FAC Explorer

Audit 305378

FY End
2023-08-31
Total Expended
$27.01M
Findings
14
Programs
10
Organization: Hudson Valley Community College (NY)
Year: 2023 Accepted: 2024-05-02
Auditor: Uhy LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
395736 2023-002 - - N
395737 2023-002 - - N
395738 2023-002 - - N
395739 2023-002 - - N
395740 2023-003 - Yes L
395741 2023-003 - Yes L
395742 2023-003 - Yes L
972178 2023-002 - - N
972179 2023-002 - - N
972180 2023-002 - - N
972181 2023-002 - - N
972182 2023-003 - Yes L
972183 2023-003 - Yes L
972184 2023-003 - Yes L

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $11.77M Yes 1
84.268 Federal Direct Student Loans $11.04M Yes 1
84.048 Career and Technical Education -- Basic Grants to States $563,302 - 0
84.007 Federal Supplemental Educational Opportunity Grants $295,614 Yes 1
84.033 Federal Work-Study Program $175,556 Yes 1
47.076 Education and Human Resources $160,717 - 0
64.027 Post-9/11 Veterans Educational Assistance $148,245 - 0
84.126 Rehabilitation Services_vocational Rehabilitation Grants to States $41,930 - 0
84.425 Education Stabilization Fund $1,753 Yes 1
17.285 Apprenticeship USA Grants $-1,050 - 0

Contacts

Name Title Type
LELKBMKKMWN4 Christine Lasch Auditee
5186294513 Brian Kearns Auditor
No contacts on file

Notes to SEFA

Title: NOTE 2 — STUDENT LOAN PROGRAMS Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal grant activity of Hudson Valley Community College (the College) and is presented on the accrual basis of accounting in accordance with accounting principles generally accepted in the United States of America. Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Award. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the basic financial statements. Administrative costs are included in the reported expenditures to the extent such costs are included in the federal financial reports used as the source for the data presented. The College has not elected to utilize the 10% de minimis indirect cost rate in Part 200.414 of the Uniform Guidance. Negative amounts on the Schedule, if any, represent adjustments made to prior year expenditures in the normal course of business. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate. For the year ended August 31, 2023, the College processed $11,044,987 of new loans (net of origination fees), under the Federal Direct Student Loan Program which includes Subsidized Loans, Unsubsidized Loans, and Parent Loans.

Finding Details

Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-002
CFDA Number: Various – SFA Cluster Criteria: Per 16 CFR 314.4 (c)(5), the College is required to implement multi-factor authentication for any individual accessing any information system, unless the Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls. Per the FSA Electronic Announcement GENERAL-23-09, institutions were required to implement this rule by June 9, 2023. Condition: The College did not fully implement multi-factor authentication by June 9, 2023, which was the effective deadline. Cause: The College is currently still in the process of implementing multi-factor authentication on the WIReD system. Effect: The College is not in compliance with the requirement set by the Safeguards Rule under the Gramm-Leach-Bliley Act. Prevalence: Implementing multi-factor authentication proved to be more complicated and timeconsuming for the student information system WIReD. Multi-factor authentication or equivalent access controls are in place for all other systems containing student information, and all other elements of the Safeguards Rule appear to be in place as required. Recommendation: The College should implement multi-factor authentication for all systems as soon as possible and reference MFA in the written Information Security Program. The College should also enhance its training and procedures to ensure that any future adjustments to Gramm Leach Bliley Act continue to be met in a timely manner. Management’s Response and Planned Corrective Action: Management acknowledged that implementation of multi-factor authentication for the WIReD system has taken more time due to the complexity of the systems in place. The multi-factor authentication on the WIReD system was implemented and went into effect on March 26, 2024.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.
Finding 2023-003
CFDA Number: 84.425 Education Stabilization Fund Criteria: Student and institutional quarterly portion reporting requirements involve publicly posting completed forms on the institution’s website no later than 10 days after the end of each calendar quarter (September 30, December 31, March 31, and June 30). Condition: Quarterly reports for the quarters ended March 31, 2023 and June 30, 2023 were not posted to the College’s website within 10 days after the end of each quarter. Cause: Lean staffing continues to provide challenges to management for timely reporting. Effect: The College is not in compliance with the federal regulations for HEERF public reporting during 2023. Prevalence: The College posted the reports for the quarters ended March 31, 2023 and June 30, 2023 to their website after the applicable deadline. The reports for the quarters ended September 30, 2022 and December 31, 2022 were reviewed, submitted and posted on time. Recommendation: The College should evaluate and enhance its procedures to ensure that reports are posted to the website by the applicable deadlines. Management’s Response and Planned Corrective Action: Management has enhanced their internal processes for preparing, reviewing, and posting the quarterly reports on time.