Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Higher Education Emergency Relief Fund
Assistance Listing Number: 84.425E
Federal Award Identification Number and Year: P425E204430-2023
Award Period: May 14, 2020 to June 30, 2023
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Beginning with the second quarter 2022 quarterly report (due July 10, 2022)
institutions must complete and post on their websites using a new combined institutional and student reporting
form. This new form includes new reporting categories on mental health spending, HEERF (a)(2) construction
flexibilities, and lost revenue and combines the separate institutional and student reporting requirements. As
before, this form must be conspicuously posted on the institutions’ website no later than 10 days after the
calendar quarter (January 10, April 10, July 10, and October 10) as long as the institution’s HEERF grant is
active.
Condition: The University failed to submit one (1) quarterly report within 10 after the December 31, 2022 quarter
end in accordance with the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University failed to submit one (1) of the four (4) required quarterly reports in accordance with the
stated criteria.
Cause: The University did not timely complete the quarterly report in accordance with the stated criteria.
Effect: The University was not compliant with the stated criteria for the timely submission of one (1) quarterly
report.
Repeat Finding: No
Recommendation: We recommend the University review its policies and procedures for the filing of the HEERF
required reports to ensure that there is sufficient time in the process to meet the due date in accordance with the
stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Provides for the design and implementation of safeguards to control the risks
the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written
information security program must address the implementation of the minimum safeguards identified in 16 CFR
314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must
address are summarized as follows:
Implement and periodically review access controls.
Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted.
Encrypt customer information on the institution’s system and when it’s in transit.
Assess apps developed by the institution.
Implement multi-factor authentication for anyone accessing customer information on the institution’s
system.
Dispose of customer information securely.
Anticipate and evaluate changes to the information system or network.
Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Condition: The University's 'Information Security Plan' does not include the required elements of the assessment
of applications developed by the institution as included in the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University does not have the required element included in the stated criteria.
Cause: The University is in process of developing a policy for internally developed applications, but has not
completed the policy as of the end of the fiscal year under audit.
Effect: There is a risk that the University may not follow the policy for internally developed applications to ensure
the security related to the maintenance and transmission of sensitive information.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy as a part of the
University's 'Information Security Plan' as included in the stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, 84.268
Federal Award Identification Number and Year: P007A224513-2023; P033A224513-2023; P268K232439-2023;
P063P222439-2023; P379T232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.077, 84.033, 84.063)
January 1, 2022 to July 29, 2044 (84.268)
January 1, 2022 to September 30, 2043 (84.379)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Criteria or specific requirement: It is the University’s responsibility to establish and maintain systems of internal
control over compliance that includes proper segregation of duties.
Condition: The University does not have a formal process to document the review and approval of the cash
management process using the G-5 system.
Questioned costs: None
Context: During the fiscal year ended June 30, 2023, the University did not have a formal process to document
the review and approval of the cash management process using the G-5 system.
Cause: Due to turnover in key positions at the University, there was a period of time during the fiscal year ended
June 30, 2023 where there was not a formal process to document the review and approval of the cash
management process using the G-5 system.
Effect: There is a risk that an error or omission could occur from the lack of review over the cash management
process.
Repeat Finding: No
Recommendation: We recommend that the University work to formally document the policy establishing systems
of internal control over compliance that includes proper segregation of duties.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.063, 84.268
Federal Award Identification Number and Year: P063P222439-2023; P268K232439-2023
Award Period: March 25, 2022 to August 31, 2028 (84.063)
January 1, 2022 to July 29, 2044 (84.268)
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant
and the Direct and FFEL loan programs via the NSLDS (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the SFA Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the
Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website which the financial aid
administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment
Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two
categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported
accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements
and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process.
Condition: The University failed to reconcile the enrollment effective date per the institution records and the
enrollment effective date per NSLDS.
Questioned costs: None
Context: We noted two (2) out of sixty (60) students selected for testing, where the program enrollment effective
date per the institution records and the program enrollment effective date per NSLDS do not agree.
Cause: The University’s internal controls failed to detect that the data reported and posted to NSLDS that do not
agree to the University’s records.
Effect: The University failed to comply with the stated criteria.
Repeat Finding: No
Recommendation: We recommend that the University review its processes and internal controls to includes a
review of all manual adjustment made within NSLDS.
Views of responsible officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Higher Education Emergency Relief Fund
Assistance Listing Number: 84.425E
Federal Award Identification Number and Year: P425E204430-2023
Award Period: May 14, 2020 to June 30, 2023
Type of Finding:
Significant Deficiency in Internal Control over Compliance
Other Matters
Criteria or specific requirement: Beginning with the second quarter 2022 quarterly report (due July 10, 2022)
institutions must complete and post on their websites using a new combined institutional and student reporting
form. This new form includes new reporting categories on mental health spending, HEERF (a)(2) construction
flexibilities, and lost revenue and combines the separate institutional and student reporting requirements. As
before, this form must be conspicuously posted on the institutions’ website no later than 10 days after the
calendar quarter (January 10, April 10, July 10, and October 10) as long as the institution’s HEERF grant is
active.
Condition: The University failed to submit one (1) quarterly report within 10 after the December 31, 2022 quarter
end in accordance with the stated criteria.
Questioned costs: There are no questioned costs.
Context: The University failed to submit one (1) of the four (4) required quarterly reports in accordance with the
stated criteria.
Cause: The University did not timely complete the quarterly report in accordance with the stated criteria.
Effect: The University was not compliant with the stated criteria for the timely submission of one (1) quarterly
report.
Repeat Finding: No
Recommendation: We recommend the University review its policies and procedures for the filing of the HEERF
required reports to ensure that there is sufficient time in the process to meet the due date in accordance with the
stated criteria.
Views of responsible officials: There is no disagreement with the audit finding.