2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-001
Federal Agency: U.S. Department of Education
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Special Tests
Criteria: According to U.S. Department of Education (ED) regulations, all schools participating or approved to participate in Federal Student Aid programs must have an arrangement to report student enrollment data to the National Student Loan Data System (NSLDS) through a roster file.
Schools are required to report enrollment status at both the school and program levels. They must report changes in a student’s enrollment status, the effective date of the status, and an anticipated completion date. An academic program is defined by the combination of the school’s Office of Postsecondary Education Identification (OPEID) number, the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. The Department of Education requires the University to report changes in enrollment status and specify the date that these changes occurred (34 CFR 685.309).
Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, this date may be provided on that roster file. ED requires institutions to report changes in enrollment status within the determined time frame of 30 or 60 days (34 CFR 682.610).
Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS.
Questioned Costs: None
Context: During our testing we noted that in our sample of 11 students, 1 was not reported to NSLDS.
Cause: The unreported student appeared on an SSCR Error Report (Error Code 75) but was not reported due to the unresolved error.
Effect: Incorrect reporting to the NSLDS can lead to errors in determining the start of students' grace periods.
Repeat Finding: No
Recommendation: We recommend the College to review its procedures for transmitting accurate information to the NSLDS. Furthermore, we suggest that the College establish a process to enhance oversight of the submissions completed by the third-party servicer.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan
2024-002
Federal Agency: U.S. Department of Education (ED)
Federal Program Name: Student Financial Aid Cluster
Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268
Award Period: July 1, 2023 to June 30, 2024
Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance
Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA)
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)).
Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule.
Questioned Costs: None
Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers.
While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA.
Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented.
Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information.
Repeat Finding: No
Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules.
Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan