FAC Explorer

Audit 332558

FY End
2024-06-30
Total Expended
$42.33M
Findings
10
Programs
22
Organization: Yosemite Community College District (CA)
Year: 2024 Accepted: 2024-12-13
Auditor: Crowe LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
514286 2024-001 Significant Deficiency Yes N
514287 2024-001 Significant Deficiency Yes N
514288 2024-001 Significant Deficiency Yes N
514289 2024-001 Significant Deficiency Yes N
514290 2024-001 Significant Deficiency Yes N
1090728 2024-001 Significant Deficiency Yes N
1090729 2024-001 Significant Deficiency Yes N
1090730 2024-001 Significant Deficiency Yes N
1090731 2024-001 Significant Deficiency Yes N
1090732 2024-001 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $31.49M Yes 1
93.575 Child Care and Development Block Grant $3.02M - 0
21.027 Covid-19 - Coronavirus State and Local Fiscal Recovery Funds $1.87M Yes 0
84.007 Federal Supplemental Educational Opportunity Grants $1.02M Yes 1
84.033 Federal Work-Study Program $810,516 Yes 1
84.048 Career and Technical Education -- Basic Grants to States $809,812 - 0
84.031 Higher Education Institutional Aid $633,851 - 0
84.047 Trio Upward Bound $611,420 Yes 0
84.042 Trio Student Support Services $581,407 Yes 0
84.044 Trio Talent Search $362,565 Yes 0
84.268 Federal Direct Student Loans $330,458 Yes 1
84.066 Trio Educational Opportunity Centers $264,466 Yes 0
96.658 Foster Care $155,988 - 0
93.558 Temporary Assistance for Needy Families $135,047 - 0
93.576 Refugee and Entrant Assistance Discretionary Grants $104,977 - 0
10.558 Child and Adult Care Food Program $65,335 - 0
10.665 Schools and Roads - Grants to States $27,573 - 0
84.116 Fund for the Improvement of Postsecondary Education $18,034 - 0
93.364 Nursing Student Loans $14,218 Yes 1
93.778 Medical Assistance Program $3,661 - 0
10.310 Agriculture and Food Research Initiative (afri) $1,200 - 0
64.120 Post-Vietnam Era Veterans' Educational Assistance $135 - 0

Contacts

Name Title Type
DLVKVBMZME64 Trevor Stewart Auditee
2095756531 Jennifer Richards Auditor
No contacts on file

Notes to SEFA

Title: NOTE 1 - PURPOSE OF SCHEDULES Accounting Policies: The Schedule of Expenditures of Federal Awards includes the federal award activity of Yosemite Community College District and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The District has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance. Schedule of Expenditures of Federal Awards: The Schedule of Expenditures of Federal Awards includes the federal award activity of Yosemite Community College District and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The District has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance. Schedule of State Financial Awards: The accompanying Schedule of State Financial Awards includes State grant activity of the District and is presented on the modified accrual basis of accounting. The information in this schedule is presented to comply with reporting requirements of the California Community College Chancellor’s Office. Schedule of Workload Measures for State General Apportionment: Full-time equivalent students is a measurement of the number of students attending classes of the District. The purpose of attendance accounting from a fiscal standpoint is to provide the basis on which apportionments of State funds are made to community college districts. This schedule provides information regarding the attendance of students based on various methods of accumulating attendance data. Reconciliation of Annual Financial and Budget Report (CCFS-311) with Audited Financial Statements: This schedule provides the information necessary to reconcile the fund balance of all funds reported on the CCFS-311 to the audited financial statements. Reconciliation of Governmental Funds to the Statement of Net Position: This schedule provides the information necessary to reconcile the fund balances to the audited financial statements. Reconciliation of ECS 84362 (50 Percent Law) Calculation: This schedule provides the information necessary to reconcile the 50 Percent Law Calculation reported on the CCFS-311 to the audited data. Prop 55 EPA Expenditure Report: This schedule provides information about the District’s EPA proceeds and summarizes how the EPA proceeds were spent.

Finding Details

Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan
Finding 2024-001
FINDING 2024-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education AL Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no known data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Insufficient time to implement a security program that addresses the minimum elements required by GLBA due to a vacancy in the Information Systems department that was filled during 2024. The vacant role caused a lack of available resources for purposes of implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Partial repeat finding of 2023-001. Recommendation We recommend that the District to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan