FAC Explorer

Audit 351264

FY End
2024-06-30
Total Expended
$17.33M
Findings
22
Programs
8
Organization: Chestnut Hill College (PA)
Year: 2024 Accepted: 2025-03-31
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
544776 2024-002 Significant Deficiency Yes E
544777 2024-003 Significant Deficiency - N
544778 2024-003 Significant Deficiency - N
544779 2024-003 Significant Deficiency - N
544780 2024-003 Significant Deficiency - N
544781 2024-004 Significant Deficiency Yes N
544782 2024-004 Significant Deficiency Yes N
544783 2024-005 Significant Deficiency Yes N
544784 2024-005 Significant Deficiency Yes N
544785 2024-005 Significant Deficiency Yes N
544786 2024-005 Significant Deficiency Yes N
1121218 2024-002 Significant Deficiency Yes E
1121219 2024-003 Significant Deficiency - N
1121220 2024-003 Significant Deficiency - N
1121221 2024-003 Significant Deficiency - N
1121222 2024-003 Significant Deficiency - N
1121223 2024-004 Significant Deficiency Yes N
1121224 2024-004 Significant Deficiency Yes N
1121225 2024-005 Significant Deficiency Yes N
1121226 2024-005 Significant Deficiency Yes N
1121227 2024-005 Significant Deficiency Yes N
1121228 2024-005 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $13.42M Yes 4
84.063 Federal Pell Grant Program $2.80M Yes 3
93.575 Child Care and Development Block Grant $376,644 - 0
84.031 Higher Education Institutional Aid $325,450 - 0
84.033 Federal Work-Study Program $142,920 Yes 0
84.038 Federal Perkins Loan Program_federal Capital Contributions $135,628 Yes 0
84.007 Federal Supplemental Educational Opportunity Grants $118,905 Yes 2
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $3,772 Yes 2

Contacts

Name Title Type
MUMJENHYFLG3 Brian McCloskey Auditee
2152487163 David Jacobson Auditor
No contacts on file

Notes to SEFA

Title: LOAN PROGRAMS Accounting Policies: BASIS OF PRESENTATION The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of Chestnut Hill College (the College) under programs of the federal government for the year ended June 30, 2024. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES Expenditures reported in the Schedule are reporting on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: INDIRECT COST RATE The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The Federal Perkins Loan Program is administered directly by the College, and balances and transactions relating to this program are included in the College's basic financial statements. Loans outstanding at the beginning of the year and loans made during the year are included in the federal expenditures presented in the Schedule. Federal Perkins loans outstanding at June 30, 2024 totaled $11,800.
Title: STUDENT FINANCIAL AID AND INSTITUTIONAL PROGRAM ELIGIBILITY METRICS Accounting Policies: BASIS OF PRESENTATION The accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of Chestnut Hill College (the College) under programs of the federal government for the year ended June 30, 2024. The information in the Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College. SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES Expenditures reported in the Schedule are reporting on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: INDIRECT COST RATE The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The College is in compliance with the following institutional and program eligibility requirements under the Higher Education Act of 1965 and Federal regulations under 34 CFR 668.23: • Correspondence courses the institution offers under 34 CFR 600.7(b) and (g) • Regular students that enroll in correspondence courses under 34 CFR 600.7(b) and (g) • Institution’s regular students that are incarcerated under 34 CFR 600.7(c) and (g) • Completion rates for confined or incarcerated individuals enrolled in non-degree programs at nonprofit institutions under 34 CFR 600.7(c)(3)(ii) and (g) • Institution’s regular students that lack a high school diploma or its equivalent under 34 CFR 600.7(d) and (g) • Completion rates for short-term programs under 34 CFR 668.8(f) and (g) • Placement rates for short-term programs under https://www.ecfr.gov/current/title-34/subtitle-B/chapter-VI/part-668/subpart-A/section-668.8 34 CFR 668.8(e)(2)

