FAC Explorer

Audit 291373

FY End
2023-06-30
Total Expended
$57.02M
Findings
26
Programs
23
Organization: University of Hartford (CT)
Year: 2023 Accepted: 2024-02-20
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
369851 2023-002 Significant Deficiency - P
369852 2023-004 Significant Deficiency - P
369853 2023-002 Significant Deficiency - P
369854 2023-004 Significant Deficiency - P
369855 2023-001 Significant Deficiency - P
369856 2023-002 Significant Deficiency - P
369857 2023-004 Significant Deficiency - P
369858 2023-002 Significant Deficiency - P
369859 2023-003 Significant Deficiency Yes P
369860 2023-004 Significant Deficiency - P
369861 2023-002 Significant Deficiency - P
369862 2023-003 Significant Deficiency Yes P
369863 2023-004 Significant Deficiency - P
946293 2023-002 Significant Deficiency - P
946294 2023-004 Significant Deficiency - P
946295 2023-002 Significant Deficiency - P
946296 2023-004 Significant Deficiency - P
946297 2023-001 Significant Deficiency - P
946298 2023-002 Significant Deficiency - P
946299 2023-004 Significant Deficiency - P
946300 2023-002 Significant Deficiency - P
946301 2023-003 Significant Deficiency Yes P
946302 2023-004 Significant Deficiency - P
946303 2023-002 Significant Deficiency - P
946304 2023-003 Significant Deficiency Yes P
946305 2023-004 Significant Deficiency - P

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $45.27M Yes 3
84.063 Federal Pell Grant Program $6.07M Yes 3
84.038 Federal Perkins Loan Program $2.59M Yes 3
43.008 Education $878,938 - 0
84.033 Federal Work-Study Program $750,000 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $489,622 Yes 2
59.043 Women's Business Ownership Assistance $163,697 - 0
84.425E Education Stabilization Fund $122,580 - 0
84.425X Education Stabilization Fund $117,000 - 0
20.205 Highway Planning and Construction $106,764 - 0
84.215 Fund for the Improvement of Education $89,618 - 0
14.218 Community Development Block Grants/entitlement Grants $65,000 - 0
47.076 Education and Human Resources $47,840 - 0
12.420 Military Medical Research and Development $37,896 - 0
47.243 Early Childhood Mental Health Program $32,455 - 0
84.425C Education Stabilization Fund $31,894 - 0
93.191 Graduate Psychology Education Program and Patient Navigator and Chronic Disease Prevention Program $19,050 - 0
81.140 Los Alamos National Laboratory - Fire Protection $17,447 - 0
47.041 Computer and Information Science and Engineering $14,652 - 0
93.110 Maternal and Child Health Federal Consolidated Programs $14,468 - 0
84.037 Federal Perkins Loan Cancellations $9,245 Yes 0
47.070 Education and Human Resources $4,058 - 0
11.417 Sea Grant Support $351 - 0

Contacts

Name Title Type
G1HAYR9Y1FJ9 Vicki Raivitch Auditee
2156433900 Vicki Raivitch Auditor
No contacts on file

Notes to SEFA

Title: LOAN PROGRAM Accounting Policies: BASIS OF PRESENTATION The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of the University of Hartford (the University) for the year ended June 30, 2023 and is presented on the accrual basis of accounting. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principals, and Audit Requirements of Federal Awards. This Schedule presents only a selected portion of the University’s operations, and it is not intended to and does not present the financial position, changes in net assets or cash flows of the University. De Minimis Rate Used: N Rate Explanation: The University applies its predetermined approved facilities and administrative rate when charging indirect costs to federal awards rather than the 10% de minimis cost rate as described in Section 200.414 of the Uniform Guidance. The University has negotiated a predetermined facilities and administration cost rate, which is effective for the period of July 1, 2016 through June 30, 2022. The predetermined rate is based upon 2016 financial information and is 43% for on-campus and 32% for off-campus research. The base used to calculate indirect costs for the University is direct salaries and wages. During the year ended June 30, 2023, the University processed $45,270,009 of new loans under the Federal Direct Loan Program (Assistance Listing Number 84.268). With respect to the Direct Loan program, the University is responsible only for the performance of certain administrative duties as part of the initial disbursement of the loans, and, accordingly, these loan balances are not in the University’s financial statements. It is not practical to determine the balances of loans outstanding from students of the University under this program as of June 30, 2023. Under federal law, the authority for schools to make new loans under the Perkins Loan Program ended on September 30, 2017, and final disbursements were permitted through June 30, 2018. The amount included on the schedule of expenditures of federal awards includes the outstanding balance as of June 30, 2022 of $2,957,366. The outstanding loan balance as of June 30, 2023 was $2,586,909. Perkins loan cancellations (Assistance Listing Number 84.037) equaled $9,245 for the year ended June 30, 2023.

