FAC Explorer

Audit 336252

FY End
2024-06-30
Total Expended
$8.41M
Findings
12
Programs
8
Organization: Monmouth College (IL)
Year: 2024 Accepted: 2025-01-07
Auditor: Sikich CPA LLC

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
517988 2024-001 - - N
517989 2024-001 - - N
517990 2024-001 - - N
517991 2024-001 - - N
517992 2024-001 - - N
517993 2024-001 - - N
1094430 2024-001 - - N
1094431 2024-001 - - N
1094432 2024-001 - - N
1094433 2024-001 - - N
1094434 2024-001 - - N
1094435 2024-001 - - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $5.97M Yes 1
84.063 Federal Pell Grant Program $1.46M Yes 1
84.038 Federal Perkins Loan Program $385,517 Yes 1
84.215 Innovative Approaches to Literacy; Promise Neighborhoods; Full-Service Community Schools; and Congressionally Directed Spending for Elementary and Secondary Education Community Projects $235,920 - 0
84.007 Federal Supplemental Educational Opportunity Grants $192,138 Yes 1
84.033 Federal Work-Study Program $121,127 Yes 1
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $26,404 Yes 1
45.160 Promotion of the Humanities Fellowships and Stipends $21,029 - 0

Contacts

Name Title Type
JXLVJJ9K3KC7 Katherine Wall Auditee
3094572426 Ray Krouse Auditor
No contacts on file

Notes to SEFA

Title: Loan Programs Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards is prepared on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). De Minimis Rate Used: N Rate Explanation: The College did not elect to use the de minimis rate of 10 percent for the year ended June 30, 2024. Expenditures of the Direct Loan program include the total value of the loans awarded and paid to the College’s students during the year ended June 30, 2024. The Perkins loans represent the amounts of the federal Perkins loans outstanding at June 30, 2024. The College had the following loan balances outstanding at June 30, 2024. Loans made during the year are included in the schedule of federal expenditures presented in the schedule.
Title: Additional Information Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards is prepared on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). De Minimis Rate Used: N Rate Explanation: The College did not elect to use the de minimis rate of 10 percent for the year ended June 30, 2024. As of and during the year ended June 30, 2024, the College did not receive any noncash federal assistance, federal insurance, or federal loans or loan guarantees. In addition, the College did not pass through any federal grants to sub-recipients.

Finding Details

Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Finding 2024-001
2024-001 – Student Financial Assistance Cluster – (a) Federal Supplemental Educational Opportunity Grants (b) Federal Work Study Program (c) Federal Perkins Loan Program (d) Federal Pell Grant Program (e) Federal Direct Student Loans (f) Teacher Education Assistance for College and Higher Education Grants, Assistance Listing No. (a) 84.007 (b) 84.033 (c) 84.038 (d) 84.063 (e) 84.268 (f) 84.379 – Year Ended June 30, 2024 Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). Condition: The College did not implement a written information security program and a risk assessment as part of the Gramm-Leach-Bliley Act’s (GLBA) standards for safeguarding customer information. We consider this finding to be an instance of noncompliance in relation to Special Tests and Provisions. Statistical sampling was not used in making sample selections. Questioned Costs: N/A Effect: The result is the College did not meet the requirements for protecting and securing data obtained from the Department of Education’s systems for the purpose of administering the Title IV programs. Recommendation: We recommend the College complete a formal security information program and risk assessment to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.