FAC Explorer

Audit 293636

FY End
2023-06-30
Total Expended
$7.42M
Findings
32
Programs
4
Organization: Point University, Inc. and Subsidiaries (GA)
Year: 2023 Accepted: 2024-03-05
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
372378 2023-001 Significant Deficiency Yes L
372379 2023-002 Significant Deficiency Yes L
372380 2023-003 Significant Deficiency - N
372381 2023-004 Significant Deficiency - N
372382 2023-001 Significant Deficiency Yes L
372383 2023-002 Significant Deficiency Yes L
372384 2023-003 Significant Deficiency - N
372385 2023-004 Significant Deficiency - N
372386 2023-001 Significant Deficiency Yes L
372387 2023-002 Significant Deficiency Yes L
372388 2023-003 Significant Deficiency - N
372389 2023-004 Significant Deficiency - N
372390 2023-001 Significant Deficiency Yes L
372391 2023-002 Significant Deficiency Yes L
372392 2023-003 Significant Deficiency - N
372393 2023-004 Significant Deficiency - N
948820 2023-001 Significant Deficiency Yes L
948821 2023-002 Significant Deficiency Yes L
948822 2023-003 Significant Deficiency - N
948823 2023-004 Significant Deficiency - N
948824 2023-001 Significant Deficiency Yes L
948825 2023-002 Significant Deficiency Yes L
948826 2023-003 Significant Deficiency - N
948827 2023-004 Significant Deficiency - N
948828 2023-001 Significant Deficiency Yes L
948829 2023-002 Significant Deficiency Yes L
948830 2023-003 Significant Deficiency - N
948831 2023-004 Significant Deficiency - N
948832 2023-001 Significant Deficiency Yes L
948833 2023-002 Significant Deficiency Yes L
948834 2023-003 Significant Deficiency - N
948835 2023-004 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $4.21M Yes 4
84.063 Federal Pell Grant Program $3.09M Yes 4
84.007 Federal Supplemental Educational Opportunity Grants $66,406 Yes 4
84.033 Federal Work-Study Program $54,868 Yes 4

Contacts

Name Title Type
KGSKYSPJZBN3 Rusty Hassell Auditee
7067848685 Chad Lassen Auditor
No contacts on file

Notes to SEFA

Title: FEDERAL LOANS DISBURSED Accounting Policies: BASIS OF PRESENTATION The accompanying schedule of expenditures of federal awards includes the federal award activity of Point University (the University) and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the basic consolidated financial statements. There were no noncash awards in the current year. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10% de minimum indirect cost rate for allocation. The University participates in the Federal Direct Loan Program, including Federal Stafford Loans (Stafford) and Federal PLUS Loans (PLUS). The dollar amounts are listed in the schedule of expenditures of federal awards, although the University is not the recipient of the funds. Such programs are considered a component of the student financial assistance cluster. Loans processed by the University under this Loan Program were the following for the year ended June 30, 2023: Federal Stafford Loans: Subsidized -- $ 1,538,070 Unsubsidized -- 2,002,541 Direct PLUS Loans -- 670,847 Total Federal Direct Loans-- $ 4,211,458
Title: SUBRECIPIENTS, NONCASH ASSISTANCE, FEDERAL INSURANCE, LOANS, AND LOAN GUARANTEES Accounting Policies: BASIS OF PRESENTATION The accompanying schedule of expenditures of federal awards includes the federal award activity of Point University (the University) and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the basic consolidated financial statements. There were no noncash awards in the current year. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10% de minimum indirect cost rate for allocation. The University did not provide any federal funds to sub recipients nor did they receive any federal noncash assistance, insurance, loans, or loan guarantees.

Finding Details

Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.301(a)(2)(iii) outlines that an institution must provide the anticipated and actual disbursements dates of loan proceeds. In addition, The Code of Federal Regulations, 34 CFR 690.83(b)(2) outlines that an institution must provide the other information (Disbursement information for Pell) in an appropriate manor. Condition: Disbursement dates recorded on student accounts for Direct Loan and Pell disbursements did not agree to the disbursement date reported to Common Origination and Disbursement (COD). Questioned costs: Unknown as incorrect dates ultimately affect interest on Direct Loans. Context: In 3 of the 60 students tested, we noted discrepancies in disbursement dates when comparing disbursements dates in Campus Nexus to what was ultimately reported to COD. Cause: Lack of appropriate policy and procedure in place regarding reporting of students to COD for the year under audit. Effect: Noncompliance with federal regulations which could lead to incorrect repayment terms for students. Repeat Finding: Yes – 2022-002 Recommendation: We recommend that the University review their policies and procedures to ensure accurate reporting to COD. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level as well as the program begin date. In addition, at a minimum, schools are required to certify enrollment every 60 days, and respond within 15 days of the date that NSLDS sends a Roster file to the school or its third-party servicer. Condition: Incorrect or untimely reporting by the University of Students’ Changes in status during the 2020-2021 award year under audit. Questioned costs: Unknown. Context: Out of the 17 students tested noted 1 or more discrepancies, as follows:  2 students’ status was incorrectly reported to NSDLS.  1 student’s’ enrollment effective date was not reported correctly to NSLDS.  1 students’ enrollment status change was not reported to NSLDS within 60 days. Cause: Lack of appropriate policy and procedure in place regarding NSLDS enrollment reporting for the year under audit. Effect: Noncompliance with federal regulations which could lead to untimely and incorrect reporting of enrollment information to NSLDS. Repeat Finding: Yes – 2022-004 Recommendation: We recommend that the University review their enrollment reporting policies and procedures to ensure accurate reporting. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-003
Federal Agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 690.62 states the Pell grant for an academic year is based upon the payment and disbursement scheduled published by the Secretary for each award year. The payment schedules take into account the cost of attendance, the student’s EFC and the enrollment status of the student. The Code of Federal Regulations, 34 CFR 690.6(a) states a student is eligible to receive a Federal Pell Grant for the period of time required to complete his or her first undergraduate baccalaureate course of study. Condition: During our testing, we identified 5 students who had Pell award errors. Questioned costs: Known costs of $1,421 Context: 5 instances out of 60 students tested. Cause: Consistent turnover in the financial aid office within recent years had likely led to a disconnect with regard to controls in place to appropriately package and review students' financial aid during this period. Effect: Potential incorrect awarding and unfulfilled financial need of students in similar circumstances. Repeat Finding: No Recommendation: We recommend that the University ensures they have appropriate policies and procedures, as well as safeguards in place to ensure Pell eligibility and awarding is correctly determined. Views of responsible officials: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-004
Federal agency: Department of Education Federal program title: Student Financial Aid Cluster Assistance Listing Number: 84.033, 84.063, 84.007, 84.379, 84.268 Federal Award Identification Number and Year: P033A223771 (CWS 22‐23), P063P220377 (Pell 22‐23), P007A223771 (SEOG 22‐23), P268K230377 (Direct Loan 2023) Award Period: July 1, 2022, through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act (GLBA), schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Condition: The University was not in compliance with GLBA. Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and we identified that the university does not meet the compliance requirements outlined in the GLBA Safeguards Rule. Specifically, discrepancies were identified in requirement B.6, which addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). The University does not have Vendor Management Program that has standards in place to oversee critical system service providers. This includes the due diligence, risk assessments, and annual reviews that the University is not performing as it relates to 3rd party service providers. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University and student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.