FAC Explorer

Audit 350688

FY End
2024-06-30
Total Expended
$4.05M
Findings
20
Programs
5
Organization: Bethany Lutheran College, Inc. (MN)
Year: 2024 Accepted: 2025-03-31
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
541105 2024-002 Significant Deficiency Yes N
541106 2024-002 Significant Deficiency Yes N
541107 2024-002 Significant Deficiency Yes N
541108 2024-002 Significant Deficiency Yes N
541109 2024-002 Significant Deficiency Yes N
541110 2024-003 Significant Deficiency Yes N
541111 2024-003 Significant Deficiency Yes N
541112 2024-003 Significant Deficiency Yes N
541113 2024-003 Significant Deficiency Yes N
541114 2024-003 Significant Deficiency Yes N
1117547 2024-002 Significant Deficiency Yes N
1117548 2024-002 Significant Deficiency Yes N
1117549 2024-002 Significant Deficiency Yes N
1117550 2024-002 Significant Deficiency Yes N
1117551 2024-002 Significant Deficiency Yes N
1117552 2024-003 Significant Deficiency Yes N
1117553 2024-003 Significant Deficiency Yes N
1117554 2024-003 Significant Deficiency Yes N
1117555 2024-003 Significant Deficiency Yes N
1117556 2024-003 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $2.86M Yes 2
84.063 Federal Pell Grant Program $991,486 Yes 2
84.038 Federal Perkins Loans Outstanding, Beginning of Year $122,466 Yes 2
84.033 Federal Work-Study Program $36,806 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $34,899 Yes 2

Contacts

Name Title Type
M9RHPYRK2YF9 Daniel Mundahl Auditee
5073447739 Chad Lassen Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Corporation has not elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal awards activity of Bethany Lutheran College, Inc., under programs of the federal government for the year ended June 30, 2024. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of Bethany Lutheran College, Inc., it is not intended to and does not present the financial position, changes in net assets or cash flows of Bethany Lutheran College, Inc.
Title: FEDERAL PERKINS LOAN PROGRAM Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Corporation has not elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program (ALN 84.038) is administered directly by Bethany Lutheran College, Inc., and balances and transactions relating to this program are included in Bethany Lutheran College, Inc.’s basic financial statements. Loans outstanding at the beginning of the year and loans made during the year are included in the federal expenditures presented in the Schedule. Federal Perkins loans outstanding at June 30, 2024, totaled $73,443.
Title: STUDENT FINANCIAL AID INSTITUTIONAL AND PROGRAM ELIGIBILITY METRICS Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Corporation has not elected to use the 10% de minimis indirect cost rate allowed under the Uniform Guidance. The Corporation is in compliance with the following institutional and program eligibility requirements under the Higher Education Act of 1965 and Federal regulations under 34 CFR 668.23: • Correspondence courses the institution offers under 34 CFR 600.7(b) and (g) • Regular students that enroll in correspondence courses under 34 CFR 600.7(b) and (g) • Institution’s regular students that are incarcerated under 34 CFR 600.7(c) and (g) • Completion rates for confined or incarcerated individuals enrolled in non-degree programs at nonprofit institutions under 34 CFR 600.7(c)(3)(ii) and (g) • Institution’s regular students that lack a high school diploma or its equivalent under 34 CFR 600.7(d) and (g) • Completion rates for short-term programs under 34 CFR 668.8(f) and (g) • Placement rates for short-term programs under https://www.ecfr.gov/current/title-34/subtitle-B/chapter-VI/part-668/subpart-A/section-668.8 34 CFR 668.8(e)(2)

Finding Details

Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-002
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that do not pass the NSLDS enrollment reporting edits. Condition: During our testing, we noted 2 of the 40 students tested, the students’ program begin date per the institution's records did not match what was reported to NSLDS. Questioned Costs: None Context: During our testing, it was noted the Corporation does not have a process in place to ensure the accuracy of NSLDS reporting, specifically as it relates to the program begin date per the Program-Level Records. Cause: The Corporation’s processes and controls did not ensure that students’ program begin dates were accurately reported to NSLDS. Effect: The Corporation did not comply with Department of Education (ED) regulations. Repeat Finding: Yes Auditors’ Recommendation We recommend the Corporation review its reporting procedures to ensure that student information is reported accurately and timely to NSLDS as required by regulations. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.
Finding 2024-003
Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 – Federal Supplemental Educational Opportunity Grants 84.033 – Federal Work-Study Program 84.038 – Federal Perkins Loan Program 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Award Period: July 1, 2023 to June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: Under a college’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None Context: During our audit procedures, it was noted that the Corporation did not have documented in its Written Information Security Program a description of the use of a data inventory that includes how is the Corporation identifies and manages data, personnel, devices, systems and facilities. In addition, there was no evidence that a multi-factor authentication process was used for individuals accessing sensitive information across systems. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The Corporation’s students’ personal information could be vulnerable. Repeat Finding: Yes Auditor’s Recommendation: We recommend that the Corporation review each element of GLBA to ensure compliance with all necessary requirements. Views of Responsible Officials and Planned Corrective Actions: There is no disagreement with the audit finding.