Audit 20434

Finding 2022-001 ? Special Tests and Provisions - Enrollment Reporting (Material Weakness) Information on the Federal Program: U.S. Department of Education 84.268 - Federal Direct Loan Program Federal Award Year: July 1, 2021 to June 30, 2022 Criteria: The Seminary is required to report enrollment information under the Federal Direct Student Loans program via the NSLDS (OMB No. 1845-0035). The Seminary is responsible for accurate and timely reporting, whether it reports directly or via a third-party servicer. The Seminary must complete and return within 15 days the enrollment reporting roster file placed in its Student Aid Internet Gateway (SAIG) (OMB No. 1845-0002) mailboxes sent by ED via NSLDS. The Seminary determines how often it receives the enrollment reporting roster file with the default set at a minimum of every 60 days. Once received, the Seminary must update for changes in the data elements and submit the changes electronically through the batch method, spreadsheet submittal, or the NSLDS website (34 CFR 685.309). In addition, the Seminary must report a change in student status once a student ceases to be enrolled on at least a half-time basis or failed to enroll on at least a half-time basis. Condition: The Seminary did not timely submit 3 of 6 enrollment reports to the NSLDS during the year. In addition, for a sample of 4 student status changes for those students that received Direct Loans, we noted that those students were never reported as graduated to NSLDS. We noted no management review control implemented by the Seminary designed at a level of precision to validate that Seminary enrollment and student data were submitted to NSLDS timely and accurately. This sample was not, and was not intended to be, a statistically valid sample. Cause: There was turnover at the Financial Aid Coordinator position during the fiscal year which resulted in the enrollment reports and status changes not being submitted timely. Effect or Potential Effect: The U.S. Department of Education (?USDE?) uses enrollment data reported by the Seminary to determine: (1) eligibility for interest subsidies, (2) loan repayment start dates, and (3) in-school loan deferments. The enrollment information is also used by USDE to measure program completion data to evaluate the effectiveness of financial aid programs. Late enrollment reports can result in stale or inaccurate information for students receiving financial aid and may impact the timeframe of student loan repayment. Questioned Costs: None Context: NSLDS will send a late enrollment reporting notification e-mail if no updates are received by batch or online within 22 days after the date the roster was sent to the Seminary. Institutions that receive a late enrollment reporting notification are not in compliance with the requirement to complete and return the enrollment reporting roster file within 15 days. Recommendation: We recommend that the Seminary implement policies and procedures to verify that the enrollment reports are submitted timely and accurately. Views of Responsible Officials and Corrective Action Planned: The Seminary hired a third-party financial aid servicer, Financial Aid Services, LLC (?FAS?) who will do the enrollment reporting as part of their contract. The FAS contract was signed May 2022 for the upcoming fiscal year 2022 to 2023. This contract was approved by the Administrative Council in May 2022. The Seminary?s current part-time financial aid coordinator sent out the April 2022 enrollment roster which included student status changes on October 17, 2022. Planned Implementation Date of Corrective Action: December 31, 2022 Responsible Official for Corrective Action: Chief Financial Officer

Finding 2022-002 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act?Student Information Security (Compliance Finding) Information on the Federal Program: U.S. Department of Education 84.268 - Federal Direct Loan Program Federal Award Year: July 1, 2021 to June 30, 2022 Criteria: The Seminary is required to comply with the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Under the Seminary?s Program Participation Agreement with the ED and the Gramm-Leach-Bliley Act, the Seminary must protect student financial aid information, with particular attention to information provided to the Seminary by ED or otherwise obtained in support of the administration of the federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The Seminary did not have a formally documented information security program as required by the Gramm-Leach-Bliley Act and was therefore out of compliance. Cause: The Seminary was not aware of the Special Tests and Provisions ? Gramm-Leach-Bliley Act student information security compliance requirement. Effect or Potential Effect: Student financial aid information may not be adequately protected in accordance with the Gramm-Leach-Bliley Act. Questioned Costs: None Context: Although the Seminary did not have a formally documented information security program as required by the Gramm-Leach-Bliley Act, the Seminary had adequate safeguards in place to protect student financial information. Having a written information security program would not have affected the safeguards the Seminary already had in place to adequately protect student financial information. In addition, the Seminary had designated employees to coordinate the information security program and performed a risk assessment that addresses the requirements of 16 CFR 314.4. Recommendation: We recommend that the Seminary implement policies, procedures, and related controls to comply with the Gramm-Leach-Bliley Act. Views of Responsible Officials and Corrective Action Planned: The Seminary is currently working on developing an Information Security Program in order to meet current and upcoming requirements of the Gramm-Leach-Bliley Act. The Seminary?s plan is to have this developed and implemented before December 9, 2022. Planned Implementation Date of Corrective Action: December 9, 2022 Responsible Official for Corrective Action: Chief of Staff

