FAC Explorer

Audit 322835

FY End
2023-12-31
Total Expended
$2.26M
Findings
4
Programs
4
Organization: Centra Health, Inc. (VA)
Year: 2023 Accepted: 2024-09-30
Auditor: Bdo USA PC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
499909 2023-001 Significant Deficiency Yes N
499910 2023-001 Significant Deficiency Yes N
1076351 2023-001 Significant Deficiency Yes N
1076352 2023-001 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $1.43M Yes 1
84.063 Federal Pell Grant Program $526,342 Yes 1
97.036 Disaster Grants - Public Assistance (presidentially Declared Disasters) $279,356 - 0
84.425 Education Stabilization Fund $24,995 - 0

Contacts

Name Title Type
HNR1MNZJGYJ1 Robert Tonkinson Auditee
4342004708 Andrea Spetrini Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Centra has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Centra Health, Inc. and Subsidiaries (Centra), under programs of the federal government for the year ended December 31, 2023. The Schedule of Centra includes the following legal entities: (See the Notes to the SEFA for chart/table" The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of Centra, it is not intended to and does not present the financial position, changes in net assets, or cash flows of Centra.
Title: Subrecipients Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Centra has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. Centra did not provide federal awards to subrecipients for the year ended December 31, 2023.
Title: Federal Student Loan Programs Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Centra has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. Centra participates in the Federal Direct Loan Program (ALN: 84.268) (the Program), which includes the Federal Direct Subsidized Loan Program, the Federal Direct Unsubsidized Loan Program, and the Federal Direct PLUS Program. The Program requires Centra to request cash from the Department of Education and disburse such funds. Centra is responsible only for the performance of certain administrative functions with respect to the Program, and accordingly, these loans are not included in Centra’s consolidated financial statements. It is not practicable to determine the balance of loans outstanding to students and former students of the Centra College of Nursing under the Program at December 31, 2023. Loan advances under the Program during the year ended December 31, 2023 have been reflected in the Schedule.
Title: Donated Personal Protective Equipment (Unaudited) Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Centra has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. During the year ended December 31, 2023, Centra did not receive any personal protective equipment.

