FAC Explorer

Audit 347517

FY End
2024-06-30
Total Expended
$34.50M
Findings
18
Programs
21
Organization: Southwestern Oklahoma State University (OK)
Year: 2024 Accepted: 2025-03-24
Auditor: Forvis Mazars LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
529519 2024-002 Significant Deficiency - N
529520 2024-003 Significant Deficiency - N
529521 2024-004 Significant Deficiency - P
529522 2024-002 Significant Deficiency - N
529523 2024-004 Significant Deficiency - P
529524 2024-002 Significant Deficiency - N
529525 2024-002 Significant Deficiency - N
529526 2024-003 Significant Deficiency - N
529527 2024-004 Significant Deficiency - P
1105961 2024-002 Significant Deficiency - N
1105962 2024-003 Significant Deficiency - N
1105963 2024-004 Significant Deficiency - P
1105964 2024-002 Significant Deficiency - N
1105965 2024-004 Significant Deficiency - P
1105966 2024-002 Significant Deficiency - N
1105967 2024-002 Significant Deficiency - N
1105968 2024-003 Significant Deficiency - N
1105969 2024-004 Significant Deficiency - P

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $17.65M Yes 3
84.063 Federal Pell Grant Program $8.89M Yes 3
21.027 Coronavirus State and Local Fiscal Recovery Funds $3.86M Yes 0
15.114 Indian Education Higher Education Grant $1.42M - 0
93.558 Temporary Assistance for Needy Families $718,434 Yes 0
84.047 Trio Upward Bound $429,592 - 0
84.033 Federal Work-Study Program $247,256 Yes 1
84.031 Higher Education Institutional Aid $199,751 - 0
10.855 Distance Learning and Telemedicine Loans and Grants $189,532 - 0
93.859 Biomedical Research and Research Training $172,870 - 0
93.426 The National Cardiovascular Health Program $166,018 - 0
84.425 Education Stabilization Fund $144,563 - 0
84.007 Federal Supplemental Educational Opportunity Grants $120,447 Yes 2
47.076 Stem Education (formerly Education and Human Resources) $110,131 - 0
47.083 Integrative Activities $74,659 - 0
43.001 Science $55,462 - 0
43.008 Office of Stem Engagement (ostem) $20,665 - 0
45.149 Promotion of the Humanities Division of Preservation and Access $9,900 - 0
93.468 Indian Child Welfare Act Partnership $9,349 - 0
64.116 Veteran Readiness and Employment $4,716 - 0
45.129 Promotion of the Humanities Federal/state Partnership $500 - 0

Contacts

Name Title Type
PLPHAKVSJUZ6 Lori Boyd Auditee
5807743731 Melissa Hull Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following, the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate. The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal award activity of Southwestern Oklahoma State University (the University) under programs of the federal government for the year ended June 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net position, or cash flows of the University.
Title: Summary of Significant Accounting Policies Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following, the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following, the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance.
Title: Federal Direct Student Loan Program Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following, the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate. The University participated in the Federal Direct Loan Program (the Program), CFDA number 84.268, which includes the Federal Subsidized Direct Loan, the Federal Unsubsidized Direct Loan, the Federal Graduate Student PLUS Direct Loan, and the Federal Direct Loans Parents of Undergraduate Students. The Program requires the University to draw down cash, and the University is required to perform certain administrative functions under the Program. Failure to perform such functions may require the University to reimburse the loan guarantee agencies. The University is not responsible for the collection of these loans. The value of loans made during the audit period is considered federal awards expended for the audit period.
Title: Sub-Recipients Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following, the cost principles contained in Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The University has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. De Minimis Rate Used: N Rate Explanation: The auditee did not use the de minimis cost rate. During the year ended June 30, 2024, the University had no federal awards to a sub-recipient.

