FAC Explorer

Audit 298423

FY End
2023-06-30
Total Expended
$7.58M
Findings
20
Programs
9
Organization: Ripon College (WI)
Year: 2023 Accepted: 2024-03-27
Auditor: Baker Tilly US LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
386053 2023-001 Significant Deficiency - N
386054 2023-001 Significant Deficiency - N
386055 2023-001 Significant Deficiency - N
386056 2023-001 Significant Deficiency - N
386057 2023-001 Significant Deficiency - N
386058 2023-002 Significant Deficiency - N
386059 2023-002 Significant Deficiency - N
386060 2023-002 Significant Deficiency - N
386061 2023-002 Significant Deficiency - N
386062 2023-002 Significant Deficiency - N
962495 2023-001 Significant Deficiency - N
962496 2023-001 Significant Deficiency - N
962497 2023-001 Significant Deficiency - N
962498 2023-001 Significant Deficiency - N
962499 2023-001 Significant Deficiency - N
962500 2023-002 Significant Deficiency - N
962501 2023-002 Significant Deficiency - N
962502 2023-002 Significant Deficiency - N
962503 2023-002 Significant Deficiency - N
962504 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $4.32M Yes 2
84.038 Federal Perkins Loan Program $1.30M Yes 2
84.063 Federal Pell Grant Program $1.29M Yes 2
84.042 Trio_student Support Services $306,950 - 0
84.007 Federal Supplemental Educational Opportunity Grants $164,306 Yes 2
84.033 Federal Work-Study Program $142,041 Yes 2
47.049 Mathematical and Physical Sciences $33,888 - 0
47.076 Education and Human Resources $23,517 - 0
84.334 Gaining Early Awareness and Readiness for Undergraduate Programs $1,000 - 0

Contacts

Name Title Type
HHASQQ5NK611 Dr. Stephen M. Coan Auditee
9207488325 Ryan Lay, CPA Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedules are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedules represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedules of expenditures of federal and state awards (the Schedules) include the federal and state award activity of Ripon College (the College) under programs of the federal and state government for the year ended June 30, 2023. The information in these Schedules is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) and the State Single Audit Guidelines. Because the Schedules present only a selected portion of the operations of the College, they are not intended to and do not present the financial position, changes in net assets or cash flows of the College.
Title: Federal Perkins Loan Program Accounting Policies: Expenditures reported on the Schedules are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedules represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program is administered directly by the College, and balances and transactions relating to these programs are included in the College's financial statements. Loans outstanding at the beginning of the year and loans made during the year are included in the federal expenditures presented in the Schedules. The balance of loans outstanding at June 30, 2023 totaled $1,059,740. The Perkins Loan Program has ended and no additional loans were granted in the year ended June 30, 2023.

Finding Details

Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-001
2023-001 Agencies: U.S Department of Education Federal Assistance Listing Number:, 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Questioned Costs: The amount of questioned costs could not be determined. Context: Fifteen students were identified with inaccurate data elements reported out of a total of 46 students tested. Cause: The College’s internal control over compliance did not detect and correct the errors. The preparer did not update the student’s status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment data elements that DOE considers high risk. Effect: The College incorrectly reported certain Campus-Level and Program-Level records in NSLDS which is information that DOE considers high risk and the Institute’s internal controls over compliance did not detect and correct the errors. Recommendation: We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to DOE. A review performed by an appropriate individual separate from the preparer prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. Management Response: Management is in agreement with the finding. The student enrollment status for the identified students were corrected in September 2023 by the Registrar's Office. Management is reviewing policies and procedures to verify that enrollment status reported to the National Student Clearinghouse is correctly reflected within NSLDS.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.
Finding 2023-002
2023-002 Agencies: U.S Department of Education Federal Assistance Listing Number: 84.038, 84.063, 84.007, 84.033, and 84.268 Programs: Student financial assistance cluster Finding Type: Noncompliance and significant deficiency in internal control over compliance relating to special tests Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm- Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4(b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 as required by 16 CFR 314.4 (b). Questioned Costs: The amount of questioned costs could not be determined. Context: The College did not have a written procedure policy that outlined the design and implementation of the Gramm-Leach-Bliley Act safeguards for each area identified within 16 CFR 314.4 (b), therefore the College did not comply with the compliance requirement. However, the College has safeguards for each area identified within 16 CFR 314.4 (b). Cause: The College did not have internal controls in place to address the risk assessment required by the Gramm-Leach-Bliley Act (GLBA). Effect: The Institute has no documentation of the risk assessment performed and the related safeguards for each risk identified. Recommendation: We recommend management review 16 CFR 314.4 (b) to perform a risk assessment that addresses the three required areas, which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This risk assessment should be documented, and we recommend that the College document the approval and acceptance of the risk assessment. In addition, we recommend management review internal control processes for special tests and provisions on an annual basis. Management Response: Management is in agreement with the finding. The College is working with a cybersecurity partner to assist with GLBA compliance and cybersecurity hardening of the College’s infrastructure. The cybersecurity partner will assist in preparing the required documentation that addresses the risk assessment of the areas noted in the finding.