FAC Explorer

Audit 297334

FY End
2023-06-30
Total Expended
$3.06M
Findings
14
Programs
6
Organization: Hannibal-Lagrange University (MO)
Year: 2023 Accepted: 2024-03-25
Auditor: Capincrouse LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
384221 2023-002 Significant Deficiency Yes N
384222 2023-002 Significant Deficiency Yes N
384223 2023-002 Significant Deficiency Yes N
384224 2023-002 Significant Deficiency Yes N
384225 2023-002 Significant Deficiency Yes N
384226 2023-003 - - N
384227 2023-003 - - N
960663 2023-002 Significant Deficiency Yes N
960664 2023-002 Significant Deficiency Yes N
960665 2023-002 Significant Deficiency Yes N
960666 2023-002 Significant Deficiency Yes N
960667 2023-002 Significant Deficiency Yes N
960668 2023-003 - - N
960669 2023-003 - - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $2.02M Yes 2
84.063 Federal Pell Grant Program $713,286 Yes 2
84.038 Federal Perkins Loan Program $172,308 Yes 1
84.425 Covid-19 Education Stabilization Fund Heerf-Student Aid Portion $67,314 - 0
84.007 Federal Supplemental Educational Opportunity Grants $48,695 Yes 1
84.033 Federal Work-Study Program $36,608 Yes 1

Contacts

Name Title Type
C173L8LFLCE4 William Stuflick Auditee
5736293058 Chris Dukate, CPA Auditor
No contacts on file

Notes to SEFA

Title: RELATIONSHIP TO FINANCIAL STATEMENTS Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Hannibal-LaGrange University (University) under programs of the federal government for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table
Title: SUBRECIPIENTS, NON-CASH ASSISTANCE, FEDERAL INSURANCE, LOANS, AND LOAN GUARANTEES Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Hannibal-LaGrange University (University) under programs of the federal government for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate The University did not provide any federal funds to subrecipients nor did they receive any federal non-cash assistance, insurance, loans, or loan guarantees.
Title: FEDERAL PERKINS LOAN PROGRAM Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Hannibal-LaGrange University (University) under programs of the federal government for the year ending June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If the University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table

Finding Details

Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Enrollment Reporting to National Student Loan Data System (NSLDS) DEPARTMENT OF EDUCATION ALN #: 84.268 and 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not report enrollment information to the National Student Loan Data System (NSLDS) in an accurate manner. Criteria: 34 CFR 690.83(b) and 34 CFR 685.309 Questioned Costs: $-0- Context: Out of 66 students tested for proper NSLDS enrollment status, 7 students had not been properly reported as graduated to NSLDS. Cause: The University submitted accurate information to their third-party administrator however the University had not performed periodic checks to ensure that student information was uploaded to NSLDS accurately. Effect: Inaccurate reporting can impact a student's loan grace period, in school deferment eligibility, beginning loan repayments, appropriate interest charges, etc. Identification as repeat finding, if applicable: N/A Recommendation: We recommend the University put a system in place to ensure that enrollment is reported timely and accurately. Additionally, we recommend the University complete spot checks of NSLDS enrollment statuses throughout the year including a graduation spot check after each academic term. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Enrollment Reporting to National Student Loan Data System (NSLDS) DEPARTMENT OF EDUCATION ALN #: 84.268 and 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not report enrollment information to the National Student Loan Data System (NSLDS) in an accurate manner. Criteria: 34 CFR 690.83(b) and 34 CFR 685.309 Questioned Costs: $-0- Context: Out of 66 students tested for proper NSLDS enrollment status, 7 students had not been properly reported as graduated to NSLDS. Cause: The University submitted accurate information to their third-party administrator however the University had not performed periodic checks to ensure that student information was uploaded to NSLDS accurately. Effect: Inaccurate reporting can impact a student's loan grace period, in school deferment eligibility, beginning loan repayments, appropriate interest charges, etc. Identification as repeat finding, if applicable: N/A Recommendation: We recommend the University put a system in place to ensure that enrollment is reported timely and accurately. Additionally, we recommend the University complete spot checks of NSLDS enrollment statuses throughout the year including a graduation spot check after each academic term. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully updated its written information security program and security risk assessment and safeguards, including multi-factor authentication on all systems containing personally identifiable information (PII) in light of the revised regulations. Additionally, the University has not fully implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient employee and information security staff training, implemented sufficient vendor management policies and reviews, or provided a written, annual report to the board covering all required areas. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Yes, 2022-002 Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Enrollment Reporting to National Student Loan Data System (NSLDS) DEPARTMENT OF EDUCATION ALN #: 84.268 and 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not report enrollment information to the National Student Loan Data System (NSLDS) in an accurate manner. Criteria: 34 CFR 690.83(b) and 34 CFR 685.309 Questioned Costs: $-0- Context: Out of 66 students tested for proper NSLDS enrollment status, 7 students had not been properly reported as graduated to NSLDS. Cause: The University submitted accurate information to their third-party administrator however the University had not performed periodic checks to ensure that student information was uploaded to NSLDS accurately. Effect: Inaccurate reporting can impact a student's loan grace period, in school deferment eligibility, beginning loan repayments, appropriate interest charges, etc. Identification as repeat finding, if applicable: N/A Recommendation: We recommend the University put a system in place to ensure that enrollment is reported timely and accurately. Additionally, we recommend the University complete spot checks of NSLDS enrollment statuses throughout the year including a graduation spot check after each academic term. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Enrollment Reporting to National Student Loan Data System (NSLDS) DEPARTMENT OF EDUCATION ALN #: 84.268 and 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not report enrollment information to the National Student Loan Data System (NSLDS) in an accurate manner. Criteria: 34 CFR 690.83(b) and 34 CFR 685.309 Questioned Costs: $-0- Context: Out of 66 students tested for proper NSLDS enrollment status, 7 students had not been properly reported as graduated to NSLDS. Cause: The University submitted accurate information to their third-party administrator however the University had not performed periodic checks to ensure that student information was uploaded to NSLDS accurately. Effect: Inaccurate reporting can impact a student's loan grace period, in school deferment eligibility, beginning loan repayments, appropriate interest charges, etc. Identification as repeat finding, if applicable: N/A Recommendation: We recommend the University put a system in place to ensure that enrollment is reported timely and accurately. Additionally, we recommend the University complete spot checks of NSLDS enrollment statuses throughout the year including a graduation spot check after each academic term. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.