Finding Details

Finding 2024-002
2024–002: Exit Counseling Federal Agency: U.S. Department of Education Federal Program Name: Federal Direct Student Loans Assistance Listing Number: 84.268 Federal Award Identification Number and Year: P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.304 require entrance counseling be performed before disbursing loan funds to the student for Direct Subsidized Loan, Direct Unsubsidized Loan and Direct PLUS Loan to a graduate or professional student. The regulations also require exit counseling for all students who cease at least half-time study at the school. Condition: During our testing, it was noted that an individual did not receive exit counseling after their departure from the College. Questioned costs: None. Context: 1 out of 40 students tested did not receive exit counseling within the required 30 days of a student ceasing attendance. Cause: The College did not follow its policies and procedures to ensure students who departed the College received direct loan exit counseling. Effect: Students are not receiving the proper loan counseling which may contribute to a higher default rate. Repeat Finding: Yes, 2023-004. Recommendation: We recommend the College review its policies and procedures around sending exit counseling information to students to ensure students are receiving proper counseling. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
2024–004: National Student Loan Database System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Name: Federal Pell Grant Program; Federal Direct Student Loans Assistance Listing Number: 84.063, 84.268 Federal Award Identification Number and Year: P063P242088, P063Q232088, P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the College to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the College to report changes in enrollment status within 30 or 60 days that the College determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted the following: • 15 out of a sample of 40 students tested had an enrollment effective date in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS. • 4 out of a sample of 40 students tested had an enrollment status in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS • 2 out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: Management's procedures to report accurate and timely information to the NSLDS were not operating effectively. Effect: Inaccurate reporting to the NSLDS can impact when students enter repayment periods or affect their interest rates. Repeat Finding: Yes, 2023-006. Recommendation: We recommend the College evaluate its procedures and review policies in overseeing submissions to the NSLDS completed by the third-party servicer. Additionally, we recommend the College review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured and reported timely in accordance with applicable regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
2024–004: National Student Loan Database System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Name: Federal Pell Grant Program; Federal Direct Student Loans Assistance Listing Number: 84.063, 84.268 Federal Award Identification Number and Year: P063P242088, P063Q232088, P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the College to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the College to report changes in enrollment status within 30 or 60 days that the College determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted the following: • 15 out of a sample of 40 students tested had an enrollment effective date in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS. • 4 out of a sample of 40 students tested had an enrollment status in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS • 2 out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: Management's procedures to report accurate and timely information to the NSLDS were not operating effectively. Effect: Inaccurate reporting to the NSLDS can impact when students enter repayment periods or affect their interest rates. Repeat Finding: Yes, 2023-006. Recommendation: We recommend the College evaluate its procedures and review policies in overseeing submissions to the NSLDS completed by the third-party servicer. Additionally, we recommend the College review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured and reported timely in accordance with applicable regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-002
2024–002: Exit Counseling Federal Agency: U.S. Department of Education Federal Program Name: Federal Direct Student Loans Assistance Listing Number: 84.268 Federal Award Identification Number and Year: P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Code of Federal Regulations, 34 CFR 685.304 require entrance counseling be performed before disbursing loan funds to the student for Direct Subsidized Loan, Direct Unsubsidized Loan and Direct PLUS Loan to a graduate or professional student. The regulations also require exit counseling for all students who cease at least half-time study at the school. Condition: During our testing, it was noted that an individual did not receive exit counseling after their departure from the College. Questioned costs: None. Context: 1 out of 40 students tested did not receive exit counseling within the required 30 days of a student ceasing attendance. Cause: The College did not follow its policies and procedures to ensure students who departed the College received direct loan exit counseling. Effect: Students are not receiving the proper loan counseling which may contribute to a higher default rate. Repeat Finding: Yes, 2023-004. Recommendation: We recommend the College review its policies and procedures around sending exit counseling information to students to ensure students are receiving proper counseling. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-003
