Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the University to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Questioned costs: None
Context: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Cause: The College did not have a control in place to ensure timely and accurate reporting to COD.
Effect: A lack of timely reporting may prevent the university and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: No
Recommendation: We recommend the College evaluate its policies and procedures around reporting to COD to ensure that information is reported accurately and timely and to retain evidence of the key control having occurred.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the University to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Questioned costs: None
Context: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Cause: The College did not have a control in place to ensure timely and accurate reporting to COD.
Effect: A lack of timely reporting may prevent the university and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: No
Recommendation: We recommend the College evaluate its policies and procedures around reporting to COD to ensure that information is reported accurately and timely and to retain evidence of the key control having occurred.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations,2 CFR 200.332(c) states that the pass through entity must "evaluate each subrecipients fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring." The CFR then states in paragraph (e) that the entity must also "monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and terms and conditions of the subaward. In addition, the Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have proper monitoring procedures in place to evaluate subrecipients fraud risk and risk of noncompliance and also did not have proper procedures in place to monitor that the subrecipient complied with federal statutes, and regulations.
Questioned costs: None
Context: During our testing of the one subrecipient in this program. We noted the College did not have policies and procedures to monitor subrecipients fraud risk, risk of noncompliance, and compliance with federal statutes and regulations. There was also no control in place to ensure compliance with subrecipient monitoring requirements.
Cause: The College did not have proper monitoring procedures or controls in place to ensure compliance with subrecipient monitoring requirements.
Effect: Subrecipients could be noncompliant with federal statutes and the College would be unaware.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures along with an observable control to ensure that subrecipient monitoring requirements are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.203 specifies the annual and aggregate loan limits the Institutions may not exceed for an academic year of study under the Direct Loan program and also requires loans to be prorated for a program of student that is less than a full academic year in length. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing of forty students, we noted two students that were under awarded in Subsidized loans.
Questioned costs: None
Context: During our eligibility testing of forty students, we identified two students who were under awarded in Subsidized loans.
Cause: For one of the students the College's system applied the scholarship to the students account and incorrectly reduced the students subsidized loan award. For another student the student was packaged incorrectly and had unmet need and should have received a subsidized loan to meet unmet need before being awarded unsubsidized loans.
Effect: Students were not awarded all the aid they were eligible for.
Repeat Finding: No
Recommendation: We recommend that the College review its process for packaging awards and adjusting awards after they are packaged to ensure that the student’s subsidized loan award is calculated correctly.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the status changes were not always reported timely, the program enrollment effective date did not match institutions records, and the program enrollment status did not match institutions records. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned costs: None
Context: In our statistically valid sample of forty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified one student where the enrollment was not reported timely to NSLDS, eight students where the program enrollment effective date did not match institutions records and three students where the program enrollment status did not match the institutions records. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: No
Recommendation: We recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate reporting.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements.
Condition: The College did not have observable controls to test for the R2T4 process.
Questioned costs: None
Context: During the testing of R2T4, we tested 23 students. We were unable to test a specific control in place to ensure that any error in the R2T4 process would be prevented and detected in a timely manner as there is only one person involved in the process from start to finish.
Cause: There are no procedures to review R2T4 calculations by someone other than the person performing the calculation.
Effect: It is possible that errors could occur and not be caught in a timely manner.
Repeat Finding: No
Recommendation: We recommend the College implement a formal documented review process for the R2T4 process.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the University to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Questioned costs: None
Context: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Cause: The College did not have a control in place to ensure timely and accurate reporting to COD.
Effect: A lack of timely reporting may prevent the university and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: No
Recommendation: We recommend the College evaluate its policies and procedures around reporting to COD to ensure that information is reported accurately and timely and to retain evidence of the key control having occurred.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the University to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Questioned costs: None
Context: During our testing of COD reporting, we were not able to test a control that ensures timely and accurate reporting to COD.
Cause: The College did not have a control in place to ensure timely and accurate reporting to COD.
Effect: A lack of timely reporting may prevent the university and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: No
Recommendation: We recommend the College evaluate its policies and procedures around reporting to COD to ensure that information is reported accurately and timely and to retain evidence of the key control having occurred.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.