Finding 2022-001 ? Special Tests and Provisions - Enrollment Reporting (Material Weakness) Information on the Federal Program: U.S. Department of Education 84.268 - Federal Direct Loan Program Federal Award Year: July 1, 2021 to June 30, 2022 Criteria: The Seminary is required to report enrollment information under the Federal Direct Student Loans program via the NSLDS (OMB No. 1845-0035). The Seminary is responsible for accurate and timely reporting, whether it reports directly or via a third-party servicer. The Seminary must complete and return within 15 days the enrollment reporting roster file placed in its Student Aid Internet Gateway (SAIG) (OMB No. 1845-0002) mailboxes sent by ED via NSLDS. The Seminary determines how often it receives the enrollment reporting roster file with the default set at a minimum of every 60 days. Once received, the Seminary must update for changes in the data elements and submit the changes electronically through the batch method, spreadsheet submittal, or the NSLDS website (34 CFR 685.309). In addition, the Seminary must report a change in student status once a student ceases to be enrolled on at least a half-time basis or failed to enroll on at least a half-time basis. Condition: The Seminary did not timely submit 3 of 6 enrollment reports to the NSLDS during the year. In addition, for a sample of 4 student status changes for those students that received Direct Loans, we noted that those students were never reported as graduated to NSLDS. We noted no management review control implemented by the Seminary designed at a level of precision to validate that Seminary enrollment and student data were submitted to NSLDS timely and accurately. This sample was not, and was not intended to be, a statistically valid sample. Cause: There was turnover at the Financial Aid Coordinator position during the fiscal year which resulted in the enrollment reports and status changes not being submitted timely. Effect or Potential Effect: The U.S. Department of Education (?USDE?) uses enrollment data reported by the Seminary to determine: (1) eligibility for interest subsidies, (2) loan repayment start dates, and (3) in-school loan deferments. The enrollment information is also used by USDE to measure program completion data to evaluate the effectiveness of financial aid programs. Late enrollment reports can result in stale or inaccurate information for students receiving financial aid and may impact the timeframe of student loan repayment. Questioned Costs: None Context: NSLDS will send a late enrollment reporting notification e-mail if no updates are received by batch or online within 22 days after the date the roster was sent to the Seminary. Institutions that receive a late enrollment reporting notification are not in compliance with the requirement to complete and return the enrollment reporting roster file within 15 days. Recommendation: We recommend that the Seminary implement policies and procedures to verify that the enrollment reports are submitted timely and accurately. Views of Responsible Officials and Corrective Action Planned: The Seminary hired a third-party financial aid servicer, Financial Aid Services, LLC (?FAS?) who will do the enrollment reporting as part of their contract. The FAS contract was signed May 2022 for the upcoming fiscal year 2022 to 2023. This contract was approved by the Administrative Council in May 2022. The Seminary?s current part-time financial aid coordinator sent out the April 2022 enrollment roster which included student status changes on October 17, 2022. Planned Implementation Date of Corrective Action: December 31, 2022 Responsible Official for Corrective Action: Chief Financial Officer

Finding 2022-002 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act?Student Information Security (Compliance Finding) Information on the Federal Program: U.S. Department of Education 84.268 - Federal Direct Loan Program Federal Award Year: July 1, 2021 to June 30, 2022 Criteria: The Seminary is required to comply with the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Under the Seminary?s Program Participation Agreement with the ED and the Gramm-Leach-Bliley Act, the Seminary must protect student financial aid information, with particular attention to information provided to the Seminary by ED or otherwise obtained in support of the administration of the federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The Seminary did not have a formally documented information security program as required by the Gramm-Leach-Bliley Act and was therefore out of compliance. Cause: The Seminary was not aware of the Special Tests and Provisions ? Gramm-Leach-Bliley Act student information security compliance requirement. Effect or Potential Effect: Student financial aid information may not be adequately protected in accordance with the Gramm-Leach-Bliley Act. Questioned Costs: None Context: Although the Seminary did not have a formally documented information security program as required by the Gramm-Leach-Bliley Act, the Seminary had adequate safeguards in place to protect student financial information. Having a written information security program would not have affected the safeguards the Seminary already had in place to adequately protect student financial information. In addition, the Seminary had designated employees to coordinate the information security program and performed a risk assessment that addresses the requirements of 16 CFR 314.4. Recommendation: We recommend that the Seminary implement policies, procedures, and related controls to comply with the Gramm-Leach-Bliley Act. Views of Responsible Officials and Corrective Action Planned: The Seminary is currently working on developing an Information Security Program in order to meet current and upcoming requirements of the Gramm-Leach-Bliley Act. The Seminary?s plan is to have this developed and implemented before December 9, 2022. Planned Implementation Date of Corrective Action: December 9, 2022 Responsible Official for Corrective Action: Chief of Staff