Criteria or specific requirement: The amount of a student's Pell Grant for an academic year is based upon the payment and disbursement schedules published by the Secretary for each award year (34 CFR 690.62). The Code of Federal Regulations (34 CFR 690.80(b)(1)) states if the student’s enrollment status changes from one academic term to another within the same award year, the institution shall recalculate the Federal Pell Grant award for the new payment period taking into account any changes in the cost of attendance. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing, we identified that 2 out of 38 students who received Pell grants were over awarded and overpaid. The explanation provided indicated that the system packages Pell awards based on the annual award, divides it to calculate per-term disbursements, and then rounds the amounts up or down. CLA recalculated the awards using the annual award and found that the system was incorrectly rounding up, resulting in the over awards.
Questioned Costs: None
Context: During our eligibility testing of thirty-eight students who received Pell, we noted two students that were over awarded and overpaid in Pell grants.
Cause: The software that is used to auto package Pell awards has rounding rules inconsistent with that of the rules outlined in the Federal Student Aid handbook and was rounding amounts up when then it should have been rounded down.
Effect: A student received more aid than they were eligible for.
Repeat Finding: No.
Recommendation: The College changed systems since the end of this fiscal year, and we recommend the College review the auto-packaging rounding rules of its new system to ensure that the Pell award is calculated in accordance with federal regulations.
Views of responsible officials: There is no disagreement with the finding.
Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing, we noted two of the 20 Pell grant disbursements were not reported to COD timely. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Questioned Costs: None
Context: During our eligibility testing, we noted two of 20 Pell disbursements were not reported to COD within 15 days of the disbursement date. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Cause: The College did not have proper control or procedures in place to verify disbursements were reported to COD within the required 15 days after disbursement.
Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: Yes. Prior year finding 2023-002.
Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported accurately and timely. In addition, the College should revise their procedures to include documentation of the key control.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing, we noted two of the 20 Pell grant disbursements were not reported to COD timely. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Questioned Costs: None
Context: During our eligibility testing, we noted two of 20 Pell disbursements were not reported to COD within 15 days of the disbursement date. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Cause: The College did not have proper control or procedures in place to verify disbursements were reported to COD within the required 15 days after disbursement.
Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: Yes. Prior year finding 2023-002.
Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported accurately and timely. In addition, the College should revise their procedures to include documentation of the key control.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The amount of a student's Pell Grant for an academic year is based upon the payment and disbursement schedules published by the Secretary for each award year (34 CFR 690.62). The Code of Federal Regulations (34 CFR 690.80(b)(1)) states if the student’s enrollment status changes from one academic term to another within the same award year, the institution shall recalculate the Federal Pell Grant award for the new payment period taking into account any changes in the cost of attendance. Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. Effective internal controls should include procedures to ensure students are awarded and disbursed the proper federal fund amounts.
Condition: During our eligibility testing, we identified that 2 out of 38 students who received Pell grants were over awarded and overpaid. The explanation provided indicated that the system packages Pell awards based on the annual award, divides it to calculate per-term disbursements, and then rounds the amounts up or down. CLA recalculated the awards using the annual award and found that the system was incorrectly rounding up, resulting in the over awards.
Questioned Costs: None
Context: During our eligibility testing of thirty-eight students who received Pell, we noted two students that were over awarded and overpaid in Pell grants.
Cause: The software that is used to auto package Pell awards has rounding rules inconsistent with that of the rules outlined in the Federal Student Aid handbook and was rounding amounts up when then it should have been rounded down.
Effect: A student received more aid than they were eligible for.
Repeat Finding: No.
Recommendation: The College changed systems since the end of this fiscal year, and we recommend the College review the auto-packaging rounding rules of its new system to ensure that the Pell award is calculated in accordance with federal regulations.
Views of responsible officials: There is no disagreement with the finding.
Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing, we noted two of the 20 Pell grant disbursements were not reported to COD timely. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Questioned Costs: None
Context: During our eligibility testing, we noted two of 20 Pell disbursements were not reported to COD within 15 days of the disbursement date. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Cause: The College did not have proper control or procedures in place to verify disbursements were reported to COD within the required 15 days after disbursement.
Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: Yes. Prior year finding 2023-002.
Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported accurately and timely. In addition, the College should revise their procedures to include documentation of the key control.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Department of Education requires the College to report the disbursement dates and amounts to the Common Origination and Disbursement (COD) system within 15 days of disbursing Pell (34 CFR 690.83(b)(2) and Direct Loan (34 CFR 685.309) funds to a student. In addition, per the Uniform Guidance 2 CRF 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonable ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: During our testing, we noted two of the 20 Pell grant disbursements were not reported to COD timely. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Questioned Costs: None
Context: During our eligibility testing, we noted two of 20 Pell disbursements were not reported to COD within 15 days of the disbursement date. Additionally, we did not note evidence of a key control occurring for COD disbursement reporting.
Cause: The College did not have proper control or procedures in place to verify disbursements were reported to COD within the required 15 days after disbursement.
Effect: A lack of timely reporting may prevent the College and other schools from having the most accurate student information which may lead to over awards.
Repeat Finding: Yes. Prior year finding 2023-002.
