FAC Explorer

Audit 340680

FY End
2024-04-30
Total Expended
$15.53M
Findings
10
Programs
12
Organization: Concordia College (MN)
Year: 2024 Accepted: 2025-01-31
Auditor: Baker Tilly US LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
520849 2024-001 - - N
520850 2024-001 - - N
520851 2024-001 - - N
520852 2024-001 - - N
520853 2024-001 - - N
1097291 2024-001 - - N
1097292 2024-001 - - N
1097293 2024-001 - - N
1097294 2024-001 - - N
1097295 2024-001 - - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $7.96M Yes 1
84.038 Federal Perkins Loan Program $3.25M Yes 0
84.063 Federal Pell Grant Program $1.71M Yes 1
12.579 Language Training Center $1.30M - 0
84.007 Federal Supplemental Educational Opportunity Grants $582,402 Yes 1
84.033 Federal Work-Study Program $223,676 Yes 1
47.076 Stem Education (formerly Education and Human Resources) $192,005 - 0
12.900 Language Grant Program $168,691 - 0
47.050 Geosciences $78,195 - 0
43.008 Office of Stem Engagement (ostem) $34,258 - 0
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $10,373 Yes 1
10.556 Special Milk Program for Children $10,328 - 0

Contacts

Name Title Type
JGS7YZ32WL97 Eric Addington Auditee
2182993887 Rebekah Martin Auditor
No contacts on file

Notes to SEFA

Title: Summary of Significant Accounting Policies Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes federal award activity of Concordia College under programs of the federal government for the year ended April 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement.
Title: Pass-Through Entity Identification Numbers Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes federal award activity of Concordia College under programs of the federal government for the year ended April 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. Two of the programs, grants, and/or awards included in the schedule of expenditures of federal awards are missing the pass-through entity identification numbers. The missing numbers are due to the pass-through entities not providing the pass-through entity identification numbers.
Title: Federal Perkins Loan Program Accounting Policies: The accompanying schedule of expenditures of federal awards (the Schedule) includes federal award activity of Concordia College under programs of the federal government for the year ended April 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program is administered directly by the College, and balances and transactions relating to this program are included in the College's basic financial statements. Loans outstanding at the beginning of the year are included in the federal expenditures presented in the Schedule. Federal Perkins loans outstanding at April 30, 2024 totaled $1,885,459.

Finding Details

Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.
Finding 2024-001
Federal Program - Student Financial Assistance Cluster Federal Agency - U.S. Department of Education Pass-Through Entity - Not Applicable CFDA Number - 84.033, 84.268, 84.063, 84.379, 84.007 Federal Award Number - Various Federal Award Year - June 30, 2024 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition: The College does not have a written information security program that addresses all elements that apply. Cause: The College’s procedures and processes in place specific to GLBA did not have written documentation of all required elements. Effect: Failure to comply with the requirements of GLBA standards puts the College at risk of compromising consumer, nonpublic personal information. Questioned Costs: Not applicable. Context: Not applicable. Recommendation: The College should perform and document an annual risk assessment to determine the College’s specific risks relevant to protecting consumer nonpublic personal information. At a minimum, the College should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The College does have a written information security program but does not currently have it in the format recommended by the auditors. The College will update the documentation of all required elements, specific to GLBA, following the auditors' template.