Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits.
Condition: During our testing, we noted 2 out of the 9 students tested where the student was not reported in a timely manner after the school determined the students change in status.
Questioned Costs: N/A
Context: Updates to NSLDS were not completed in a timely manner.
Cause: The College did not have a process in place to ensure the student who graduated or withdrew were reported timely.
Effect: The College did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely.
Repeat Finding: No
Auditors’ Recommendation We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: Per the Code of Federal Regulations, 34 CFR 673.5, students may not be under awarded need-based aid in excess of their calculated need. In addition, 34 CFR 685.203(j) states that in no case may a loan amount exceed the student’s estimated cost of attendance for the period of enrollment for which the loan is intended less the student’s estimated financial assistance for that period and in the case of Direct Subsidized Loans, the borrower’s expected family contribution for that period.
Condition: During our testing, we noted for 2 out of 40 students tested, there was an under award of need-based aid in the amount of $2,062 as total aid paid was lower than it should have been relating to the student's total need in the 2022-23 academic year.
Questioned Costs: $2,062
Context: Two students aid should have been repackaged after the College accepted their transfer credits, thus causing an under award in need-based aid.
Cause: Management incorrectly awarded these students based on their transfer credits and financial need.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements policies to review all student award packages at the start of the academic year to ensure no over awards exist.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: No documentation of review as it relates to Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Condition: During testing we noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Questioned Costs: None
Context: During our testing, it was noted there is no formalized process of Federal Work Study, Supplemental Education Opportunity Grants, and Perkins reconciliations.
Cause: Management could incorrectly have amounts of their Federal Work Study, Supplemental Education Opportunity Grants, and Perkins at year-end.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No
Auditor’s Recommendation: We recommend the College implements a formalized yearly reconciliation of Federal Work Study, Perkins, and Supplemental Education Opportunity Grants.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants
84.033 – Federal Work-Study Program
84.038 – Federal Perkins Loan Program
84.063 – Federal Pell Grant Program
84.268 – Federal Direct Student Loans
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance
• Other Matters
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). The first element that an institution’s written information security program must address is the designation of an individual with responsibility for implementing and enforcing an institution’s written information security program. The regulations refer to this individual as the Qualified Individual. If an institution has not designated a Qualified Individual, it is not in compliance with the GLBA requirements. The Qualified Individual has ultimate responsibility and accountability for implementing and enforcing the institution’s information security program (16 CFR 314.4(a)). Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted and Encrypt customer information on the institution’s system and when it’s in transit. Implement multi-factor authentication for anyone accessing customer information on the institution’s system. Dispose of customer information securely. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
Criteria or Specific Requirement (Continued): Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)).
Condition: There are missing items from the Written Information Security Program.
Questioned Costs: N/A
Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there are a few elements missing from the WISP.
Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance.
Effect: The College’s students’ personal information could be vulnerable.
Repeat Finding: No
Auditor’s Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements.
Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.