Recommendation: We recommend the College evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported accurately and timely. In addition, the College should revise their procedures to include documentation of the key control.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: 2 CFR part 200 section 200.303 requires that non-Federal entities receiving federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the federal award. The Code of federal Regulations, 34 CFR 688.164, requires any Title IV federal funds disbursed to a student or parent that are not received or negotiated must be returned to the appropriated federal financial aid program no later than 240 days after the check or electronic fund transfer (EFT) was issued. If a check or an EFT is returned, the College may make additional attempts to deliver the funds, provided that those attempts are made no later than 45 days after the funds were returned or rejected. In case where the College does not make another attempt, the funds must be returned before the end of the initial 45-day period. The College must cease all attempts to disburse the funds and return them no later than 240 days after the date it issued the first check. Under no circumstances may unclaimed Title IV FSA funds escheat to the state, or revert to the college, or any other third party.
Condition: The College does not have a control or process in place that would specifically monitor outstanding checks to students for Title IV federal funded checks so that the College would be able to timely return the money prior to 240 days after issuance of the check.
Questioned Costs: None
Context: During our testing, it was noted the College did not have a control in place to identify the outstanding Title IV federal funded checks that were old and needed to be returned to the U.S. Department of Education prior to 240 days after issuance. During our testing of outstanding checks, we did not note any checks that were out of compliance with this requirement.
Cause: The College did not have a process in place to specifically monitor the federal checks throughout the year.
Effect: The College is not in compliance with Department of Education requirements.
Repeat Finding: No.
Recommendation: We recommend the College review the requirement and implement an internal process and control to specifically monitor the outstanding Title IV funded checks throughout the year.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 682.610, states that institutions must report accurately the enrollment status of all students regardless of if they receive aid from the institution or not. This includes the enrollment effective date and related enrollment status, which must be reported for both the Campus-Level and the Program-Level, as well as the program begin date. Changes to said status are required to be reported within 30 days of becoming aware of the status change, or with the next scheduled transmission of statuses if the scheduled transmission is within 60 days. In addition, Uniform Grant Guidance (2 CFR 200.303) requires nonfederal entities receiving federal awards establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: There were instances in which the College did not report the correct status and effective dates, enrollment was not certified timely, and the status changes were not always reported timely. In addition, the College did not have a control in place to ensure timely and accurate reporting to NSLDS.
Questioned Costs: None
Context: In our statistically valid sample of sixty students selected for National Student Loan Data System (NSLDS) enrollment reporting testing, we identified 4 students where the campus enrollment status was not reported correctly, 6 students where the enrollment effective date was not reported correctly, 57 students where the enrollment was not reported timely to NSLDS, and 60 students where enrollment was not certified every 60 days. There was no control in place to ensure timely and accurate reporting to NSLDS.
Cause: The College did not have proper controls or procedures in place to verify students' status in NSLDS matched the institutions records in a timely manner.
Effect: Failure to properly report enrollment status changes on NSLDS could affect the timing of the grace period for repayment of Title IV loans. Additionally, the College was not in compliance with the
requirements to properly report student enrollment data correctly or timely to NSLDS.
Repeat Finding: Yes, Prior year finding 2023-004.
Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in process and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements.
Condition: The College does not have an updated written information security program (WISP) to reflect the current practices that address the required components outlined in the GLBA Safeguards Rule.
Questioned Costs: None
Context: During our testing, we noted the College has procedures in place for the required elements identified, however, the College does not have an updated WISP that meets the compliance requirements outlined in the GLBA Safeguards Rule.
Cause: The College is drafting the necessary IT policies, and they were not in place at the time of testing.
Effect: The College is out of compliance with GLBA requirements because they do not have a written information security plan, formal change management policy, and formal vendor management policy in place.
Repeat Finding: Yes. Prior year finding 2023-005.
Recommendation: We recommend the College implement IT policies and create an updated WISP to ensure the College is compliant with the GLBA Safeguards Rule.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.
Criteria or specific requirement: An institution may enter into an arrangement with a servicer or a financial institution to make a direct payment of FSA credit balances to students through electronic funds transfer to a bank account designated by a student or parent, to issue a check payment to the student or to use an access device such as a debit, demand, or smart card provided by the servicer or its financial partner. Regulations at 34 CFR 668.164(e) and (f) establish two different types of arrangements between schools and financial account providers: Tier One arrangements and Tier Two arrangements. The type of arrangement determines the provisions that are applicable to the school. Additional guidance on Tier One and Tier Two arrangements can be found in Dear Colleague Letter GEN-22-14; Volume 4, Chapter 2 of the FSA Handbook; and the Cash Management Q&A. These schools must take affirmative steps, by way of contractual arrangements with the third-party servicer as necessary, to ensure that requirements for these arrangements are met with respect to all accounts offered pursuant to the arrangement (34 CFR 668.164(e)(2)(x) and (f)(4)(ix)). In addition, per Uniform Guidance 2 CFR 200.303, non-federal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations and program compliance requirements.
Condition: The College did not provide the URL for the contract or cost information to the Department of Education.
Questioned Costs: None
Context: The College did not meet the compliance requirement to report the URL for the contract and cost information to the Department of Education.
Cause: The College did not have proper procedures in place to ensure that all requirements were being met.
Effect: The College is not in compliance with disclosure requirements of a Tier One arrangement with a third-party servicer.
Repeat Finding: Yes, Prior year finding 2023-006.
Recommendation: We recommend the College implement procedures to ensure all requirements of a Tier One arrangement for a third-party servicer are being met.
Views of responsible officials: There is no disagreement with the audit finding.