FAC Explorer

Audit 290458

FY End
2023-06-30
Total Expended
$8.86M
Findings
32
Programs
9
Organization: Connors State College (OK)
Year: 2023 Accepted: 2024-02-14
Auditor: Cliftonlarsonallen (cla) LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
369035 2023-002 Significant Deficiency - N
369036 2023-002 Significant Deficiency - N
369037 2023-002 Significant Deficiency - N
369038 2023-002 Significant Deficiency - N
369039 2023-003 Significant Deficiency - N
369040 2023-003 Significant Deficiency - N
369041 2023-003 Significant Deficiency - N
369042 2023-003 Significant Deficiency - N
369043 2023-004 Significant Deficiency - N
369044 2023-004 Significant Deficiency - N
369045 2023-004 Significant Deficiency - N
369046 2023-004 Significant Deficiency - N
369047 2023-005 Significant Deficiency - N
369048 2023-005 Significant Deficiency - N
369049 2023-005 Significant Deficiency - N
369050 2023-005 Significant Deficiency - N
945477 2023-002 Significant Deficiency - N
945478 2023-002 Significant Deficiency - N
945479 2023-002 Significant Deficiency - N
945480 2023-002 Significant Deficiency - N
945481 2023-003 Significant Deficiency - N
945482 2023-003 Significant Deficiency - N
945483 2023-003 Significant Deficiency - N
945484 2023-003 Significant Deficiency - N
945485 2023-004 Significant Deficiency - N
945486 2023-004 Significant Deficiency - N
945487 2023-004 Significant Deficiency - N
945488 2023-004 Significant Deficiency - N
945489 2023-005 Significant Deficiency - N
945490 2023-005 Significant Deficiency - N
945491 2023-005 Significant Deficiency - N
945492 2023-005 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $4.37M Yes 4
84.268 Federal Direct Student Loans $3.47M Yes 4
84.042 Trio_student Support Services $318,567 - 0
84.031 Higher Education_institutional Aid $277,857 - 0
84.007 Federal Supplemental Educational Opportunity Grants $161,181 Yes 4
93.558 Temporary Assistance for Needy Families $97,341 - 0
84.033 Federal Work-Study Program $87,252 Yes 4
93.575 Child Care and Development Block Grant $71,505 - 0
84.048 Career and Technical Education -- Basic Grants to States $5,244 - 0

Contacts

Name Title Type
FKK7V1NT6228 Michael Lewis Auditee
9184636358 Chris Suda Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes all federal award activity of the College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position or cash flows of the College. De Minimis Rate Used: N Rate Explanation: N/A The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes all federal award activity of the College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position or cash flows of the College.
Title: Summary of Significant Accounting Policies Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes all federal award activity of the College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position or cash flows of the College. De Minimis Rate Used: N Rate Explanation: N/A Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance.
Title: Federal Direct Student Loans Program Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes all federal award activity of the College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position or cash flows of the College. De Minimis Rate Used: N Rate Explanation: N/A The College participates in the Federal Direct Student Loans Program (the Program), Assistance Listing Number (ALN) 84.268, which includes Federal Subsidized Direct Loans, Federal Unsubsidized Direct Loans, Federal Graduate Student PLUS Direct Loans and Federal Direct Parent Loans for Undergraduate Students. The Program requires the College to draw down cash, and the College is required to perform certain administrative functions under the Program. Failure to perform such functions may require the College to reimburse the loan guarantee agencies. The College is not responsible for the collection of these loans. The value of loans made during the audit period are considered federal awards expended for the audit period.
Title: Subrecipients Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes all federal award activity of the College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position or cash flows of the College. De Minimis Rate Used: N Rate Explanation: N/A During the year ended June 30, 2023, the College did not provide any federal awards to subrecipients.

Finding Details

Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-002
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states the school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Fifteen exceptions were observed during Enrollment Reporting testing. The fifteen exceptions were reported beyond the sixty-day allowable timeframe. Context: 15 of the 40 enrollment changes were reported to NSLDS greater than 60 days from change. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: Student could have inaccurate loan status if their enrollment status is not changed timely. Repeat finding: No Recommendation: CLA recommends implementing a formal review process that involves footing the report to verify clerical accuracy and detect errors during the preparation of the report. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-003
Criteria or specific requirement: The Department of Education requires institutions to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: We noted 1 out of 40 COD disbursements tested, were not reported within the required 15 days to COD. Context: 1 of the 40 COD disbursements had applied dates greater than 15 days from the disbursement dates. Questioned costs: N/A Cause: The Student Financial Aid Office does not have a process in place to ensure all disbursements are reported within 15 days to COD. Effect: Student interest accrues based on disbursement date reported to COD, thus interest calculation could be misstated due to the discrepancy in disbursement dates reported. Repeat finding: No Recommendation: We recommend that the student financial aid department work to ensure disbursements are reported to COD within 15 days of the disbursement date. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-004
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.164(h)(2) states that an institution that attempts to disburse funds by check and the check is not cashed, the institution must return the funds to the Secretary no later than 240 days after the date it issued that check. The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: Connors State College had 7 instance of Title IV refund checks to students that were outstanding longer than 240 days as of June 30, 2023. Context: During the testing of the outstanding Title IV student check listing CLA observed seven instances of stale checks at Connors that were aged greater than 240 days. Questioned costs: N/A Cause: Connors State College had controls in place to catch stale checks and reissue, but financial personnel was not catching reissues over 240 days. Effect: Funds are not returned to the Department of Education in a timely manner Repeat finding: No Recommendation: We recommend that the College start to reconcile stale checks to student disbursement info by check number. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Finding 2023-005
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). The Code of Federal Regulations, 2 CFR 200.303, required that entities must establish and maintain internal controls which provide reasonable assurance that federal award expenditures are in compliance with Federal statutes, regulations, and the terms and conditions of the Federal Award. Condition: The college was missing all of the requirements from the Gramm-Leach-Bliley Act except for having a Written Information Security Program and secure disposal of customer information. Context: The institution has been in compliance with previous iterations of GLBA regulations. The Written Information Security Program (WISP) which was required as of June 9, 2023 had missing elements but a Qualified Individual was designated for overseeing and implementing the WISP. Some controls were in place whereas others were not. They did, however, have a WISP as of the deadline but it was missing some required information. Questioned costs: N/A Cause: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Effect: Student personal information could be vulnerable Repeat finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.