FAC Explorer

Audit 329672

FY End
2024-06-30
Total Expended
$2.37M
Findings
24
Programs
4
Organization: Summit Academy Oic (MN)
Year: 2024 Accepted: 2024-11-23
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
511944 2024-001 Significant Deficiency - N
511945 2024-001 Significant Deficiency - N
511946 2024-001 Significant Deficiency - N
511947 2024-002 Significant Deficiency - N
511948 2024-002 Significant Deficiency - N
511949 2024-002 Significant Deficiency - N
511950 2024-003 Significant Deficiency - N
511951 2024-003 Significant Deficiency - N
511952 2024-003 Significant Deficiency - N
511953 2024-004 Significant Deficiency Yes N
511954 2024-004 Significant Deficiency Yes N
511955 2024-004 Significant Deficiency Yes N
1088386 2024-001 Significant Deficiency - N
1088387 2024-001 Significant Deficiency - N
1088388 2024-001 Significant Deficiency - N
1088389 2024-002 Significant Deficiency - N
1088390 2024-002 Significant Deficiency - N
1088391 2024-002 Significant Deficiency - N
1088392 2024-003 Significant Deficiency - N
1088393 2024-003 Significant Deficiency - N
1088394 2024-003 Significant Deficiency - N
1088395 2024-004 Significant Deficiency Yes N
1088396 2024-004 Significant Deficiency Yes N
1088397 2024-004 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $1.61M Yes 4
17.289 Community Project Funding/congressionally Directed Spending $709,503 - 0
84.007 Federal Supplemental Educational Opportunity Grants $40,900 Yes 4
84.033 Federal Work-Study Program $9,638 Yes 4

Contacts

Name Title Type
KXGJA3KKGHP4 Marc Carrier Auditee
6122785282 Daniel Persaud, CPA Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Organization has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The purpose of the schedule of expenditures of federal awards (the Schedule) is to present a summary of those activities of Summit Academy OIC that have been financed by the United States government (federal awards). Federal awards received directly from federal agencies are included in the Schedule, as are federal guaranteed loans disbursed by other sources. Additionally, all federal awards passed through from other entities have been included in the Schedule. The Organization is required to match certain grant agreements, as defined in the grants, and these matching amounts are not included in the Schedule. The information in the Schedule is presented in accordance with requirements of 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the Organization, it is not intended to and does not present the financial position, changes in net assets, or cash flows of Summit Academy OIC.
Title: STUDENT FINANCIAL AID INSTITUTIONAL AND PROGRAM ELIGIBILITY METRICS Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Organization has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Institution is in compliance with the following institutional and program eligibility requirements under the Higher Education Act of 1965 and Federal regulations under 34 CFR 668.23: * Correspondence courses the institution offers under 34 CFR 600.7(b) and (g) * Regular students that enroll in correspondence courses under 34 CFR 600.7(b) and (g) * Institution’s regular students that are incarcerated under 34 CFR 600.7(c) and (g) * Completion rates for confined or incarcerated individuals enrolled in non-degree programs at nonprofit institutions under 34 CFR 600.7(c)(3)(ii) and (g) * Institution’s regular students that lack a high school diploma or its equivalent under 34 CFR 600.7(d) and (g) * Completion rates for short-term programs under 34 CFR 668.8(f) and (g) * Placement rates for short-term programs under https://www.ecfr.gov/current/title-34/subtitle-B/chapter-VI/part-668/subpart-A/section-668.8 34 CFR 668.8(e)(2)

Finding Details

Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-001
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 668.25(e) states that an institution must notify the Department of Education by way of the ECAR within 10 days of a change in position of an official at the Institution. Condition: During our testing, we noted the Chief Operating Officer and Financial Aid Manager was not reported timely to the Department of Education. Questioned costs: None Context: During our testing, we noted the Chief Operating Officer and Financial Aid Manager had a change in position and it was not updated within 10 days. Cause: There was not a formal process in place to ensure ECAR updates were made timely to ensure the Academy is in compliance with the regulations. Effect: The Academy is not in compliance with Department of Education requirements that state the ECAR must have accurately reported information. Repeat finding: No Recommendation: We recommend the Academy review its reporting procedures surrounding updating the ECAR to ensure reporting is accurate and completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.309(b), states schools must have some arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through an enrollment roster file. The school is required to report changes in the student’s enrollment status, the effective date of the status, and an anticipated completion date as well as program enrollment effective date. Changes to a students’ status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. Condition: During our testing, we noted 15 out of the 40 students’ enrollment effective report to NSLDS did not match the Academy’s records. Furthermore, we noted 22 out of the 40 students did not have their enrollment certified every 60 days. Lastly, we noted 1 out of 40 students change in status was not reported in a timely manner. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure timeliness and accuracy of NSLDS reporting. Cause: The Academy did not have a process in place to ensure the effective dates reported matched the University’s records as well as that these changes were reported timely. Effect: The enrollment effective date reported to NSLDS is used to determine when the student’s grace period should begin. By not reporting an incorrect effective date, the grace period begin date for the student will be incorrect. In addition, the Academy did not comply with Department of Education (ED) regulations by reporting student enrollment status changes timely. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding reporting status changes to NSLDS to put a process in place to ensure the student status changes are being reported timely. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance Criteria or specific requirement: The 2 CFR Section 200.303 require that nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal Statues, regulations, and the term and conditions of the federal awards. Condition: During our testing of Common Origination and Disbursement (COD), Return of Title IV Funds (R2T4) and National Student Loan Data System (NSLDS), we noted there was a review process implemented; however, there was no process in place to retain the review being performed as to provide evidence to ensure the controls are being performed effectively. Questioned costs: None Context: During our testing, it was noted the Academy does not have a process in place to ensure controls are being performed effectively. Cause: The Academy did not have a process in place to ensure controls implemented are being performed effectively. Effect: There is no way to determine who was involved in the process should an error be present. Repeat finding: No Recommendation: We recommend the Academy reevaluate its procedures and review policies surrounding controls implemented for Title IV Aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2023, through June 30, 2024 Type of Finding: * Significant Deficiency in Internal Control Over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted the Academy did not implement multi-factor authentication (MFA) for anyone accessing customer information on the institution’s system during the year under audit. Questioned costs: None Context: Implement MFA is required based on the GLBA requirements that were applicable beginning on June 9, 2023 and was not implemented during the year under audit. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: Yes Recommendation: We recommend the Academy implement MFA for individuals that access sensitive information per GLBA requirements. Views of responsible officials: There is no disagreement with the audit finding.