FAC Explorer

Audit 330454

FY End
2024-06-30
Total Expended
$9.30M
Findings
12
Programs
12
Organization: Dordt University, Inc. (IA)
Year: 2024 Accepted: 2024-12-02
Auditor: Forvis Mazars

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
512647 2024-001 Significant Deficiency Yes N
512648 2024-001 Significant Deficiency Yes N
512649 2024-001 Significant Deficiency Yes N
512650 2024-001 Significant Deficiency Yes N
512651 2024-001 Significant Deficiency Yes N
512652 2024-001 Significant Deficiency Yes N
1089089 2024-001 Significant Deficiency Yes N
1089090 2024-001 Significant Deficiency Yes N
1089091 2024-001 Significant Deficiency Yes N
1089092 2024-001 Significant Deficiency Yes N
1089093 2024-001 Significant Deficiency Yes N
1089094 2024-001 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $6.17M Yes 1
84.063 Federal Pell Grant Program $1.68M Yes 1
84.038 Federal Perkins Loan Program $527,915 Yes 1
47.076 Stem Education (formerly Education and Human Resources) $393,505 - 0
84.033 Federal Work-Study Program $153,722 Yes 1
10.310 Agriculture and Food Research Initiative (afri) $146,439 - 0
84.007 Federal Supplemental Educational Opportunity Grants $114,512 Yes 1
47.083 Integrative Activities $43,052 - 0
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $22,160 Yes 1
47.070 Computer and Information Science and Engineering $18,832 - 0
84.425 Education Stabilization Fund $18,100 - 0
93.859 Biomedical Research and Research Training $15,030 - 0

Contacts

Name Title Type
LA7RMC774LU5 Stephanie Baccam Auditee
7127226014 Jessica Richter Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if any, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the “Schedule”) includes the federal award activity of the University under programs of the federal government for the year ended June 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets or cash flows of the University.
Title: Federal Loan Programs Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if any, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The federal loan programs listed subsequently are administered directly by the University, and balances and transactions relating to these programs are included in the University’s basic financial statements. Loans outstanding at the beginning of the year and loans made during the year are included in the federal expenditures presented in the Schedule. The balance of loans outstanding at June 30, 2024, consists of:

Finding Details

Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.
Finding 2024-001
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2023-2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: 2023-001 Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.