FAC Explorer

Audit 296201

FY End
2023-06-30
Total Expended
$20.08M
Findings
16
Programs
10
Organization: Flagler College, Inc. (FL)
Year: 2023 Accepted: 2024-03-20
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
382620 2023-001 Significant Deficiency - N
382621 2023-002 Significant Deficiency - N
382622 2023-002 Significant Deficiency - N
382623 2023-002 Significant Deficiency - N
382624 2023-002 Significant Deficiency - N
382625 2023-002 Significant Deficiency - N
382626 2023-001 Significant Deficiency - N
382627 2023-002 Significant Deficiency - N
959062 2023-001 Significant Deficiency - N
959063 2023-002 Significant Deficiency - N
959064 2023-002 Significant Deficiency - N
959065 2023-002 Significant Deficiency - N
959066 2023-002 Significant Deficiency - N
959067 2023-002 Significant Deficiency - N
959068 2023-001 Significant Deficiency - N
959069 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $14.85M Yes 2
84.063 Federal Pell Grant Program $3.79M Yes 2
84.425 Education Stabilization Fund $820,631 Yes 0
11.419 Coastal Zone Management Administration Awards $183,733 - 0
84.007 Federal Supplemental Educational Opportunity Grants $148,600 Yes 1
84.033 Federal Work-Study Program $95,258 Yes 1
15.945 Cooperative Research and Training Programs Ð Resources of the National Park System $72,586 - 0
84.038 Federal Perkins Loan Program $64,469 Yes 1
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $41,492 Yes 1
45.129 Promotion of the Humanities_federal/state Partnership $5,000 - 0

Contacts

Name Title Type
PCWMNA2JK646 Stacey Matthews Auditee
9048269613 Bryan Simkanich Auditor
No contacts on file

Notes to SEFA

Title: FEDERAL LOANS DISBURSED Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards and State Financial Assistance include the federal and state award activity of Flagler College, Inc. and are presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance); and Chapter 10.650, Rules of the Auditor General, therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the basic consolidated financial statements. Pass-through entity identifying numbers are presented where available. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The College had Federal Perkins Loans with continuing compliance requirements of $56,464 outstanding at June 30, 2022. During the fiscal year 2023, no new loans were made, resulting in total expenditures of federal awards for Perkins Loans of $56,464 for the year ended June 30, 2023. After considering loan receipts during 2023, the balance outstanding was $49,676 at June 30, 2023. The College also participates in the Federal Direct Loan Program, including Federal Stafford Loans (Stafford) and Federal PLUS Loans (PLUS). The dollar amounts are listed in the schedule of federal awards although the College is not the recipient of the funds. Such programs are considered a component of the student financial assistance cluster. Loans processed by the College under this Loan Program were the following for the year ended June 30, 2023: Stafford: Subsidized $ 4,563,766 Unsubsidized 4,557,950 PLUS 5,730,545 Total $ 14,852,261
Title: PERKINS LOAN PROGRAM Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards and State Financial Assistance include the federal and state award activity of Flagler College, Inc. and are presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance); and Chapter 10.650, Rules of the Auditor General, therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the basic consolidated financial statements. Pass-through entity identifying numbers are presented where available. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. Outstanding balance of Perkins loans administered by the College at June 30, 2023, and loans advanced during the year were as follows: Loan Balance -- Loans Advanced Federal Perkins Loan Program (CFDA #84.038)-- $ 49,676 -- $ -

