Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal agency: Department of Education
Federal program title: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.063, 84.268, 84.033
Federal Award Identification Number and Year: P268K236759 - 2023, P033A223433 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023
Award Period: July 1, 2022, to June 30, 2023
Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Context: During our testing, we noted one out of five vendors tested did not have proper documentation for suspension and debarment verification. Questioned costs: None.
Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed.
Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors.
Repeat finding: No
Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification.
Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.063, 84.268, 84.033 Federal Award Identification Number and Year: P007A223440 - 2023, P063P223215 - 2023, P268K233215 - 2023, P033A223440 – 2023, P007A223442 - 2023, P063P222046 - 2023, P268K232046 - 2023, P033A223442 - 2023 Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Compliance, Other Matter
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Code of Federal Regulations (34 CFR 685.309) requires enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: Oklahoma State University Oklahoma City (OSU OKC) and Oklahoma State University Institute of Technology (OSUIT) did not properly report student enrollment changes for students who received federal student aid to the National Student Loan Data System (NSLDS). Context: During our testing of 5 students at OSU OKC, we noted all 5 student's status changes were reported after the 60-day reporting requirement. During our testing of 3 students at OSUIT we noted all 3 student's status changes were reported after the 60-day reporting requirement. Questioned costs: None Cause: The Student Financial Aid Office does not have a process in place to ensure all enrollment changes are reported within 60 days to NSLDS. Effect: If the NSLDS system is not updated with the student information, over awards could occur should the student transfer to another institution and the student may not properly enter the repayment period. Repeat finding: No Recommendation: We recommend OSU OKC and OSUIT review current processes for reporting to NSLDS and implement procedures to ensure submissions are reported timely and accurately. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.038, 84.063, 84.268, 84.379, 84.033 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The university was missing all of the requirements from the Gram-Leach-Bliley Act except for having a WISP, implementation of multi-factor authentication, and implementation of policies and procedures to ensure personnel are able to enact information security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance Effect: The University could fail to address risks related to the University’s IT safeguards as stated in the Gramm-Leach-Bliley act. Repeat finding: No Recommendation: CLA recommends that the University review the updated GLBA requirements and ensure their WISP includes all required elements. View of responsible official: Management agrees with the finding and has already implemented a corrective plan.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.
Federal Agency: US Department of Education Federal Program Title: Education Stabilization Fund Assistance Listing Number: 84.425 Federal Award Identification Number and Year: Various Award Period: July 1, 2022, to June 30, 2023 Type of Finding Compliance, Other Matter Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: Per 2 CFR 180.300, when entering into a covered transaction with another person (an individual, corporation, partnership, association, unit of government, or legal entity), you must verify that the person with whom you intend to do business is not excluded or disqualified. Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University did not retain proper documentation for suspension and debarment verification. Questioned costs: None. Cause: The University doesn't have proper controls in place to ensure suspension and debarment requirements are monitored and reviewed. Effect: Failure to assess suspension and debarment could lead to the University working with unqualified vendors. Repeat finding: No Recommendation: We recommend the University review procedures to monitor and retain documentation for suspension and debarment verification. Views of responsible officials: Management agrees with the finding and has developed a plan to correct the finding.