FAC Explorer

Audit 350924

FY End
2024-06-30
Total Expended
$5.53M
Findings
46
Programs
7
Organization: Washington Adventist University (MD)
Year: 2024 Accepted: 2025-03-31
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
544138 2024-002 Material Weakness - CELN
544139 2024-003 Significant Deficiency - E
544140 2024-005 Significant Deficiency Yes N
544141 2024-006 Significant Deficiency - N
544142 2024-002 Material Weakness - CELN
544143 2024-003 Significant Deficiency - E
544144 2024-005 Significant Deficiency Yes N
544145 2024-006 Significant Deficiency - N
544146 2024-002 Material Weakness - CELN
544147 2024-003 Significant Deficiency - E
544148 2024-005 Significant Deficiency Yes N
544149 2024-006 Significant Deficiency - N
544150 2024-002 Material Weakness - CELN
544151 2024-003 Significant Deficiency - E
544152 2024-005 Significant Deficiency Yes N
544153 2024-006 Significant Deficiency - N
544154 2024-002 Material Weakness - CELN
544155 2024-004 Significant Deficiency - N
544156 2024-006 Significant Deficiency - N
544157 2024-002 Material Weakness - CELN
544158 2024-006 Significant Deficiency - N
544159 2024-007 Significant Deficiency - N
544160 2024-007 Significant Deficiency - N
1120580 2024-002 Material Weakness - CELN
1120581 2024-003 Significant Deficiency - E
1120582 2024-005 Significant Deficiency Yes N
1120583 2024-006 Significant Deficiency - N
1120584 2024-002 Material Weakness - CELN
1120585 2024-003 Significant Deficiency - E
1120586 2024-005 Significant Deficiency Yes N
1120587 2024-006 Significant Deficiency - N
1120588 2024-002 Material Weakness - CELN
1120589 2024-003 Significant Deficiency - E
1120590 2024-005 Significant Deficiency Yes N
1120591 2024-006 Significant Deficiency - N
1120592 2024-002 Material Weakness - CELN
1120593 2024-003 Significant Deficiency - E
1120594 2024-005 Significant Deficiency Yes N
1120595 2024-006 Significant Deficiency - N
1120596 2024-002 Material Weakness - CELN
1120597 2024-004 Significant Deficiency - N
1120598 2024-006 Significant Deficiency - N
1120599 2024-002 Material Weakness - CELN
1120600 2024-006 Significant Deficiency - N
1120601 2024-007 Significant Deficiency - N
1120602 2024-007 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $3.42M Yes 5
84.063 Federal Pell Grant Program $1.25M Yes 5
84.038 Federal Perkins Loan Program_federal Capital Contributions $632,870 Yes 3
84.007 Federal Supplemental Educational Opportunity Grants $89,142 Yes 4
93.364 Nursing Student Loans $50,104 Yes 2
84.033 Federal Work-Study Program $49,443 Yes 4
64.028 Post-9/11 Veterans Educational Assistance $36,927 - 0

Contacts

Name Title Type
YMP8VGL4TMK8 Ron Somervell Auditee
4437455426 Christina Bowman Auditor
No contacts on file

