FAC Explorer

Audit 298492

FY End
2023-06-30
Total Expended
$36.94M
Findings
8
Programs
15
Organization: Northwest Mississippi Community College (MS)
Year: 2023 Accepted: 2024-03-27
Auditor: Forvis LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
386104 2023-001 Significant Deficiency - N
386105 2023-001 Significant Deficiency - N
386106 2023-001 Significant Deficiency - N
386107 2023-001 Significant Deficiency - N
962546 2023-001 Significant Deficiency - N
962547 2023-001 Significant Deficiency - N
962548 2023-001 Significant Deficiency - N
962549 2023-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $15.50M Yes 1
84.268 Federal Direct Student Loans $6.03M Yes 1
84.002 Adult Education - Basic Grants to States $603,105 - 0
84.425 Education Stabilization Fund $371,972 Yes 0
84.048 Career and Technical Education -- Basic Grants to States $350,434 - 0
17.259 Wia Youth Activities $350,379 - 0
84.007 Federal Supplemental Educational Opportunity Grants $319,383 Yes 1
93.558 Temporary Assistance for Needy Families $295,571 - 0
84.042 Trio_student Support Services $286,378 - 0
84.033 Federal Work-Study Program $251,216 Yes 1
17.278 Wia Dislocated Worker Formula Grants $157,884 - 0
93.575 Child Care and Development Block Grant $60,528 - 0
17.258 Wia Adult Program $42,916 - 0
90.204 States' Economic Development Assistance Program $41,578 - 0
21.027 Coronavirus State and Local Fiscal Recovery Funds $17,000 Yes 0

Contacts

Name Title Type
KJNWGJ3KDR21 Connie Joseph Auditee
6625623386 Mark Nicolas Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has a negotiated indirect cost rate of 40%. The accompanying schedule of expenditures of federal awards (the “Schedule”) includes the federal award activity of the Northwest Mississippi Community College under programs of the federal government for the year ended June 30, 2023. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net position, or cash flows of the College.
Title: Summary of Significant Accounting Policies Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has a negotiated indirect cost rate of 40%. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years.
Title: Indirect Cost Rate Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has a negotiated indirect cost rate of 40%. The College has a negotiated indirect cost rate of 40%.
Title: Loan or loan guarantee programs Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has a negotiated indirect cost rate of 40%. The federal award programs of the College had no outstanding loan balances nor were there any loan guarantees as of June 30, 2023.

Finding Details

Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.
Finding 2023-001
Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.