FAC Explorer

Audit 295133

FY End
2023-06-30
Total Expended
$12.81M
Findings
24
Programs
6
Organization: Edgewood College, Inc. (WI)
Year: 2023 Accepted: 2024-03-14
Auditor: Baker Tilly US LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
377339 2023-001 Material Weakness - N
377340 2023-001 Material Weakness - N
377341 2023-001 Material Weakness - N
377342 2023-001 Material Weakness - N
377343 2023-001 Material Weakness - N
377344 2023-001 Material Weakness - N
377345 2023-002 Significant Deficiency - N
377346 2023-002 Significant Deficiency - N
377347 2023-002 Significant Deficiency - N
377348 2023-002 Significant Deficiency - N
377349 2023-002 Significant Deficiency - N
377350 2023-002 Significant Deficiency - N
953781 2023-001 Material Weakness - N
953782 2023-001 Material Weakness - N
953783 2023-001 Material Weakness - N
953784 2023-001 Material Weakness - N
953785 2023-001 Material Weakness - N
953786 2023-001 Material Weakness - N
953787 2023-002 Significant Deficiency - N
953788 2023-002 Significant Deficiency - N
953789 2023-002 Significant Deficiency - N
953790 2023-002 Significant Deficiency - N
953791 2023-002 Significant Deficiency - N
953792 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $10.64M Yes 2
84.063 Federal Pell Grant Program $1.32M Yes 2
84.038 Federal Perkins Loan Program $547,665 Yes 2
84.033 Federal Work-Study Program $157,011 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $98,715 Yes 2
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $36,835 Yes 2

Contacts

Name Title Type
V3UVF652MLH6 Jane Wilhelm Auditee
6086632203 Ryan Lay Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal and state awards (the Schedule) includes federal and state award activity of Edgewood College, Inc. (the College) under programs of the federal and state governments for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and the State Single Audit Guidelines. Because this Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College.
Title: Oversight and Cognizant Agencies Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The College’s federal oversight agency for audit is the U.S. Department of Education. The College’s state cognizant agency is the Wisconsin Higher Educational Aids Board.
Title: Federal Student Loan Program Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: Y Rate Explanation: The College has elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program is administered directly by the College, and balances and transactions relating to this program are included in loans to students in the College’s financial statements. Loans in existence as of June 30, 2022 are included as the federal expenditures presented in the Schedule. The balance of loans outstanding at June 30, 2023 is $269,570. The Extension Act amended section 461 of the Higher Education Act to end the College’s authority to make new Perkins Loans after June 30, 2018. The College is not required to assign the outstanding Perkins Loans to the Department or liquidate their Perkins Loan Revolving Funds due to the wind-down of the Perkins Loan Program, however, the College may choose to liquidate at any time in the future. As of June 30, 2023, the College continues to service the Perkins Loan Program.

Finding Details

Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-001
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. Condition: Management’s review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: 17 students were identified with inaccurate data elements reported out of a total of 25 students tested. The sample was a statistically valid sample. Cause: The College’s internal control over compliance for special tests are not operating effectively. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that ED considers high risk and the College’s internal controls over compliance did not detect and correct the errors. Additionally, the College incorrectly reported status changes to NSLDS. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements. Management has corrected the errors.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding 2023-002
Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, 84.268, and 84.379 Programs: Student financial assistance cluster Criteria: The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to implement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it “believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule.” Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. Condition: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. Questioned Costs: The amount of questioned costs could not be determined. Context: The College is required to have documented controls in place to ensure the College has completed information security program available on or before June 9, 2023. Management could not provide documentation that a review occurred. Cause: The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards requirements in the timeframe specified by 16 CFR Part 314. Effect: The ability to adequately safeguard student electronic data may be compromised if the College does not have controls in place to ensure that a timely-prepared information security program to define the various ways in which data is protected is completed. Recommendation: We recommend the College review their policies and procedures in place ensure that the information security program review is documented to support the College’s compliance under the Uniform Guidance. Management Response: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.