FAC Explorer

Audit 290774

FY End
2023-06-30
Total Expended
$4.17M
Findings
8
Programs
7
Organization: Wells College (NY)
Year: 2023 Accepted: 2024-02-16
Auditor: Bonadio & CO LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
369499 2023-001 Significant Deficiency - N
369500 2023-001 Significant Deficiency - N
369501 2023-001 Significant Deficiency - N
369502 2023-001 Significant Deficiency - N
945941 2023-001 Significant Deficiency - N
945942 2023-001 Significant Deficiency - N
945943 2023-001 Significant Deficiency - N
945944 2023-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $2.88M Yes 1
84.063 Federal Pell Grant Program $896,122 Yes 1
84.042 Trio_student Support Services $221,649 - 0
84.033 Federal Work-Study Program $81,633 Yes 1
84.007 Federal Supplemental Educational Opportunity Grants $74,678 Yes 1
12.598 Centers for Academic Excellence $15,000 - 0
10.912 Environmental Quality Incentives Program $5,174 - 0

Contacts

Name Title Type
L7Z6C842FBY5 Robert Cree Auditee
3153643408 Karen Lynch Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) summarizes the expenditures of Wells College (the College) under programs of the federal government for the year ended June 30, 2023 and has been prepared in accordance with accounting principles generally accepted in the United States. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the schedule presents only a selected portion of the operations of the College, it is not intended to, and does not, present the financial position, change in net assets, or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the schedule) summarizes the expenditures of Wells College (the College) under programs of the federal government for the year ended June 30, 2023 and has been prepared in accordance with accounting principles generally accepted in the United States. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the schedule presents only a selected portion of the operations of the College, it is not intended to, and does not, present the financial position, change in net assets, or cash flows of the College.
Title: Basis of Accounting Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) summarizes the expenditures of Wells College (the College) under programs of the federal government for the year ended June 30, 2023 and has been prepared in accordance with accounting principles generally accepted in the United States. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the schedule presents only a selected portion of the operations of the College, it is not intended to, and does not, present the financial position, change in net assets, or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. Expenditures reported on the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement.
Title: Federal Student Loan Programs Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) summarizes the expenditures of Wells College (the College) under programs of the federal government for the year ended June 30, 2023 and has been prepared in accordance with accounting principles generally accepted in the United States. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the schedule presents only a selected portion of the operations of the College, it is not intended to, and does not, present the financial position, change in net assets, or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. The Perkins Loan program is administered directly by the College and balances and transactions relating to this program are included in the College’s financial statements. The net balance of the loans outstanding under the Perkins program was $48,405 at June 30, 2023. The Perkins Loan Program was terminated effective June 30, 2019 and no additional loans will be distributed.
Title: Indirect Cost Rate Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) summarizes the expenditures of Wells College (the College) under programs of the federal government for the year ended June 30, 2023 and has been prepared in accordance with accounting principles generally accepted in the United States. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the schedule presents only a selected portion of the operations of the College, it is not intended to, and does not, present the financial position, change in net assets, or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. The College has elected not to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance.

Finding Details

Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
Finding 2023-001
Finding 2023-001 – Student Financial Assistance Cluster Federal Agency – U.S. Department of Education Grant Period – Year ended June 30, 2023 Compliance Requirement – N. Gramm-Leach-Bliley Act–Student Information Security Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314). Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement. Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment. Effect – The College was not in compliance with the Department of Education’s requirements for GLBA. Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.