FAC Explorer

Audit 297474

FY End
2023-06-30
Total Expended
$34.33M
Findings
16
Programs
11
Organization: Eastern University (PA)
Year: 2023 Accepted: 2024-03-25
Auditor: Capincrouse LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
384358 2023-001 Material Weakness Yes N
384359 2023-002 Significant Deficiency - N
384360 2023-002 Significant Deficiency - N
384361 2023-002 Significant Deficiency - N
384362 2023-002 Significant Deficiency - N
384363 2023-002 Significant Deficiency - N
384364 2023-002 Significant Deficiency - N
384365 2023-003 - Yes E
960800 2023-001 Material Weakness Yes N
960801 2023-002 Significant Deficiency - N
960802 2023-002 Significant Deficiency - N
960803 2023-002 Significant Deficiency - N
960804 2023-002 Significant Deficiency - N
960805 2023-002 Significant Deficiency - N
960806 2023-002 Significant Deficiency - N
960807 2023-003 - Yes E

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $29.60M Yes 2
84.063 Federal Pell Grant Program $3.16M Yes 2
84.038 Federal Perkins Loan Program $369,563 Yes 1
84.031 Higher Education Institutional Aid - Developing Hispanic Serving Institutions $330,121 - 0
84.033 Federal Work-Study Program $246,466 Yes 1
84.007 Federal Supplemental Educational Opportunity Grants $233,430 Yes 1
84.184 Safe and Drug-Free Schools and Communities_national Programs $204,632 - 0
84.425 Covid-19 Education Stabilization Fund Heerf - Institutional Portion $90,928 - 0
84.425 Covid-19 Education Stabilization Fund Heerf - Minority Serving Institutions $55,383 - 0
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $26,874 Yes 1
84.335 Child Care Access Means Parents in School $11,421 - 0

Contacts

Name Title Type
HEJ8RLLYCJH5 Trevor S. Jackson Auditee
6102255699 Fran Brown, CPA Auditor
No contacts on file

Notes to SEFA

Title: RELATIONSHIP TO FINANCIAL STATEMENTS Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Eastern University under programs of the federal government for the year ended June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If Eastern University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table
Title: SUBRECIPIENTS, NON-CASH ASSISTANCE, FEDERAL INSURANCE, LOANS, AND LOAN GUARANTEES Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Eastern University under programs of the federal government for the year ended June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If Eastern University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate Eastern University did not provide any federal funds to subrecipients nor did they receive any federal non-cash assistance, insurance, loans, or loan guarantees.
Title: FEDERAL PERKINS LOAN PROGRAM Accounting Policies: The accompanying schedule of expenditures of federal awards (the schedule) includes the federal grant activity of Eastern University under programs of the federal government for the year ended June 30, 2023. The information in the schedule is presented in accordance with the requirements of the Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Therefore, some amounts presented in the schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Expenditures in the schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. If Eastern University is required to match certain federal assistance, as defined by the grant agreements, no such matching has been included as expenditures in the schedule. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate See the Notes to the SEFA for chart/table

Finding Details

Finding 2023-001
Untimely Returns of Title IV Funds (R2T4) Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: When students withdrew either officially or unofficially, the University did not always return unearned Title IV aid timely. Criteria: 34 CFR 668.22 Questioned Costs: $-0- Context: Out of 25 students tested for accurate and timely R2T4s, 5 students who withdrew during the audit period tested had $5,255 returned late. Four of the late returns were made after the fiscal year and between 160-475 days late. One return was during the fiscal year and 109 days late. Cause: This was an oversight by the University. Effect: Returns of Title IV funds were not performed timely. Identification as repeat finding, if applicable: 2022-002 Recommendation: We recommend a zero-credit report be run at the end of each semester to ensure all unofficial withdrawals are followed up on so that R2T4s are completed timely when required. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Incorrect Pell Calculations DEPARTMENT OF EDUCATION ALN #: 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: Pell was not awarded based on enrollment status and Expected Family Contribution (EFC). Criteria: 34 CFR 690.63(b) Questioned Costs: $58 Context: Out of 42 students tested, two students were under awarded Pell based on their enrollment level. The total amount of Pell under awards was $1,885. One student was over awarded $58 in Pell due to the incorrect EFC being used. Cause: The over award of Pell was an oversight by the University. The under awards of Pell were students who changed enrollment status and did not have Pell adjusted accordingly. Effect: Students not awarded Pell based on eligibility. Identification as repeat finding, if applicable: 2022-004 Recommendation: We recommend a process be used to adjust the Pell formula used to be paid in alignment with enrollment status. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-001
Untimely Returns of Title IV Funds (R2T4) Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: When students withdrew either officially or unofficially, the University did not always return unearned Title IV aid timely. Criteria: 34 CFR 668.22 Questioned Costs: $-0- Context: Out of 25 students tested for accurate and timely R2T4s, 5 students who withdrew during the audit period tested had $5,255 returned late. Four of the late returns were made after the fiscal year and between 160-475 days late. One return was during the fiscal year and 109 days late. Cause: This was an oversight by the University. Effect: Returns of Title IV funds were not performed timely. Identification as repeat finding, if applicable: 2022-002 Recommendation: We recommend a zero-credit report be run at the end of each semester to ensure all unofficial withdrawals are followed up on so that R2T4s are completed timely when required. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-002
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not updated its written information security program in alignment with the revised regulations; sufficiently documented its security risk assessment and safeguards, including general threats; implemented multi-factor authentication on systems containing personally identifiable information (PII); implemented continuous monitoring, such as penetration testing and vulnerability scanning; implemented sufficient vendor management policies and reviews; implemented an incident response plan; or provided a written, annual report to the board. Cause: The University has not allocated sufficient resources to address and document compliance with the updated requirements of GLBA. Effect: The University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the University allocate sufficient resources to address all updated requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2023-003
Incorrect Pell Calculations DEPARTMENT OF EDUCATION ALN #: 84.063 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: Pell was not awarded based on enrollment status and Expected Family Contribution (EFC). Criteria: 34 CFR 690.63(b) Questioned Costs: $58 Context: Out of 42 students tested, two students were under awarded Pell based on their enrollment level. The total amount of Pell under awards was $1,885. One student was over awarded $58 in Pell due to the incorrect EFC being used. Cause: The over award of Pell was an oversight by the University. The under awards of Pell were students who changed enrollment status and did not have Pell adjusted accordingly. Effect: Students not awarded Pell based on eligibility. Identification as repeat finding, if applicable: 2022-004 Recommendation: We recommend a process be used to adjust the Pell formula used to be paid in alignment with enrollment status. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.