2024–003: Return of Title IV (R2T4) Calculations Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Once a students’ withdrawal date is determined, a school needs to calculate the percentage of the payment period or period of enrollment completed. Institutionally scheduled breaks of five or more consecutive days are excluded from the return of Title IV calculation as periods of nonattendance and, therefore, do not affect the calculation of the amount of Federal Student Aid earned (34 CFR 668.22(f)(2)(i)). Condition: During our testing, it was noted the College’s process did not ensure scheduled breaks were properly factored into the R2T4 calculations for the Spring 2024 term. Questioned costs: $259. Context: The College did not correctly factor in scheduled breaks to 5 of the 8 students tested. The College used 12 days of scheduled breaks but should have factored in 14 days in the Spring 2024 R2T4 calculations. Cause: Management had a process in place for using the correct withdrawal date and number of days in the schedule break, but the process was not followed for 5 students. Effect: The College did not complete an accurate calculation as defined by Federal regulations. Repeat Finding: No Recommendation: We recommend the College review the R2T4 requirements and implement procedures to ensure scheduled breaks are properly factored into the R2T4 calculations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
2024–004: National Student Loan Database System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Name: Federal Pell Grant Program; Federal Direct Student Loans Assistance Listing Number: 84.063, 84.268 Federal Award Identification Number and Year: P063P242088, P063Q232088, P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the College to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the College to report changes in enrollment status within 30 or 60 days that the College determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted the following: • 15 out of a sample of 40 students tested had an enrollment effective date in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS. • 4 out of a sample of 40 students tested had an enrollment status in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS • 2 out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: Management's procedures to report accurate and timely information to the NSLDS were not operating effectively. Effect: Inaccurate reporting to the NSLDS can impact when students enter repayment periods or affect their interest rates. Repeat Finding: Yes, 2023-006. Recommendation: We recommend the College evaluate its procedures and review policies in overseeing submissions to the NSLDS completed by the third-party servicer. Additionally, we recommend the College review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured and reported timely in accordance with applicable regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-004
2024–004: National Student Loan Database System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Name: Federal Pell Grant Program; Federal Direct Student Loans Assistance Listing Number: 84.063, 84.268 Federal Award Identification Number and Year: P063P242088, P063Q232088, P268K252088 - 2024 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student’s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school’s Office of Postsecondary Education Identification (OPEID) number and the program’s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the College to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. ED requires the College to report changes in enrollment status within 30 or 60 days that the College determined the changes occurred (34 CFR 682.610). Condition: Certain students’ enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted the following: • 15 out of a sample of 40 students tested had an enrollment effective date in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS. • 4 out of a sample of 40 students tested had an enrollment status in the program-level records in the NSLDS that did not match what was reflected in the College’s records and the campus-level record in the NSLDS • 2 out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: Management's procedures to report accurate and timely information to the NSLDS were not operating effectively. Effect: Inaccurate reporting to the NSLDS can impact when students enter repayment periods or affect their interest rates. Repeat Finding: Yes, 2023-006. Recommendation: We recommend the College evaluate its procedures and review policies in overseeing submissions to the NSLDS completed by the third-party servicer. Additionally, we recommend the College review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured and reported timely in accordance with applicable regulations. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.
Finding 2024-005
2024-005: Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Federal Supplemental Educational Opportunity Grants; Federal Pell Grant Program; Federal Direct Student Loans; Teacher Education Assistance for College and Higher Education Grants Assistance Listing Number: 84.007, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A243557, P063P242088, P063Q232088, P268K252088 - 2024; P379T232088 - 2023 Award Period: July 01, 2023 - June 30, 2024 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the U.S. Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College had not developed and implemented an approved written information security program. Cause: The College did not develop and implement a written information security program as required by the Gramm-Leach-Bliley Act. Effect: The students’ personal information could be vulnerable. Repeat Finding: Yes, 2023-008. Recommendation: The College should develop and implement an approved written information security program and verify there is a risk management section that describes how the College is identifying, assessing and communicating risks. In addition, there should be a description on the evaluation of safeguard sufficiency in mitigating risks. The information security program should also include the following: • IT Security Policy • Acceptable Use Policy • Incident Response Policy • Data Classification Policies • Vendor Management Policy • Patch Management Policy • Data Disposal Policy • Risk Assessment Policy • Logical Access and User Access Review Policies • Evidence of Review by CIO/CISO and responsibility of program Views of responsible officials: There is no disagreement with the audit finding.