FAC Explorer

Audit 344056

FY End
2024-06-30
Total Expended
$42.62M
Findings
40
Programs
15
Organization: Marymount University (VA)
Year: 2024 Accepted: 2025-02-27
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
524608 2024-002 Significant Deficiency Yes N
524609 2024-003 Significant Deficiency Yes N
524610 2024-002 Significant Deficiency Yes N
524611 2024-003 Significant Deficiency Yes N
524612 2024-002 Significant Deficiency Yes N
524613 2024-003 Significant Deficiency Yes N
524614 2024-002 Significant Deficiency Yes N
524615 2024-003 Significant Deficiency Yes N
524616 2024-004 Significant Deficiency - C
524617 2024-004 Significant Deficiency - C
524618 2024-004 Significant Deficiency - C
524619 2024-004 Significant Deficiency - C
524620 2024-004 Significant Deficiency - C
524621 2024-004 Significant Deficiency - C
524622 2024-004 Significant Deficiency - C
524623 2024-004 Significant Deficiency - C
524624 2024-004 Significant Deficiency - C
524625 2024-004 Significant Deficiency - C
524626 2024-002 Significant Deficiency Yes N
524627 2024-003 Significant Deficiency Yes N
1101050 2024-002 Significant Deficiency Yes N
1101051 2024-003 Significant Deficiency Yes N
1101052 2024-002 Significant Deficiency Yes N
1101053 2024-003 Significant Deficiency Yes N
1101054 2024-002 Significant Deficiency Yes N
1101055 2024-003 Significant Deficiency Yes N
1101056 2024-002 Significant Deficiency Yes N
1101057 2024-003 Significant Deficiency Yes N
1101058 2024-004 Significant Deficiency - C
1101059 2024-004 Significant Deficiency - C
1101060 2024-004 Significant Deficiency - C
1101061 2024-004 Significant Deficiency - C
1101062 2024-004 Significant Deficiency - C
1101063 2024-004 Significant Deficiency - C
1101064 2024-004 Significant Deficiency - C
1101065 2024-004 Significant Deficiency - C
1101066 2024-004 Significant Deficiency - C
1101067 2024-004 Significant Deficiency - C
1101068 2024-002 Significant Deficiency Yes N
1101069 2024-003 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $36.12M Yes 2
84.063 Federal Pell Grant Program $3.02M Yes 2
84.031 Higher Education Institutional Aid $429,524 - 0
84.038 Federal Perkins Loan Program_federal Capital Contributions $382,363 Yes 2
93.732 Mental and Behavioral Health Education and Training Grants $300,921 - 0
12.905 Cybersecurity Core Curriculum $258,163 Yes 1
84.007 Federal Supplemental Educational Opportunity Grants $217,325 Yes 2
84.033 Federal Work-Study Program $211,296 Yes 2
93.761 Evidence-Based Falls Prevention Programs Financed Solely by Prevention and Public Health Funds (pphf) $204,377 - 0
47.076 Stem Education (formerly Education and Human Resources) $98,351 Yes 1
93.846 Arthritis, Musculoskeletal and Skin Diseases Research $84,425 Yes 1
47.084 Nsf Technology, Innovation, and Partnerships $45,398 Yes 1
17.289 Community Project Funding/congressionally Directed Spending $30,169 - 0
12.903 Gencyber Grants Program $29,244 Yes 1
47.070 Computer and Information Science and Engineering $6,994 Yes 1