Finding Details

Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-003
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Special Tests and Provision – Enrollment Reporting – 34 CFR §690.83 and 34 CFR §685.309 Condition – Three address changes and one student status change were not reported timely and one student had incorrect enrollment information. Questioned Costs – N/A Context – Out of a population of 1,393 students with status changes during the Spring and Fall semesters of the 2024 aid year, 25 were selected for testing. Of those students, three had status or address changes during the period that were not reported timely, and one had both an address change that was not reported timely and the incorrect CIP code reported. Our sample was not, and was not intended to be, statistically valid. Effect – The University reported inaccurate information or failed to report changes within the required time frame and, as such, ED was not provided accurate and timely information. Cause – The University did not have appropriate controls in place to ensure timely and accurate reporting. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding enrollment reporting to ensure that all status and address changes are reported timely and that all enrollment information is reported accurately. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Registrar will report enrollment changes during the summer semesters. The Registrar will also send the Director of Student Financial Services notifications when enrollment changes are submitted through the National Student Clearinghouse.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-003
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Special Tests and Provision – Enrollment Reporting – 34 CFR §690.83 and 34 CFR §685.309 Condition – Three address changes and one student status change were not reported timely and one student had incorrect enrollment information. Questioned Costs – N/A Context – Out of a population of 1,393 students with status changes during the Spring and Fall semesters of the 2024 aid year, 25 were selected for testing. Of those students, three had status or address changes during the period that were not reported timely, and one had both an address change that was not reported timely and the incorrect CIP code reported. Our sample was not, and was not intended to be, statistically valid. Effect – The University reported inaccurate information or failed to report changes within the required time frame and, as such, ED was not provided accurate and timely information. Cause – The University did not have appropriate controls in place to ensure timely and accurate reporting. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding enrollment reporting to ensure that all status and address changes are reported timely and that all enrollment information is reported accurately. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Registrar will report enrollment changes during the summer semesters. The Registrar will also send the Director of Student Financial Services notifications when enrollment changes are submitted through the National Student Clearinghouse.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-003
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Special Tests and Provision – Enrollment Reporting – 34 CFR §690.83 and 34 CFR §685.309 Condition – Three address changes and one student status change were not reported timely and one student had incorrect enrollment information. Questioned Costs – N/A Context – Out of a population of 1,393 students with status changes during the Spring and Fall semesters of the 2024 aid year, 25 were selected for testing. Of those students, three had status or address changes during the period that were not reported timely, and one had both an address change that was not reported timely and the incorrect CIP code reported. Our sample was not, and was not intended to be, statistically valid. Effect – The University reported inaccurate information or failed to report changes within the required time frame and, as such, ED was not provided accurate and timely information. Cause – The University did not have appropriate controls in place to ensure timely and accurate reporting. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding enrollment reporting to ensure that all status and address changes are reported timely and that all enrollment information is reported accurately. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Registrar will report enrollment changes during the summer semesters. The Registrar will also send the Director of Student Financial Services notifications when enrollment changes are submitted through the National Student Clearinghouse.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-002
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007, 84.033, and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Gramm-Leach-Bliley Act (GLBA) – Student Information Security – 16 CFR §314 Condition – The University’s written information security program did not adequately include three of the six required minimum elements.Questioned Costs – N/A Context – Out of the six elements that are required to be included in the written information security program, all six were tested. Of these elements, three were not adequately included in the written program. Effect – The University failed to include the minimum elements in its written information security program to meet GLBA requirements, as agreed to within its Program Participation Agreement with the Department of Education (ED). This could potentially result in the failure to secure student financial aid information. Cause – The University did not have appropriate controls in place to ensure compliance with relevant requirements. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding GLBA compliance to ensure that all required elements are included in the information security program. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the finding. Policies are being reviewed and approved to add the documentation and testing that was not covered in previous policies.
Finding 2024-003
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – Special Tests and Provision – Enrollment Reporting – 34 CFR §690.83 and 34 CFR §685.309 Condition – Three address changes and one student status change were not reported timely and one student had incorrect enrollment information. Questioned Costs – N/A Context – Out of a population of 1,393 students with status changes during the Spring and Fall semesters of the 2024 aid year, 25 were selected for testing. Of those students, three had status or address changes during the period that were not reported timely, and one had both an address change that was not reported timely and the incorrect CIP code reported. Our sample was not, and was not intended to be, statistically valid. Effect – The University reported inaccurate information or failed to report changes within the required time frame and, as such, ED was not provided accurate and timely information. Cause – The University did not have appropriate controls in place to ensure timely and accurate reporting. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should ensure the design and appropriate operating effectiveness of controls surrounding enrollment reporting to ensure that all status and address changes are reported timely and that all enrollment information is reported accurately. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Registrar will report enrollment changes during the summer semesters. The Registrar will also send the Director of Student Financial Services notifications when enrollment changes are submitted through the National Student Clearinghouse.
Finding 2024-004
Federal Program – Student Financial Assistance Cluster – Assistance Listing Numbers 84.063, 84.007 and 84.268 – U.S. Department of Education Program Year 2023-2024 Criteria or Specific Requirement – 2 CFR 200.516(a), Paragraph 13.39(e) – Known or Likely Fraud Affecting a Federal Award Condition – Financial aid funds were provided to six fraudulent student accounts; the issue was identified by the school and reported to the U.S. Department of Education. Questioned Costs – $54,112 Context – During a review of the awards population for fiscal year 2024, the University identified six accounts that had duplicate contact and bank information. After further investigation, these accounts were determined to be fraudulently created. In total, $54,112 in funds were paid out. The school worked with the U.S. Department of Education’s CyberIncident Division to inform the Department of the fraudulent activity. Effect – The University allowed refunds to be made from financial aid awarded to fraudulent student accounts resulting in questioned costs. Cause – The University had detective rather than preventative controls in place regarding distributions of financial aid funds to repeating accounts or individuals. Identification as a Repeat Finding, if Applicable – N/A Recommendation – The University should implement procedures to identify duplicate contact and bank information across student accounts automatically or a process to check for duplicates prior to financial aid distribution. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the findings and has put the following in place. The Bursar will work with ITS to perform a scan of all students’ accounts for duplicate contact and banking information. If duplicates are found, students will be notified and accounts frozen until students are identified. This will be critical before refund checks are dispersed to students every semester. The amount of $54,112 will be paid back with the next draw down before February 28, 2025.