Audit 336438

FINDING 2023-002: FINANCIAL RESPONSIBILITY FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Capability Criteria: An accredited school that participates in Federal programs authorized by Title IV of the Higher Education Act of 1965 is required to demonstrate minimum standards of financial responsibility set forth by the U.S. Department of Education (DOE). Condition: The Organization did not meet the minimum financial standards set forth by DOE for the year ended December 31, 2023 as calculated in Supplementary Schedule A. This finding is repeated and was reported in the prior year as Finding 2022-001. Cause: The Organization showed an operating loss for the year. Effect: The Organization will be required to adhere to additional stipulations until such ratios are met. Recommendation: The Organization needs to monitor its financial responsibility ratios throughout the year. Management Response and Corrective Action: Management agrees that the ratios were not met and a response is included in the Corrective Action Plan.

FINDING 2023-003: FAILURE TO MEET THE STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Requirements Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Condition: The Institution failed to implement the new Gramm-Leach-Bliley Act's (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in the Special Tests and Provisions Compliance Requirement. Cause: The condition was caused by the Institution's security officer being unaware of the requirement to establish a policy based off a risk assessment. Question Costs: $0 Recommendation: We recommend the Institution update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: The Institution agrees with the Single Audit Finding and a response is included in the Corrective Action Plan.

FINDING 2023-004: ANNUAL SECURITY REPORT AND CAMPUS CRIME AWARENESSS REQUIREMENTS NOT MET FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Requirements Criteria: By October 1 of each year, an institution must distribute, to all enrolled students and current employees, its annual security report through appropriate publications and mailings (CFR 34 668.41(e) and CFR 34 668.46). Condition: The Institution did not make proper contact with local authorities to gather the 2022 campus crime statistics nor did the Institution make the campus crime awareness information available to all students and employees. Cause: This condition was caused by a failure to implement a policy to ensure that all required consumer information was distributed to students and employees on an annual basis. Effect or Potential Effect: The result is students and employees may not have been made aware of criminal activity in their area of work or school. Question Costs: $0 Recommendation: We recommend the Institution make a reasonable, good-faith effort to obtain crime statistics to update their Annual Security Report and report to the Department of Education all necessary crime statistics for the calendar year 2022. Views of Responsible Officials: The Institution agrees with the Single Audit Finding and a response is included in the Corrective Action Plan.

FINDING 2023-002: FINANCIAL RESPONSIBILITY FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Capability Criteria: An accredited school that participates in Federal programs authorized by Title IV of the Higher Education Act of 1965 is required to demonstrate minimum standards of financial responsibility set forth by the U.S. Department of Education (DOE). Condition: The Organization did not meet the minimum financial standards set forth by DOE for the year ended December 31, 2023 as calculated in Supplementary Schedule A. This finding is repeated and was reported in the prior year as Finding 2022-001. Cause: The Organization showed an operating loss for the year. Effect: The Organization will be required to adhere to additional stipulations until such ratios are met. Recommendation: The Organization needs to monitor its financial responsibility ratios throughout the year. Management Response and Corrective Action: Management agrees that the ratios were not met and a response is included in the Corrective Action Plan.

FINDING 2023-003: FAILURE TO MEET THE STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Requirements Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Condition: The Institution failed to implement the new Gramm-Leach-Bliley Act's (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a material weakness in the Special Tests and Provisions Compliance Requirement. Cause: The condition was caused by the Institution's security officer being unaware of the requirement to establish a policy based off a risk assessment. Question Costs: $0 Recommendation: We recommend the Institution update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: The Institution agrees with the Single Audit Finding and a response is included in the Corrective Action Plan.

FINDING 2023-004: ANNUAL SECURITY REPORT AND CAMPUS CRIME AWARENESSS REQUIREMENTS NOT MET FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION PROGRAM NAME: FEDERAL DIRECT LOAN PROGRAM ALN: 84.268 FEDERAL AWARD YEAR: 2022-2023 & 2023-2024 Compliance Requirement: Special Tests and Provisions (N.) - Administrative Requirements Criteria: By October 1 of each year, an institution must distribute, to all enrolled students and current employees, its annual security report through appropriate publications and mailings (CFR 34 668.41(e) and CFR 34 668.46). Condition: The Institution did not make proper contact with local authorities to gather the 2022 campus crime statistics nor did the Institution make the campus crime awareness information available to all students and employees. Cause: This condition was caused by a failure to implement a policy to ensure that all required consumer information was distributed to students and employees on an annual basis. Effect or Potential Effect: The result is students and employees may not have been made aware of criminal activity in their area of work or school. Question Costs: $0 Recommendation: We recommend the Institution make a reasonable, good-faith effort to obtain crime statistics to update their Annual Security Report and report to the Department of Education all necessary crime statistics for the calendar year 2022. Views of Responsible Officials: The Institution agrees with the Single Audit Finding and a response is included in the Corrective Action Plan.