Contacts

Name Title Type
FPZ9KW2KCUF7 Mutale Sokoni Auditee
7032841496 David Jacobson Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported in the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The University did not elect to use the 10% de minimis indirect cost rate. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal grant activity of the University under programs of the federal government. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets or cash flows of the University.
Title: Federal Direct Loan Program Accounting Policies: Expenditures reported in the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The University did not elect to use the 10% de minimis indirect cost rate. The University is responsible only for the performance of certain administrative duties with respect to its Federal Direct Loan program and, accordingly, these loans are not included in its financial statements. It is not practicable to determine the balance of loans outstanding to students and former students of the University under this program as of June 30, 2024.
Title: Federal Perkins Loan Program Accounting Policies: Expenditures reported in the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The University did not elect to use the 10% de minimis indirect cost rate. Cumulative loans outstanding (net of principal repayments and cancellations) total $359,937 as of June 30, 2024. The Program has been terminated and no new loans have been issued since 2018.
Title: Student Financial Aid and Institutional Program Eligibility Metrics Accounting Policies: Expenditures reported in the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The University did not elect to use the 10% de minimis indirect cost rate. The University is in compliance with the following institutional and program eligibility requirements under the Higher Education Act of 1965 and Federal regulations under 34 CFR 668.23: • Correspondence courses the institution offers under 34 CFR 600.7(b) and (g) • Regular students that enroll in correspondence courses under 34 CFR 600.7(b) and (g) • Institution’s regular students that are incarcerated under 34 CFR 600.7(c) and (g) • Completion rates for confined or incarcerated individuals enrolled in non-degree programs at nonprofit institutions under 34 CFR 600.7(c)(3)(ii) and (g) • Institution’s regular students that lack a high school diploma or its equivalent under 34 CFR 600.7(d) and (g) • Completion rates for short-term programs under 34 CFR 668.8(f) and (g) • Placement rates for short-term programs under https://www.ecfr.gov/current/title- 34/subtitle-B/chapter-VI/part-668/subpart-A/section-668.8 34 CFR 668.8(e)(2)

Finding Details

Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-004
Criteria or Specific Requirement: For recipients of research and development grants, payment methods must minimize the time elapsing between the transfer of funds from the Federal agency or the pass-through entity and the disbursement of funds by the recipient or subrecipient regardless of whether the payment is made by electronic funds transfer or by other means. When the reimbursement method is used, the Federal agency or pass-through entity must make payment within 30 calendar days after receipt of the payment request unless the Federal agency or pass-through entity reasonably believes the request to be improper (2 CFR 200.305(b)(3)). The University must develop its own control activities. Requests for reimbursement are to be reviewed and authorized prior to submission by reviewing supporting documents/schedules/reports to ensure amounts have been paid with the University's funds prior to the reimbursement request. Condition/Context: During our testing of 5 reimbursement requests made during the fiscal year, we noted 4 instances that did not include documentation of review and approval by a representative of the University. Questioned Costs: None. Cause: The University’s internal controls did not include a control for review and approval by an individual other than the person performing the drawdown calculation and request from the federal agency. Effect: Incorrect drawdown requests could be made of the federal agency. Repeat Finding: No. Recommendation: We recommend the University review its internal controls around the reimbursement process for all federal grants to ensure the necessary review and approval controls are in place and performed by an individual other than the one performing the drawdown calculation and request from the federal agency. Views of Responsible Officials: Please refer to the attached corrective action plan.
Finding 2024-002
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their informationsharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the University did not perform and document a risk assessment that addresses certain of the elements noted in 16 CFR 314.4 (b) which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The University did not perform an IT risk assessment tailored specifically to the University, identify risks or address risks identified as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, finding 2023-002. Recommendation: We recommend that the University engage a third party or perform the risk assessment for the areas required by the Gramm-Leach-Bliley Act and ensure that there are documented safeguards for identified risks. Views of responsible officials: Please refer to the attached corrective action plan.
Finding 2024-003
Criteria or Specific Requirement: In accordance with 34 CFR 685.309(b) and the National Student Loan Data System (NSLDS) Enrollment Reporting Guide published by the Department of Education, schools must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (NSLDSFAP) website. In addition, schools must report enrollment status changes within 30 days of becoming aware of the status change or in its next scheduled enrollment submission if the scheduled submission is within 60 days. Condition/Context: During our testing of 40 students, which is a statistically valid sample, we noted 4 instances where the student's enrollment status was not certified within 60 days and 4 instances where the date of the student’s status change did not match between the University’s records and NSLDS. Questioned Costs: None. Cause: The University's internal controls did not identify the errors for compliance with the criteria mentioned above. Effect: Inaccurate information is reflected on the NSLDS database. A student’s enrollment data protects the rights of borrowers by ensuring that loan interest subsidies are based on accurate enrollment data, ensures loan repayment dates are accurately based on the last data of attendance, allows in-school deferments to be automatically granted using NSLDS enrollment data, and provides vast amounts of critical data about the effectiveness of Title IV aid programs, including completion data. Repeat Finding: Yes, finding 2023-003. Recommendation: We recommend the University review its reporting procedures to ensure that enrollment and program information is accurately reported to NSLDS as required by regulations. Views of Responsible Officials: Please refer to the attached corrective action plan.