Notes to SEFA

Title: NOTE 4 LOAN PROGRAMS Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of Washington Adventist University (the University). The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). NOTE 2 RELATIONSHIP TO BASIC FINANCIAL STATEMENTS The Schedule presents only a selected portion of the activities of the University. It is not intended to, and does not present either the financial position, changes in activities, or cash flows of the University. The financial activity for the aforementioned awards is reported in the University’s statement of activities. In certain programs, the expenditures reported in the basic financial statements may differ from the expenditures reported in the Schedule due to program expenditures exceeding grant or contract budget limitations which are not reported as expenditures in the Schedule. NOTE 3 SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES a. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. b. Pass through entity identifying numbers are presented where available. De Minimis Rate Used: N Rate Explanation: Washington Adventist University has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance. During the year ended June 30, 2024, the University processed the following amount of new loans under the Federal Direct Lending Program. Since this program is administered by outside financial institutions, new loans made during the fiscal year relating to this program are considered current year expenditures in the schedule. Assistance Listing Number Program Name Loan Expenditures 84.268 Federal Direct Lending $3,422,735 WASHINGTON ADVENTIST UNIVERSITY NOTES TO SCHEDULE OF EXPENDITURES OF FEDERAL AWARDS YEAR ENDED JUNE 30, 2024 (9) NOTE 4 LOAN PROGRAMS (CONTINUED) The University also administers the following campus-based federal loan programs: Assistance Listing Number Program Name Outstanding Loan Balances at June 30, 2024 93.364 Nursing Student Loan $ 50,104 84.038 Perkins Student Loan $ 632,870 The Schedule of Expenditures of Federal Awards only includes the prior year end outstanding loan balance plus the current year loans made of the Federal Pekins Loan Program and any new federal capital contribution. The total of loan fund expenditures and disbursements of the Departments of Health and Human Services' and Education's Student Financial Assistance Programs for the fiscal year are identified below: Assistance Listing Number Program Name Loans Made 93.364 Nursing Student Loan $ - Assistance Listing Number Program Name Death and Disability Cancellations 84.038 Perkins Student Loan $ -
Title: NOTE 5 STUDENT FINANCIAL AID INSTITUTIONAL AND PROGRAM ELIGIBILITY METRICS Accounting Policies: The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of Washington Adventist University (the University). The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). NOTE 2 RELATIONSHIP TO BASIC FINANCIAL STATEMENTS The Schedule presents only a selected portion of the activities of the University. It is not intended to, and does not present either the financial position, changes in activities, or cash flows of the University. The financial activity for the aforementioned awards is reported in the University’s statement of activities. In certain programs, the expenditures reported in the basic financial statements may differ from the expenditures reported in the Schedule due to program expenditures exceeding grant or contract budget limitations which are not reported as expenditures in the Schedule. NOTE 3 SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES a. Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. b. Pass through entity identifying numbers are presented where available. De Minimis Rate Used: N Rate Explanation: Washington Adventist University has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance. The Institution is in compliance with the following institutional and program eligibility requirements under the Higher Education Act of 1965 and Federal regulations under 34 CFR 668.23: • Correspondence courses the institution offers under 34 CFR 600.7(b) and (g) • Regular students that enroll in correspondence courses under 34 CFR 600.7(b) and (g) • Institution’s regular students that are incarcerated under 34 CFR 600.7(c) and (g) • Completion rates for confined or incarcerated individuals enrolled in non-degree programs at nonprofit institutions under 34 CFR 600.7(c)(3)(ii) and (g) • Institution’s regular students that lack a high school diploma or its equivalent under 34 CFR 600.7(d) and (g) • Completion rates for short-term programs under 34 CFR 668.8(f) and (g) • Placement rates for short-term programs under https://www.ecfr.gov/current/title_x0002_34/subtitle-B/chapter-VI/part-668/subpart-A/section-668.8 34 CFR 668.8(e)(2)