Finding Details

Finding 2023-001
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant and the Direct loan programs via the National Student Loan Data System (NSLDS) (OMB No. 1845-0035) (Pell, 34 CFR 690.83(b)(2); Direct Loan, 34 CFR 685.309). Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. There are two categories of enrollment information with separate record types; “Campus Level” and “Program Level,” both of which need to be reported accurately and timely. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions must report enrollment changes within 30 days; however, if a roster file is expected within 60 days, you may provide the updated data on that roster file. Condition: During our testing of the Direct Loan and Pell Grant programs, we selected 24 enrollment changes to test for timeliness and accurate reporting of student status changes to the National Student Loan Data System (NSLDS). 3 of 24 enrollment changes tested did not have the correctly reported Program Begin Date within the current program level reporting. Questioned costs Known: None. Context: Out of our sample of 24 students who had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted 3 whom exhibited one instance of noncompliance in the student’s NSLDS Program-Level enrollment data elements that the Department of Education considers high risk. Cause: Lack of appropriate policy and procedure coupled with multiple transitions within the registrar department led to enrollment reporting deficiencies. Effect: The NSLDS system is potentially not updated with correct student information which could cause over subsequent awarding issues or repayment term discrepancies. Repeat Finding: No. Recommendation: We recommend that the College continue to enhance its policies and procedures regarding enrollment reporting including additional monitoring over the third-party service provider to ensure that reporting is completed accurately and timely. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-001
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant and the Direct loan programs via the National Student Loan Data System (NSLDS) (OMB No. 1845-0035) (Pell, 34 CFR 690.83(b)(2); Direct Loan, 34 CFR 685.309). Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. There are two categories of enrollment information with separate record types; “Campus Level” and “Program Level,” both of which need to be reported accurately and timely. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions must report enrollment changes within 30 days; however, if a roster file is expected within 60 days, you may provide the updated data on that roster file. Condition: During our testing of the Direct Loan and Pell Grant programs, we selected 24 enrollment changes to test for timeliness and accurate reporting of student status changes to the National Student Loan Data System (NSLDS). 3 of 24 enrollment changes tested did not have the correctly reported Program Begin Date within the current program level reporting. Questioned costs Known: None. Context: Out of our sample of 24 students who had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted 3 whom exhibited one instance of noncompliance in the student’s NSLDS Program-Level enrollment data elements that the Department of Education considers high risk. Cause: Lack of appropriate policy and procedure coupled with multiple transitions within the registrar department led to enrollment reporting deficiencies. Effect: The NSLDS system is potentially not updated with correct student information which could cause over subsequent awarding issues or repayment term discrepancies. Repeat Finding: No. Recommendation: We recommend that the College continue to enhance its policies and procedures regarding enrollment reporting including additional monitoring over the third-party service provider to ensure that reporting is completed accurately and timely. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-001
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant and the Direct loan programs via the National Student Loan Data System (NSLDS) (OMB No. 1845-0035) (Pell, 34 CFR 690.83(b)(2); Direct Loan, 34 CFR 685.309). Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. There are two categories of enrollment information with separate record types; “Campus Level” and “Program Level,” both of which need to be reported accurately and timely. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions must report enrollment changes within 30 days; however, if a roster file is expected within 60 days, you may provide the updated data on that roster file. Condition: During our testing of the Direct Loan and Pell Grant programs, we selected 24 enrollment changes to test for timeliness and accurate reporting of student status changes to the National Student Loan Data System (NSLDS). 3 of 24 enrollment changes tested did not have the correctly reported Program Begin Date within the current program level reporting. Questioned costs Known: None. Context: Out of our sample of 24 students who had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted 3 whom exhibited one instance of noncompliance in the student’s NSLDS Program-Level enrollment data elements that the Department of Education considers high risk. Cause: Lack of appropriate policy and procedure coupled with multiple transitions within the registrar department led to enrollment reporting deficiencies. Effect: The NSLDS system is potentially not updated with correct student information which could cause over subsequent awarding issues or repayment term discrepancies. Repeat Finding: No. Recommendation: We recommend that the College continue to enhance its policies and procedures regarding enrollment reporting including additional monitoring over the third-party service provider to ensure that reporting is completed accurately and timely. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-001
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: Institutions are required to report enrollment information under the Pell grant and the Direct loan programs via the National Student Loan Data System (NSLDS) (OMB No. 1845-0035) (Pell, 34 CFR 690.83(b)(2); Direct Loan, 34 CFR 685.309). Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. There are two categories of enrollment information with separate record types; “Campus Level” and “Program Level,” both of which need to be reported accurately and timely. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions must report enrollment changes within 30 days; however, if a roster file is expected within 60 days, you may provide the updated data on that roster file. Condition: During our testing of the Direct Loan and Pell Grant programs, we selected 24 enrollment changes to test for timeliness and accurate reporting of student status changes to the National Student Loan Data System (NSLDS). 3 of 24 enrollment changes tested did not have the correctly reported Program Begin Date within the current program level reporting. Questioned costs Known: None. Context: Out of our sample of 24 students who had a reduction or increase in attendance levels, graduated, withdrew, dropped out, or enrolled but never attended during the audit period, we noted 3 whom exhibited one instance of noncompliance in the student’s NSLDS Program-Level enrollment data elements that the Department of Education considers high risk. Cause: Lack of appropriate policy and procedure coupled with multiple transitions within the registrar department led to enrollment reporting deficiencies. Effect: The NSLDS system is potentially not updated with correct student information which could cause over subsequent awarding issues or repayment term discrepancies. Repeat Finding: No. Recommendation: We recommend that the College continue to enhance its policies and procedures regarding enrollment reporting including additional monitoring over the third-party service provider to ensure that reporting is completed accurately and timely. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.
Finding 2023-002
Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Numbers: 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.007 – Supplemental Educational Opportunity Grant 84.033 – College Work study Program 84.379 – Teacher Education Assistance for College and Higher Education Grant 84.038 – Federal Perkins Loans Program Award Period: July 1, 2022, to June 30, 2023 Type of Finding: Other Matters Finding related to Compliance within Uniform Guidance and Significant Deficiency in Internal Controls over Compliance. Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronicannouncements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements. Condition: CLA identified that the college fails to meet one of the compliance requirements outlined in the GLBA Safeguards Rule within 16 CFR 314. Questioned costs Known: None. Context: During our testing, we noted the College failed to meet one of the compliance requirements outlined in the GLBA Safeguards Rule. The College has been continuously drafting and implementing policies as part of their written information security program, however as of June 30, 2023, one requirement was not met. Cause: The College is currently drafting the necessary policy which was not formally in place. Effect: Failure to have a complete written information security program in place causes the College to not be GLBA compliant and potentially put institutional and student data at risk. Repeat Finding: No. Recommendation: We recommend the College finalize its written information security program to ensure its compliant with the GLBA Safeguards Rule along with appropriately managing its information technology and cybersecurity risks. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding. Management has addressed their corrective action plan in a separately issued letter.