funds from the United States Treasury or the pass-through entity and the disbursement by the non-Federal entity whether the payment is made by electronic funds transfer, or issuance or redemption of checks, warrants, or payment by other means. See also 200.302(b)(6). Except as noted elsewhere in this part, Federal agencies must require recipients to use only OMB-approved, governmentwide information collection requests to request payment. The non-Federal entity must be paid in advance, provided it maintains or demonstrates the willingness to maintain both written procedures that minimize the time elapsing between the transfer of funds and disbursement by the non-Federal entity, and financial management systems that meet the standards for fund control and accountability as established in this part. Advance payments to a non-Federal entity must be limited to the minimum amounts needed and be timed to be in accordance with the actual, immediate cash requirements of the non-Federal entity in carrying out the purpose of the approved program or project. The timing and amount of advance payments must be as close as is administratively feasible to the actual disbursements by the non-Federal entity for direct program or project costs and the proportionate share of any allowable indirect costs. The non-Federal entity must make timely payment to contractors in accordance with the contract provisions. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution did not design and implemented internal controls and procedures for this compliance requirement, including written policies and procedures. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to design and implement written internal controls and procedures for the administration of federal funds requests in accordance with the requirements of grant agreements and 2 CFR 200. Internal controls and procedures must consider maintaining adequate documentation to support the petitions of funds and to maintain the audit trail of the payments that will be issued. The Institution shall request only the amount of funds necessary to meet its immediate cash needs to prevent excess cash balances. Whenever payment amounts are adjusted after the funds were requested or received, such excess cash should be returned to the federal agency immediately. Establishing reliable and thorough cash forecasting procedures and subjecting such forecasts to the formal review and approval of Institution?s management should meet this objective. Also, the Institution shall coordinate and provide pertinent training to the finance personnel regarding the federal regulations related to the cash management requirements. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Federal programs: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) CFDA Number: 84.425E / 84.425F Federal award identification number: P425E205418 / P425F204999 Grant period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Material Weakness Compliance requirement: Other ? Policies and procedures requirements Condition and context When obtaining an understanding of the internal controls, policies, and procedures regarding the administration of federal programs, and grant term and conditions, we noted the following deficiencies: a. There is no written policy, nor the procedures designed and implemented by the Institution related to Cash Management were documented. The Institution opted to request the funds on a reimbursement basis. b. There were no written procedures for determining the allowability of costs in accordance with 2 CFR 200 subpart E of this part and the terms and conditions of the Federal award. c. After examination of the Institution procurement policy, we noted that the document was not signed by all members required from management and was not dated. Upon inquiry, we noted that the procurement policy was drafted and submitted to the Institution for review in February 2023. Therefore, no written policy and formal procedures were designed and implemented for the procurement transactions tested for the fiscal year ended July 31, 2022 and thereafter. Criteria 2 CFR 200.302 (b) (6) and (7) establish that the financial management system of each non-Federal entity must provide for the following: written procedures to implement the requirements of ? 200.305, and written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 establish that the non-Federal entity must: (a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO); (b) comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards; (c) evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards; (d) take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings; and (e) take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, State, local, and tribal laws regarding privacy and responsibility over confidentiality. 2 CFR 200.318 (a) establishes that the non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non-Federal entity's documented procurement procedures must conform to the procurement standards identified in 2 CFR 200.317 through 200.327. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) the non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices; (b) the non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award; (c) the non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award; (d) the application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal award. Cause The Institution?s federal programs received prior the fiscal year ended July 31, 2020 did not require the implementation of written procedures as mentioned in the condition and context section, except for Cash Management policies and procedures for the Student Financial Assistance Programs Cluster for which the Institution has designed and implemented written procedures for such compliance requirement. The Covid-19 pandemic related programs were the reason why this new federal program funds were received, and the entity failed to design and implement on a timely basis the required written documentation and procedures. Effect Noncompliance with the above-mentioned requirement could lead to administrative sanctions by the grantor, including disallowance of costs. It could also be interpreted as a failure to achieve the program?s objectives. Questioned costs None. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to implement written policies and procedures needed for the administration of federal grants before the acceptance of new grants. Having well sounded policies and procedures will reduce the Institution risk of non-compliance with federal regulations and grants terms and conditions. Also, they will provide guidance to the Institution?s personnel on how to carry-out their responsibilities and functions in relation to the administration of federal programs transactions. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control Finding Type: Significant Deficiency Compliance requirement: Cash Management Condition and context In testing compliance and internal controls over cash management, we selected a sample of four (4) drawdowns which amounted to $342,787 of the total HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our test, we noted that in one (25%) of the four (4) drawdowns selected, for three payments made by the Institution the time elapsed between the receipt of funds and the check issuance was between 20 to 48 days. The total amount disbursed after the three elapsed days requirement was $4,020 from a drawdown total of $56,065. Criteria 2 CFR 200.302 (b) (6) requires written procedures to implement the requirements of 200.305. 2 CFR 200.305 (b) and (b) (1) establish that for non-Federal entities other than states, payments methods must minimize the time elapsing between the transfer of funds from the United States Treasury or the pass-through entity and the disbursement by the non-Federal entity whether the payment is made by electronic funds transfer, or issuance or redemption of checks, warrants, or payment by other means. See also 200.302(b)(6). Except as noted elsewhere in this part, Federal agencies must require recipients to use only OMB-approved, governmentwide information collection requests to request payment. The non-Federal entity must be paid in advance, provided it maintains or demonstrates the willingness to maintain both written procedures that minimize the time elapsing between the transfer of funds and disbursement by the non-Federal entity, and financial management systems that meet the standards for fund control and accountability as established in this part. Advance payments to a non-Federal entity must be limited to the minimum amounts needed and be timed to be in accordance with the actual, immediate cash requirements of the non-Federal entity in carrying out the purpose of the approved program or project. The timing and amount of advance payments must be as close as is administratively feasible to the actual disbursements by the non-Federal entity for direct program or project costs and the proportionate share of any allowable indirect costs. The non-Federal entity must make timely payment to contractors in accordance with the contract provisions. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. Cause The Institution did not design and implemented internal controls and procedures for this compliance requirement, including written policies and procedures. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to design and implement written internal controls and procedures for the administration of federal funds requests in accordance with the requirements of grant agreements and 2 CFR 200. Internal controls and procedures must consider maintaining adequate documentation to support the petitions of funds and to maintain the audit trail of the payments that will be issued. The Institution shall request only the amount of funds necessary to meet its immediate cash needs to prevent excess cash balances. Whenever payment amounts are adjusted after the funds were requested or received, such excess cash should be returned to the federal agency immediately. Establishing reliable and thorough cash forecasting procedures and subjecting such forecasts to the formal review and approval of Institution?s management should meet this objective. Also, the Institution shall coordinate and provide pertinent training to the finance personnel regarding the federal regulations related to the cash management requirements. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.