FAC Explorer

Audit 333819

FY End
2024-06-30
Total Expended
$29.88M
Findings
14
Programs
25
Organization: Lawrence Technological University (MI)
Year: 2024 Accepted: 2024-12-19
Auditor: Plante & Moran PLLC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
515980 2024-003 Significant Deficiency Yes N
515981 2024-003 Significant Deficiency Yes N
515982 2024-003 Significant Deficiency Yes N
515983 2024-003 Significant Deficiency Yes N
515984 2024-003 Significant Deficiency Yes N
515985 2024-003 Significant Deficiency Yes N
515986 2024-003 Significant Deficiency Yes N
1092422 2024-003 Significant Deficiency Yes N
1092423 2024-003 Significant Deficiency Yes N
1092424 2024-003 Significant Deficiency Yes N
1092425 2024-003 Significant Deficiency Yes N
1092426 2024-003 Significant Deficiency Yes N
1092427 2024-003 Significant Deficiency Yes N
1092428 2024-003 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $12.64M Yes 1
84.063 Federal Pell Grant Program $1.95M Yes 1
11.307 Economic Adjustment Assistance $710,738 - 0
59.065 Growth Accelerator Fund Competition $395,030 - 0
12.RD Usace $208,212 - 0
84.038 Federal Perkins Loan Program $188,174 Yes 1
11.024 Build to Scale $183,820 - 0
59.059 Congressional Grants $181,951 - 0
84.033 Federal Work-Study Program $139,342 Yes 1
21.027 Coronavirus State and Local Fiscal Recovery Funds $122,990 - 0
20.200 Highway Research and Development Program $122,713 - 0
84.007 Federal Supplemental Educational Opportunity Grants $109,562 Yes 1
20.505 Metropolitan Transportation Planning and State and Non-Metropolitan Planning and Research $74,184 - 0
81.010 Office of Technology Transitions (ott)-Technology Deployment, Demonstration and Commercialization $67,851 - 0
47.049 Mathematical and Physical Sciences $62,127 - 0
47.070 Computer and Information Science and Engineering $41,187 - 0
12.600 Community Investment $36,392 - 0
93.113 Environmental Health $34,867 - 0
93.262 Occupational Safety and Health Program $29,899 - 0
47.083 Integrative Activities $21,356 - 0
66.469 Geographic Programs - Great Lakes Restoration Initiative $15,669 - 0
47.041 Engineering $14,990 - 0
47.074 Biological Sciences $8,001 - 0
17.502 Occupational Safety and Health Susan Harwood Training Grants $272 - 0
84.425 Covid-19 - Education Stabilization Fund $-186,676 - 0

Contacts

Name Title Type
PF53FKHZST32 Linda L. Height Auditee
2482042159 Kristen Stumpo Auditor
No contacts on file

Notes to SEFA

Title: Adjustments and Transfers Accounting Policies: The accompanying schedule of expenditures of federal awards (the “Schedule”) includes the federal grant activity of Lawrence Technological University (the “University”) under programs of the federal government for the year ended June 30, 2024. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the “Uniform Guidance”). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University. Expenditures reported in the Schedule are reported on the same basis of accounting as the financial statements of the University. Such expenditures are recognized following the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Pass through entity identifying numbers are presented where available. The University has elected not to use the 10 percent de minimis indirect cost rate to recover indirect costs, as allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10 percent de minimis indirect cost rate to recover indirect costs, as allowed under the Uniform Guidance. As allowable, and in accordance with regulations issued by the U.S. Department of Education, the University carried forward $12,775 of the 2023-2024 Federal Work Study Program (84.033) award to be spent in the 2024-2025 year. The University also carried forward $2,117 of the 2022-2023 Federal Work Study Program (84.033) award that was spent in the 2023-2024 year. The University carried forward $11,543 of the 2022-2023 Federal Supplemental Educational Opportunity Grant Program (84.007) award, which was spent in the 2023-2024 year. The University also carried forward $6,992 of the 2023-2024 Federal Supplemental Educational Opportunity Grant Program (84.007) award to be spent in the 2024-2025 year.
Title: Loans Balances Accounting Policies: The accompanying schedule of expenditures of federal awards (the “Schedule”) includes the federal grant activity of Lawrence Technological University (the “University”) under programs of the federal government for the year ended June 30, 2024. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the “Uniform Guidance”). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University. Expenditures reported in the Schedule are reported on the same basis of accounting as the financial statements of the University. Such expenditures are recognized following the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Pass through entity identifying numbers are presented where available. The University has elected not to use the 10 percent de minimis indirect cost rate to recover indirect costs, as allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The University has elected not to use the 10 percent de minimis indirect cost rate to recover indirect costs, as allowed under the Uniform Guidance. The University participates in the Federal Perkins Loan Program through the Department of Education. This loan program is administered by a third party and is considered a revolving loan program whereby collections on past loans, including interest, and new funds received from federal agencies are loaned out to current students. The total amount of the outstanding loan balance of this loan program at the beginning of the year, is presented in the Schedule. The balance of loans outstanding as of June 30, 2024 under the loan program is $188,174.

Finding Details

Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.
Finding 2024-003
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007. Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Significant deficiency Repeat Finding - Yes 2023-003 Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Condition - The University does not have all of the minimum safeguards written down within its information security program. Questioned Costs - None Identification of How Questioned Costs Were Computed - N/A Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program. Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented. Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies. Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024. LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024: Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information. We have reviewed the information you provided and determined it sufficient to close the case.