FAC Explorer

Audit 294326

FY End
2023-06-30
Total Expended
$5.05M
Findings
12
Programs
15
Organization: Seward County Community College (KS)
Year: 2023 Accepted: 2024-03-09
Auditor: Adamsbrown LLC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
374650 2023-003 Significant Deficiency - N
374651 2023-004 Significant Deficiency - N
374652 2023-003 Significant Deficiency - N
374653 2023-003 Significant Deficiency - N
374654 2023-003 Significant Deficiency - N
374655 2023-004 Significant Deficiency - N
951092 2023-003 Significant Deficiency - N
951093 2023-004 Significant Deficiency - N
951094 2023-003 Significant Deficiency - N
951095 2023-003 Significant Deficiency - N
951096 2023-003 Significant Deficiency - N
951097 2023-004 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $1.81M Yes 2
84.268 Federal Direct Student Loans $356,972 Yes 2
84.042 Trio_student Support Services $276,393 - 0
84.002 Adult Education - Basic Grants to States $250,798 - 0
84.048 Career and Technical Education -- Basic Grants to States $196,035 - 0
21.027 Coronavirus State and Local Fiscal Recovery Funds $140,631 - 0
84.336 Teacher Quality Partnership Grants $93,882 - 0
84.007 Federal Supplemental Educational Opportunity Grants $55,600 Yes 1
84.033 Federal Work-Study Program $41,480 Yes 1
84.425 Education Stabilization Fund $30,000 Yes 0
59.037 Small Business Development Centers $22,464 - 0
47.076 Education and Human Resources $10,469 - 0
12.598 Centers for Academic Excellence $4,909 - 0
45.164 Promotion of the Humanities_public Programs $4,094 - 0
93.859 Biomedical Research and Research Training $1,245 - 0

Contacts

Name Title Type
GP2EL6YP5P74 Madalen Day Auditee
6204171017 Danielle Hollingshead Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are presented in accordance with generally accepted accounting principles. Such expenditures are recognized following the cost principles contained in the Uniform Guidance cost principles, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate The accompanying schedule of expenditures of federal awards includes the federal grant activity of Seward County Community College under programs of the federal government for the year ended June 30, 2023.The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Audits of States, Local Governments, and Non-Profit Organizations.
Title: Federal Loan Programs Accounting Policies: Expenditures reported on the Schedule are presented in accordance with generally accepted accounting principles. Such expenditures are recognized following the cost principles contained in the Uniform Guidance cost principles, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate The Federal Direct Student Loans is a program where a student or student’s parent applies for a federal loan. When the loan is approved, the money is transferred to a bank account in Seward County Community College’s name, but the loan funds are designated for the individual student. Total new loans made to eligible students and/or students’ parents pursuant to this program totaled $356,972 for the year ended June 30, 2023.