Finding Details

Finding 2023-001
Information on the Federal Program - Federal Pell Grant (ALN: 84.063); Federal Direct Loans (ALN: 84.268) Criteria or Specific Requirement – The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the GLBA because they appear to be significantly engaged in wiring funds to consumers. Under an institution’s Program Participation Agreement with the Department of Education (ED) and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the federal student financial aid programs. Accordingly, institutions are required to develop, implement, and maintain a written comprehensive information security program. Condition – During our audit procedures, we noted that Centra’s written information security program did not meet all minimum requirements of the GLBA and therefore was not fully in compliance with the requirement. Cause – Insufficient internal controls and administrative oversight with respect to the Special tests and provisions (N) compliance requirement. Effect or Potential Effect – Centra is not fully in compliance with the GLBA requirement for the year ended December 31, 2023. Questioned Costs – None. Context – During 2023, Centra designated a qualified individual responsible for overseeing and implementing and enforcing a information security program (16 CFR 314.4(a)). However, the remaining six elements of the GLBA (16 CFR 314.4(b)–(g)) were still in process of being implemented as of December 31, 2023. As of December 31, 2023, six of the seven elements were either partially implemented or not implemented. Repeat Finding – This is a repeat of prior year finding 2022-001. Recommendation - We recommend that Centra maintain appropriate internal controls and administrative oversight in order to fully comply with the GLBA requiremenets of 16 CFR 314.4(b)–(g). Such would include (i) performance of a risk assessment; (ii) assessment, design, and implementation of safeguards; (iii) regularly test and monitor the safeguards; (iv) ensure ability to enact the information security program; (v) oversee service providers; and (vi) adjust in light of results of testing and monitoring. Views of Responsible Officials – Centra management agrees with this finding and is in process of implementing a corrective action plan.
Finding 2023-001
Information on the Federal Program - Federal Pell Grant (ALN: 84.063); Federal Direct Loans (ALN: 84.268) Criteria or Specific Requirement – The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the GLBA because they appear to be significantly engaged in wiring funds to consumers. Under an institution’s Program Participation Agreement with the Department of Education (ED) and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the federal student financial aid programs. Accordingly, institutions are required to develop, implement, and maintain a written comprehensive information security program. Condition – During our audit procedures, we noted that Centra’s written information security program did not meet all minimum requirements of the GLBA and therefore was not fully in compliance with the requirement. Cause – Insufficient internal controls and administrative oversight with respect to the Special tests and provisions (N) compliance requirement. Effect or Potential Effect – Centra is not fully in compliance with the GLBA requirement for the year ended December 31, 2023. Questioned Costs – None. Context – During 2023, Centra designated a qualified individual responsible for overseeing and implementing and enforcing a information security program (16 CFR 314.4(a)). However, the remaining six elements of the GLBA (16 CFR 314.4(b)–(g)) were still in process of being implemented as of December 31, 2023. As of December 31, 2023, six of the seven elements were either partially implemented or not implemented. Repeat Finding – This is a repeat of prior year finding 2022-001. Recommendation - We recommend that Centra maintain appropriate internal controls and administrative oversight in order to fully comply with the GLBA requiremenets of 16 CFR 314.4(b)–(g). Such would include (i) performance of a risk assessment; (ii) assessment, design, and implementation of safeguards; (iii) regularly test and monitor the safeguards; (iv) ensure ability to enact the information security program; (v) oversee service providers; and (vi) adjust in light of results of testing and monitoring. Views of Responsible Officials – Centra management agrees with this finding and is in process of implementing a corrective action plan.
Finding 2023-001
Information on the Federal Program - Federal Pell Grant (ALN: 84.063); Federal Direct Loans (ALN: 84.268) Criteria or Specific Requirement – The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the GLBA because they appear to be significantly engaged in wiring funds to consumers. Under an institution’s Program Participation Agreement with the Department of Education (ED) and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the federal student financial aid programs. Accordingly, institutions are required to develop, implement, and maintain a written comprehensive information security program. Condition – During our audit procedures, we noted that Centra’s written information security program did not meet all minimum requirements of the GLBA and therefore was not fully in compliance with the requirement. Cause – Insufficient internal controls and administrative oversight with respect to the Special tests and provisions (N) compliance requirement. Effect or Potential Effect – Centra is not fully in compliance with the GLBA requirement for the year ended December 31, 2023. Questioned Costs – None. Context – During 2023, Centra designated a qualified individual responsible for overseeing and implementing and enforcing a information security program (16 CFR 314.4(a)). However, the remaining six elements of the GLBA (16 CFR 314.4(b)–(g)) were still in process of being implemented as of December 31, 2023. As of December 31, 2023, six of the seven elements were either partially implemented or not implemented. Repeat Finding – This is a repeat of prior year finding 2022-001. Recommendation - We recommend that Centra maintain appropriate internal controls and administrative oversight in order to fully comply with the GLBA requiremenets of 16 CFR 314.4(b)–(g). Such would include (i) performance of a risk assessment; (ii) assessment, design, and implementation of safeguards; (iii) regularly test and monitor the safeguards; (iv) ensure ability to enact the information security program; (v) oversee service providers; and (vi) adjust in light of results of testing and monitoring. Views of Responsible Officials – Centra management agrees with this finding and is in process of implementing a corrective action plan.
Finding 2023-001
Information on the Federal Program - Federal Pell Grant (ALN: 84.063); Federal Direct Loans (ALN: 84.268) Criteria or Specific Requirement – The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the GLBA because they appear to be significantly engaged in wiring funds to consumers. Under an institution’s Program Participation Agreement with the Department of Education (ED) and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the federal student financial aid programs. Accordingly, institutions are required to develop, implement, and maintain a written comprehensive information security program. Condition – During our audit procedures, we noted that Centra’s written information security program did not meet all minimum requirements of the GLBA and therefore was not fully in compliance with the requirement. Cause – Insufficient internal controls and administrative oversight with respect to the Special tests and provisions (N) compliance requirement. Effect or Potential Effect – Centra is not fully in compliance with the GLBA requirement for the year ended December 31, 2023. Questioned Costs – None. Context – During 2023, Centra designated a qualified individual responsible for overseeing and implementing and enforcing a information security program (16 CFR 314.4(a)). However, the remaining six elements of the GLBA (16 CFR 314.4(b)–(g)) were still in process of being implemented as of December 31, 2023. As of December 31, 2023, six of the seven elements were either partially implemented or not implemented. Repeat Finding – This is a repeat of prior year finding 2022-001. Recommendation - We recommend that Centra maintain appropriate internal controls and administrative oversight in order to fully comply with the GLBA requiremenets of 16 CFR 314.4(b)–(g). Such would include (i) performance of a risk assessment; (ii) assessment, design, and implementation of safeguards; (iii) regularly test and monitor the safeguards; (iv) ensure ability to enact the information security program; (v) oversee service providers; and (vi) adjust in light of results of testing and monitoring. Views of Responsible Officials – Centra management agrees with this finding and is in process of implementing a corrective action plan.