Finding Details

Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 674.16 states that before an institution makes its first disbursement to a student, the student shall sign the promissory note and the institution shall provide the student with certain repayment information. Condition: There is no Perkins loam promissory note on file for certain students with open and retired loans. These promissory notes could not be located. Questioned costs: $12,159 Context: This condition occurred in 5 out of 40 students tested with open loans and for 3 out of 8 students tested with retired loans. Cause: The University was not able to locate these promissory notes. Effect: The University cannot provide documentation showing proper completion of promissory note as required by DOE requirements. Repeat Finding: No Recommendation: We recommend that the University implement a procedure be put in place to ensure proper record retention documenting the completion of promissory notes. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-007
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Condition: For students participating in the Federal Direct Loan and Pell Grant programs, the enrollment status change to withdrawal was not timely reported to NSLDS. Questioned costs: None Context: This condition occurred in 1 out of 17 students tested. Cause: The University’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the University review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-007
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Condition: For students participating in the Federal Direct Loan and Pell Grant programs, the enrollment status change to withdrawal was not timely reported to NSLDS. Questioned costs: None Context: This condition occurred in 1 out of 17 students tested. Cause: The University’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the University review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.34(d)(1) requires that an institution that evaluates satisfactory academic progress annually or less frequently than at the end of each payment period and determines that a student is not making progress under its policy may nevertheless disburse Title IV, HEA program funds to the student under the provisions of 34 CFR 668.34(d)(2) or 34 CFR 668.34(d)(3). Condition: As stated in the Financial Aid SAP policy, to successfully make and maintain SAP, a student must maintain a cumulative grade point average of 2.0 or higher for undergraduate students. A student who does not meet the minimum requirements for the rate of completion or cumulative GPA will be sent an SAP Warning and will have one semester to meet SAP requirements. If the student does not meet the required minimum GPA or credit hour completion rate at the end of the warning term, their financial aid will be suspended. During our testing of students’ eligibility for financial aid, 1 out of 40 students who received financial aid did not meet the satisfactory academic progress requirements as stated in the SAP policy. Additionally, 1 out of 40 students who did not meet the SAP cumulative GPA requirement was marked incorrectly as “Satisfactory SAP” instead of “Warning”. Questioned costs: $12,847 Context: This condition occurred in 2 out of 40 students tested. Cause: Students’ GPA was not reviewed closely enough to determine if students meet the requirements to received financial aid. Effect: Students who did not meet the SAP requirements and ineligible to receive financial aid were granted aid. Repeat Finding: No Recommendation: We recommend the University evaluate its procedures around the review and determination of students’ eligibility to receive financial aid. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 668.22(g)(ii)(2) institutional charges are tuition, fees, room and board (if the student contracts with the institution for the room and board) and other educationally-related expenses assessed by the institution. Condition: Incorrect institutional charges were utilized as inputs in the calculation of R2T4 for these students. Questioned costs: None Context: This condition occurred in 2 out of 5 students tested. Cause: The University does not have policies and procedures in place to ensure calculations are properly performed. Effect: The University is not completing accurate R2T4 calculations as defined by the regulations. Repeat Finding: Yes Recommendation: We recommend the University review the R2T4 requirements and implement procedures to ensure the R2T4 calculations are using the correct institutional charges and are accurately completed. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 674.16 states that before an institution makes its first disbursement to a student, the student shall sign the promissory note and the institution shall provide the student with certain repayment information. Condition: There is no Perkins loam promissory note on file for certain students with open and retired loans. These promissory notes could not be located. Questioned costs: $12,159 Context: This condition occurred in 5 out of 40 students tested with open loans and for 3 out of 8 students tested with retired loans. Cause: The University was not able to locate these promissory notes. Effect: The University cannot provide documentation showing proper completion of promissory note as required by DOE requirements. Repeat Finding: No Recommendation: We recommend that the University implement a procedure be put in place to ensure proper record retention documenting the completion of promissory notes. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
Criteria or specific requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Internal controls are not designed and operating effectively with no appropriate segregation of duties in the following areas: 1. Drawdowns for All Federal Awards – There was no control in place specifically designating the appropriate personnel who is responsible to perform the review of all drawdowns to ensure the information and amount are accurate. 2. Reconciliations of Pell Grants, Supplemental Educational Opportunity Grants (SEOG), Federal Work-Study, and Direct Loans between COD, Bank Accounts, and G5 – Reconciliations are prepared by the Associate Director of Financial Aid and reviewed by the Director of Financial Aid. There were no documentations of reviews to verify that these controls are operating effectively. 3. Federal Aid Packages – The Director of Financial Aid prepares and reviews all Federal aid packages. There was no adequate and proper segregation of duties. 4. Professional Judgement Determinations – The Director of Financial Aid prepares and reviews all professional judgement determinations. There was no adequate and proper segregation of duties. 5. Community Service Calculations for Federal-Work Study Program – The community service calculation is reviewed by the Associate Director of Financial Aid. There was no documentation of review to verify that these controls are operating effectively. 6. FISAP Report – The Director of Financial Aid prepares and reviews the FISAP report. There was no adequate and proper segregation of duties. 7. R2T4 Calculations - The Director of Financial Aid prepares and reviews the R2T4 calculations. There was no adequate and proper segregation of duties. 8. NSLDS Reporting – There is no control in place in relation to the review of the student status changes reported to NSLDS and to ensure that these are accurate and submitted timely in accordance with requirements set forth by the Department of Education. 9. Credit Balances - There is no control in place over the review of payment of credit balances to the student within 14 days. Questioned costs: None Context: This condition occurred in our various testing all throughout the audit of the Student Financial Aidt cluster. Cause: Internal controls are not adequately and properly designed to address the risks. Additionally, some controls in place are not operating effectively. Effect: 1. Internal Control deficiencies can lead to non-compliance with laws and regulations, operational inefficiencies and inaccuracies in financial reporting. 2. Improper or lack of segregation of duties can lead to increased risk of errors, fraud, and inefficiencies, as there is insufficient oversight and control. Repeat Finding: No Recommendation: We recommend the University review its internal controls over compliance as these are crucial in protecting the University’s assets, ensuring the accuracy of financial reporting, promoting operational efficiency, and ensuring compliance with laws and regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-006
Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include eight elements for institutions with 5,000 or more customers (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Additionally, institutions must conduct penetration testing and vulnerability assessments to ensure the effectiveness of their safeguards. Condition: Certain elements of the College’s information security program were not meeting GLBA requirements. Questioned costs: None Context: The College’s written information security program did not cover the following requirements: 1. The requirement to have the written information security program be approved by an appropriate individual. 2. The requirement to provide for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). a. The element missing is the requirement to encrypt customer information on the institution’s system and when it’s in transit. 3. The requirement to provide for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d) Cause: The College has not fully implemented its written information security program to meet all GLBA requirements. Effect: The College's written information security program is non-compliant with GLBA requirements, potentially exposing customer information to risks due to inadequate approval, missing safeguards, and lack of regular testing or monitoring. Repeat Finding: No Recommendation: We recommend the College ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-007
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Condition: For students participating in the Federal Direct Loan and Pell Grant programs, the enrollment status change to withdrawal was not timely reported to NSLDS. Questioned costs: None Context: This condition occurred in 1 out of 17 students tested. Cause: The University’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the University review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-007
Criteria or Specific Requirement: Internal Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Compliance – The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Condition: For students participating in the Federal Direct Loan and Pell Grant programs, the enrollment status change to withdrawal was not timely reported to NSLDS. Questioned costs: None Context: This condition occurred in 1 out of 17 students tested. Cause: The University’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the University review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials: There is no disagreement with the audit finding.