Finding Details

Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-004
2023-004 – Student Financial Assistance Cluster – Special Tests and Provisions – NSLDS Enrollment Reporting Criteria or specific requirement Institutions are required to report enrollment information under the Pell Grant Program and the Federal Direct Student Loans via the National Student Loan Data System (NSLDS). Because the administration of the Title IV programs depends heavily upon the accuracy and timeliness of the enrollment information reported by institutions, they must review, update, and certify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file. Condition During testing, it was determined that six of the 20 students tested for enrollment status changes did not have those changes properly reflected within their NSLDS records. Context Three of the six students graduated and did not enroll in a subsequent semester, but they did not have their graduated status reported. Two of the students were reported at a higher enrollment level than their actual credit hours reflected. The final student attended the College in the spring of 2023, but they did not enroll in any subsequent semesters. Their withdrawn status was not reported within the required timeframe. Cause Technological errors occurred during the reporting process, such as errors not being sent back to the College by the Clearinghouse, as well as the time calculation report not properly calculating a student’s enrollment status. Effect Students did not have accurate, timely information reported within NSLDS. Recommendation We recommend that the College review its control policies to ensure that reporting is completed accurately and timely. Wherever possible, any technological errors discovered should be pursued with the responsible party in order to try to determine a cause, and a solution or preventative measure should be implemented to prevent future errors from occurring. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-004
2023-004 – Student Financial Assistance Cluster – Special Tests and Provisions – NSLDS Enrollment Reporting Criteria or specific requirement Institutions are required to report enrollment information under the Pell Grant Program and the Federal Direct Student Loans via the National Student Loan Data System (NSLDS). Because the administration of the Title IV programs depends heavily upon the accuracy and timeliness of the enrollment information reported by institutions, they must review, update, and certify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file. Condition During testing, it was determined that six of the 20 students tested for enrollment status changes did not have those changes properly reflected within their NSLDS records. Context Three of the six students graduated and did not enroll in a subsequent semester, but they did not have their graduated status reported. Two of the students were reported at a higher enrollment level than their actual credit hours reflected. The final student attended the College in the spring of 2023, but they did not enroll in any subsequent semesters. Their withdrawn status was not reported within the required timeframe. Cause Technological errors occurred during the reporting process, such as errors not being sent back to the College by the Clearinghouse, as well as the time calculation report not properly calculating a student’s enrollment status. Effect Students did not have accurate, timely information reported within NSLDS. Recommendation We recommend that the College review its control policies to ensure that reporting is completed accurately and timely. Wherever possible, any technological errors discovered should be pursued with the responsible party in order to try to determine a cause, and a solution or preventative measure should be implemented to prevent future errors from occurring. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-004
2023-004 – Student Financial Assistance Cluster – Special Tests and Provisions – NSLDS Enrollment Reporting Criteria or specific requirement Institutions are required to report enrollment information under the Pell Grant Program and the Federal Direct Student Loans via the National Student Loan Data System (NSLDS). Because the administration of the Title IV programs depends heavily upon the accuracy and timeliness of the enrollment information reported by institutions, they must review, update, and certify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file. Condition During testing, it was determined that six of the 20 students tested for enrollment status changes did not have those changes properly reflected within their NSLDS records. Context Three of the six students graduated and did not enroll in a subsequent semester, but they did not have their graduated status reported. Two of the students were reported at a higher enrollment level than their actual credit hours reflected. The final student attended the College in the spring of 2023, but they did not enroll in any subsequent semesters. Their withdrawn status was not reported within the required timeframe. Cause Technological errors occurred during the reporting process, such as errors not being sent back to the College by the Clearinghouse, as well as the time calculation report not properly calculating a student’s enrollment status. Effect Students did not have accurate, timely information reported within NSLDS. Recommendation We recommend that the College review its control policies to ensure that reporting is completed accurately and timely. Wherever possible, any technological errors discovered should be pursued with the responsible party in order to try to determine a cause, and a solution or preventative measure should be implemented to prevent future errors from occurring. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-003
2023-003 – Student Financial Assistance Cluster – Special Tests and Provisions – Student Information Security Criteria or specific requirement The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and are subject to the GBLA. 16 CFR Part 314 requires that information safeguarding standards be implemented by institutions and establishes minimum standards that must be met. Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. This written information is required to include seven elements, and institutions were required to be in compliance no later than June 9, 2023. Condition During testing, it was determined that the College’s written policies did not reflect one of the seven required elements. Context The element that was not in compliance is as follows: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards referenced above include: implement and periodically review access controls; conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted; encrypt customer information on the institution’s system and when it is in transit; assess apps developed by the institution; implement multi-factor authentication for anyone accessing customer information on the institution’s system; dispose of customer information securely; anticipate and evaluate changes to the information system or network; and maintain a log of authorized users’ activity and keep an eye out for unauthorized access. The College had not implemented multi-factor authentication for anyone accessing customer information on its system. The College also did not have a written policy regarding the secure disposal of customer information. Cause The College is in the process of implementing the required aspects of the element, but it was not in compliance by the required date. Effect The College’s written policies did not meet the minimum standards established by 16 CFR Part 314. Recommendation We recommend that the College’s written policies be updated to properly reflect all seven elements required. Views of responsible officials See Corrective Action Plan.
Finding 2023-004
2023-004 – Student Financial Assistance Cluster – Special Tests and Provisions – NSLDS Enrollment Reporting Criteria or specific requirement Institutions are required to report enrollment information under the Pell Grant Program and the Federal Direct Student Loans via the National Student Loan Data System (NSLDS). Because the administration of the Title IV programs depends heavily upon the accuracy and timeliness of the enrollment information reported by institutions, they must review, update, and certify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file. Condition During testing, it was determined that six of the 20 students tested for enrollment status changes did not have those changes properly reflected within their NSLDS records. Context Three of the six students graduated and did not enroll in a subsequent semester, but they did not have their graduated status reported. Two of the students were reported at a higher enrollment level than their actual credit hours reflected. The final student attended the College in the spring of 2023, but they did not enroll in any subsequent semesters. Their withdrawn status was not reported within the required timeframe. Cause Technological errors occurred during the reporting process, such as errors not being sent back to the College by the Clearinghouse, as well as the time calculation report not properly calculating a student’s enrollment status. Effect Students did not have accurate, timely information reported within NSLDS. Recommendation We recommend that the College review its control policies to ensure that reporting is completed accurately and timely. Wherever possible, any technological errors discovered should be pursued with the responsible party in order to try to determine a cause, and a solution or preventative measure should be implemented to prevent future errors from occurring. Views of responsible officials See Corrective Action Plan.