FAC Explorer

Audit 298271

FY End
2023-06-30
Total Expended
$47.40M
Findings
12
Programs
11
Organization: Muskingum University (OH)
Year: 2023 Accepted: 2024-03-27
Auditor: Schneider Downs

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
385424 2023-001 Significant Deficiency - N
385425 2023-001 Significant Deficiency - N
385426 2023-001 Significant Deficiency - N
385427 2023-001 Significant Deficiency - N
385428 2023-001 Significant Deficiency - N
385429 2023-001 Significant Deficiency - N
961866 2023-001 Significant Deficiency - N
961867 2023-001 Significant Deficiency - N
961868 2023-001 Significant Deficiency - N
961869 2023-001 Significant Deficiency - N
961870 2023-001 Significant Deficiency - N
961871 2023-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
10.766 Community Facilities Loans and Grants $28.00M Yes 0
84.268 Federal Direct Student Loans $14.65M Yes 1
84.063 Federal Pell Grant Program $3.05M Yes 1
84.038 Federal Perkins Loan Program $519,241 Yes 1
84.031 Higher Education_institutional Aid $331,894 - 0
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $185,301 Yes 1
84.425E Education Stabilization Fund $181,239 - 0
17.280 Workforce Investment Act (wia) Dislocated Worker National Reserve Demonstration Grants $157,424 - 0
84.033 Federal Work-Study Program $149,638 Yes 1
84.007 Federal Supplemental Educational Opportunity Grants $142,836 Yes 1
21.019 Coronavirus Relief Fund $38,210 - 0

Contacts

Name Title Type
RRUANWMAHDZ3 Kevin Brown Auditee
7408268113 Patrick Kerns Auditor
No contacts on file

Notes to SEFA

Title: Basis of Accounting Accounting Policies: The accompanying schedule of expenditures of federal awards (the "Schedule") includes the federal award activity of the University under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the "Schedule") includes the federal award activity of the University under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. The University has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance.
Title: Federal Perkins Loan Program Accounting Policies: The accompanying schedule of expenditures of federal awards (the "Schedule") includes the federal award activity of the University under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program is administered directly by the Univeristy, and balances and transactions relating to these programs are included in the University’s basic financial statements. Loans outstanding at the beginning of the year and loans made during the year were $374,055.

Finding Details

Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.
Finding 2023-001
The Gramm-Leach-Bliley Act (Public Law 106-102) (“GLBA”) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (“16 CFR 314”). Under 16 CFR 314 f(d), the University should regularly test or otherwise monitor the effectiveness of the safeguards it has implemented. Under 16 CFR 314.4 (e)(1), the University should implement policies and procedures to ensure that personnel are able to enact the information security program. The University does not have a formalized information security program to document the policies and procedures relevant with respect to requirements under 16 CFR 314.4(e)(1). The University does not regularly conduct vulnerability assessments, penetration testing, or other procedures to monitor its implemented safeguards as required under 16 CFR 314 f(d). Without a formalized policy in place surrounding its information security program, the University is not able to fully determine its compliance under the GLBA requirements, including the requirement to regularly test or otherwise monitor the effectiveness of its safeguards. Lack of regular testing or monitoring the effectiveness of the safeguards established could lead to the lack of timely identification of ineffectiveness or missing safeguards that could help detect or prevent breaches or other similar issues.