FAC Explorer

Audit 308594

FY End
2023-08-31
Total Expended
$883,507
Findings
8
Programs
2
Organization: Center for Integrated Care D/b/a Seattle Institute of East Asian Medicine (WA)
Year: 2023 Accepted: 2024-06-11
Auditor: Sikich CPA LLC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
400556 2023-001 Material Weakness - E
400557 2023-001 Material Weakness - E
400558 2023-002 Material Weakness - N
400559 2023-002 Material Weakness - N
976998 2023-001 Material Weakness - E
976999 2023-001 Material Weakness - E
977000 2023-002 Material Weakness - N
977001 2023-002 Material Weakness - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $880,898 Yes 2
84.033 Federal Work-Study Program $2,609 Yes 2

Contacts

Name Title Type
DNY4UVM3NZE5 Craig Mitchell Auditee
2065174541 Ray Krouse Auditor
No contacts on file

Notes to SEFA

Title: NOTE 2 - FEDERAL LOAN PROGRAM Accounting Policies: The accompanying schedule of expenditures of federal awards is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements. De Minimis Rate Used: N Rate Explanation: Center for Integrated Care d/b/a Seattle Institute of East Asian Medicine did not elect the 10% federal de minimis indirect cost rate. For the year ended August 31, 2023, Center for Integrated Care d/b/a Seattle Institute of East Asian Medicine acted as a pass-through agency for Direct Federal Stafford Loans (unsubsidized and PLUS) to students and parents in the amount of $880,898.
Title: NOTE 3 - OTHER INFORMATION Accounting Policies: The accompanying schedule of expenditures of federal awards is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Therefore, some amounts presented in this schedule may differ from amounts presented in, or used in the preparation of, the financial statements. De Minimis Rate Used: N Rate Explanation: Center for Integrated Care d/b/a Seattle Institute of East Asian Medicine did not elect the 10% federal de minimis indirect cost rate. Center for Integrated Care d/b/a Seattle Institute of East Asian Medicine did not receive any federal insurance or federal noncash assistance and did not provide any amounts to sub-recipients.

Finding Details

Finding 2023-001
Criteria: The disbursement amounts and dates reported to the Department of Education must be the amounts and dates of the actual disbursement to the students’ accounts (CFR 34 668.164). Condition: The Organization did not report actual loan disbursement dates to the Common Origination and Disbursement (COD) system for 7 of the 8 students in the sample (87.5%). We consider this condition to be a material weakness in internal control over compliance relating to the Eligibility compliance requirement. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The Organization noted this was an error that occurred using the G5 drawdown date instead of the actual disbursement date per the students’ account ledgers. Effect: The result is incorrect disbursement dates were reported to the Department of Education. Recommendation: We recommend the Organization correct the disbursement dates in COD and tighten controls over reporting disbursement dates. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-001
Criteria: The disbursement amounts and dates reported to the Department of Education must be the amounts and dates of the actual disbursement to the students’ accounts (CFR 34 668.164). Condition: The Organization did not report actual loan disbursement dates to the Common Origination and Disbursement (COD) system for 7 of the 8 students in the sample (87.5%). We consider this condition to be a material weakness in internal control over compliance relating to the Eligibility compliance requirement. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The Organization noted this was an error that occurred using the G5 drawdown date instead of the actual disbursement date per the students’ account ledgers. Effect: The result is incorrect disbursement dates were reported to the Department of Education. Recommendation: We recommend the Organization correct the disbursement dates in COD and tighten controls over reporting disbursement dates. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-002
Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The Organization failed to implement the new Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The condition was caused by the Organization’s security officer being unaware of the new GLBA requirements. Effect: The result is the Organization did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purposes of administering the Title IV programs. Recommendation: We recommend the Organization update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-002
Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The Organization failed to implement the new Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The condition was caused by the Organization’s security officer being unaware of the new GLBA requirements. Effect: The result is the Organization did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purposes of administering the Title IV programs. Recommendation: We recommend the Organization update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-001
Criteria: The disbursement amounts and dates reported to the Department of Education must be the amounts and dates of the actual disbursement to the students’ accounts (CFR 34 668.164). Condition: The Organization did not report actual loan disbursement dates to the Common Origination and Disbursement (COD) system for 7 of the 8 students in the sample (87.5%). We consider this condition to be a material weakness in internal control over compliance relating to the Eligibility compliance requirement. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The Organization noted this was an error that occurred using the G5 drawdown date instead of the actual disbursement date per the students’ account ledgers. Effect: The result is incorrect disbursement dates were reported to the Department of Education. Recommendation: We recommend the Organization correct the disbursement dates in COD and tighten controls over reporting disbursement dates. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-001
Criteria: The disbursement amounts and dates reported to the Department of Education must be the amounts and dates of the actual disbursement to the students’ accounts (CFR 34 668.164). Condition: The Organization did not report actual loan disbursement dates to the Common Origination and Disbursement (COD) system for 7 of the 8 students in the sample (87.5%). We consider this condition to be a material weakness in internal control over compliance relating to the Eligibility compliance requirement. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The Organization noted this was an error that occurred using the G5 drawdown date instead of the actual disbursement date per the students’ account ledgers. Effect: The result is incorrect disbursement dates were reported to the Department of Education. Recommendation: We recommend the Organization correct the disbursement dates in COD and tighten controls over reporting disbursement dates. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-002
Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The Organization failed to implement the new Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The condition was caused by the Organization’s security officer being unaware of the new GLBA requirements. Effect: The result is the Organization did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purposes of administering the Title IV programs. Recommendation: We recommend the Organization update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2023-002
Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The Organization failed to implement the new Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Cause: The condition was caused by the Organization’s security officer being unaware of the new GLBA requirements. Effect: The result is the Organization did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purposes of administering the Title IV programs. Recommendation: We recommend the Organization update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.