Finding Details

Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-001
2023-001 – Perkins Loan Recordkeeping and Record Retention  Federal Agency: U.S. Department of Education Federal Program Title: Federal Perkins Loan Program Federal Assistance Listing Number: 84.038 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: An institution shall keep original promissory notes and repayment schedules until Perkins loans are satisfied. If required to release original documents in order to enforce the loan, the institution must retain certified true copies of those documents. An institution shall keep the original paper promissory note or original paper MPN and repayment schedules in a locked, fireproof container (34 CFR 674.19(e)(4)). Condition: Original promissory notes were unable to be located. Questioned costs: None. Context: During our testing, we noted 6 instances out of 40 open Perkins loans tested where the University was unable to locate the original promissory note. Cause: The University did not have the appropriate policies and procedures in place when Perkins loans were awarded to students in order to ensure that recordkeeping and retention regulations were being followed. Effect: Open loan balances for these loans are not supported by an original promissory note. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around recordkeeping and record retention. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-003
2023-003 – National Student Loan Data System (NSLDS) Reporting  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: -One student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Full-time but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. -One student out of the sample of 40 students tested was reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. -Three students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students’ grace period should begin. Repeat finding: Yes, 2022-003. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-003
2023-003 – National Student Loan Data System (NSLDS) Reporting  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: -One student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Full-time but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. -One student out of the sample of 40 students tested was reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. -Three students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students’ grace period should begin. Repeat finding: Yes, 2022-003. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-001
2023-001 – Perkins Loan Recordkeeping and Record Retention  Federal Agency: U.S. Department of Education Federal Program Title: Federal Perkins Loan Program Federal Assistance Listing Number: 84.038 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: An institution shall keep original promissory notes and repayment schedules until Perkins loans are satisfied. If required to release original documents in order to enforce the loan, the institution must retain certified true copies of those documents. An institution shall keep the original paper promissory note or original paper MPN and repayment schedules in a locked, fireproof container (34 CFR 674.19(e)(4)). Condition: Original promissory notes were unable to be located. Questioned costs: None. Context: During our testing, we noted 6 instances out of 40 open Perkins loans tested where the University was unable to locate the original promissory note. Cause: The University did not have the appropriate policies and procedures in place when Perkins loans were awarded to students in order to ensure that recordkeeping and retention regulations were being followed. Effect: Open loan balances for these loans are not supported by an original promissory note. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around recordkeeping and record retention. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-003
2023-003 – National Student Loan Data System (NSLDS) Reporting  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: -One student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Full-time but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. -One student out of the sample of 40 students tested was reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. -Three students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students’ grace period should begin. Repeat finding: Yes, 2022-003. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.
Finding 2023-002
2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.
Finding 2023-003
2023-003 – National Student Loan Data System (NSLDS) Reporting  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: -One student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Full-time but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. -One student out of the sample of 40 students tested was reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. -Three students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students’ grace period should begin. Repeat finding: Yes, 2022-003. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2023-004
2023-004 – Tier One and Tier Two Arrangements  Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations 34 CFR 668.164(e) and (f), an institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. The regulation establishes two different types of arrangements between schools and financial account providers: Tier One or Tier Two. Under both arrangements, a school must provide to the Department of Education an up-to-date URL for the contract for publication in a centralized database accessible to the public. Unless the school has a Tier Two arrangement under the threshold, the URL must also include the contract data information. Condition: Certain arrangement criteria’s were not reported to the Department o Education. Questioned costs: None Context: During testing, it was determined that the University has a Tier One contract with a third-party. Per review of the Federal Student Aid site, under "Cash Management Contracts”, it was determined that the University had not provided a URL to the Department of Education regarding its Tier One arrangement. Cause: This requirement was new for the University during the year; however, due to capacity and demands on federal requirements, this is still a work in process. Effect: Noncompliance can lead to the University potentially losing Title IV aid eligibility. Repeat finding: No Recommendation: We recommend the University review its policies and procedures on reporting requirements to the Department if Education in respects to these requirements. Views of responsible officials: Management agrees with the finding.