FAC Explorer

Audit 333902

FY End
2024-06-30
Total Expended
$38.89M
Findings
10
Programs
18
Organization: Mount Saint Mary's University (CA)
Year: 2024 Accepted: 2024-12-19
Auditor: Baker Tilly US LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
516083 2024-001 Significant Deficiency - N
516084 2024-001 Significant Deficiency - N
516085 2024-001 Significant Deficiency - N
516086 2024-001 Significant Deficiency - N
516087 2024-001 Significant Deficiency - N
1092525 2024-001 Significant Deficiency - N
1092526 2024-001 Significant Deficiency - N
1092527 2024-001 Significant Deficiency - N
1092528 2024-001 Significant Deficiency - N
1092529 2024-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $28.59M Yes 1
84.063 Federal Pell Grant Program $6.24M Yes 1
84.033 Federal Work-Study Program $622,280 Yes 1
93.364 Nursing Student Loans $408,401 Yes 1
47.076 Stem Education (formerly Education and Human Resources) $403,511 - 0
84.007 Federal Supplemental Educational Opportunity Grants $386,857 Yes 1
84.042 Trio Student Support Services $327,579 - 0
11.028 Connecting Minority Communities Pilot Program $256,875 - 0
84.325 Special Education - Personnel Development to Improve Services and Results for Children with Disabilities $253,394 - 0
93.575 Child Care and Development Block Grant $39,315 - 0
10.558 Child and Adult Care Food Program $33,436 - 0
84.031 Higher Education Institutional Aid $31,536 Yes 0
10.561 State Administrative Matching Grants for the Supplemental Nutrition Assistance Program $31,152 - 0
11.417 Sea Grant Support $13,179 - 0
45.162 Promotion of the Humanities Teaching and Learning Resources and Curriculum Development $10,396 - 0
47.050 Geosciences $8,406 - 0
19.009 Academic Exchange Programs - Undergraduate Programs $2,500 - 0
93.879 Medical Library Assistance $1,494 - 0

Contacts

Name Title Type
CFLWSHQJQ2L7 Emily Lin Auditee
2134772515 Rebekah Martin Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of the Mount Saint Mary's University (the University) under programs of the federal government for the year ended June 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets or cash flows of the University.
Title: Federal Student Loan Programs Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The federal student loan programs listed below are administered directly by the University, and balances and transactions relating to the programs are included in the University's basic financial statements. Loans outstanding at the beginning of the year and loans made during the year are included in the federal expenditures presented in the Schedule. The balance of loans outstanding at June 30, 2024 consists of: 93.364 Nursing Student Loans $354,228
Title: Summary of Significant Accounting Policies Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement.
Title: Indirect Cost Rate Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Mount Saint Mary's University has not elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance.

Finding Details

Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.
Finding 2024-001
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy had last been updated in 2019. Cause: The University noted that several items required are in process or being developed to comply with the requirements. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Context: Not applicable. Recommendation: It is recommended that the University updates its written GLBA Security Policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the recommendation.