Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal agency: Department of Education
Federal program title: Student Financial Aid Cluster
CFDA Numbers: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to explain their information-sharing practices to their customers and to safeguard sensitive data (16
CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information
security program that is written in one or more readily accessible parts. The regulations require the
written information security program to include nine elements for institutions with 5,000 or more
customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with
fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The
elements that an institution must address in its written information security program are at 16 CFR
314.4. At a minimum, the institution’s written information security program must address the
implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including:
Assess apps developed by the institution. In addition, the written security program provides for the
institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented
(16 CFR 314.4(d)).
Condition: Under an institution’s Program Participation Agreement with the Department of Education
and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with
particular attention to information provided to institutions by the Department or otherwise obtained in
support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: These GLBA requirements were applicable beginning on June 9, 2023. During our testing, we
noted certain components of the GLBA requirements that, although they have been implemented by the
University, were not included in the University’s written information security program (WISP). The
specific components were identified in requirement B.3, pertaining to the implementation of periodic
review and implementation of user access controls, encryption controls, the use of multi-factor
authentication, and change management policy. Furthermore, it was noted that the WISP did not
describe the University’s policies for penetration testing or vulnerability scans.
Cause: There was not a formal process in place to compare the WISP against all the new GLBA
requirements to ensure compliance.
Effect: The University’s WISP does not include all of the required elements.
Repeat finding: No
Recommendation: We recommend that the College review the updated GLBA requirements and
ensure their WISP includes all required elements. We do note that after June 30, 2023 the University
has updated the WISP to include all of the required elements.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.
Federal Agency: Department of Education
Federal Program Title: Research and Development
CFDA Number: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters)
Criteria or specific requirement: Per Uniform Guidance 2 CFR sections 200.212, 200.318(h) and
180.300, along with 48 CFR section 52.209-6, a non-federal entity must have procedures for verifying
that an entity with which it plans to enter into a covered transaction is not debarred, suspended, or
otherwise excluded.
Condition: The University could not produce documentation to show that they performed suspension
and debarment verification procedures prior to contracting with the vendors.
Questioned costs: None.
Context: For 2 of vendors we tested, the University did not maintain documentation to demonstrate
that verification procedures were performed prior to contracting with the vendors. However, the
University was able to subsequently verify that the vendors were not suspended or debarred.
Cause: While the University has suspension and debarment procedures in place, they did not
document that the check had been completed for these 2 vendors.
Effect: If verification procedures are not performed in a timely manner, the University could enter into
contracts with vendors who are suspended or debarred and risk noncompliance and/or disallowed
costs.
Repeat Finding: No.
Recommendation: We recommend the University document suspension and debarment procedures
going forward for any aggregate disbursements with vendors greater than $25,000.
Views of responsible officials: There is no disagreement with the audit finding. Management has
addressed their corrective action plan in a separately issued letter.