Audit 353088

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-008 —Allowable Costs and Cost Principles– Significant Deficiency in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior Titles: Assistance to Tribally Controlled Community Colleges ALN Number: 15.027 Award years: 2023 Criteria: According to 2 CFR Section 200.405(b) All activities which benefit from the recipient’s or subrecipient’s indirect cost, including unallowable activities and donated services by the recipient or subrecipient of third parties, will receive an appropriate allocation of indirect costs. Condition: The College improperly calculated indirect costs for the fiscal year and overcharged for the federal program by $49,481. Cause: The College did not have sufficient procedures in place to ensure that indirect cost charges were calculated correctly. Effect: The College is not in compliance with Allowable Costs and Cost Principles requirements. Questioned Costs: $49,481 Context: Indirect Costs were overcharged by $49,481 during fiscal year 2023. Recommendation: Enforce policies and procedures to ensure that the calculated rates are in agreement with the approved indirect cost rate, management should perform reviews of the calculation to ensure accuracy. Management’s Response: The College concurs with this finding.

2023-008 —Allowable Costs and Cost Principles– Significant Deficiency in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior Titles: Assistance to Tribally Controlled Community Colleges ALN Number: 15.027 Award years: 2023 Criteria: According to 2 CFR Section 200.405(b) All activities which benefit from the recipient’s or subrecipient’s indirect cost, including unallowable activities and donated services by the recipient or subrecipient of third parties, will receive an appropriate allocation of indirect costs. Condition: The College improperly calculated indirect costs for the fiscal year and overcharged for the federal program by $49,481. Cause: The College did not have sufficient procedures in place to ensure that indirect cost charges were calculated correctly. Effect: The College is not in compliance with Allowable Costs and Cost Principles requirements. Questioned Costs: $49,481 Context: Indirect Costs were overcharged by $49,481 during fiscal year 2023. Recommendation: Enforce policies and procedures to ensure that the calculated rates are in agreement with the approved indirect cost rate, management should perform reviews of the calculation to ensure accuracy. Management’s Response: The College concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-003 — IT – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: Without strong information technology internal controls and established policies and procedures, there is the potential for integrity of financial records, the confidentiality, integrity and/or availability of data to be compromised. This compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Condition: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Questioned Costs: N/A Cause: The IT controls have not been properly designed and implemented. Effect: The College is exposed to many risks regarding the integrity of the financial records, confidentiality, integrity and/or availability of its data. It is possible that their data could be compromised. Compromise could be by an internal user of the system, by an external source (hacker) and could be intentional or unintentional. Additionally, during fiscal year 2024, the College experienced an outage which resulted in a loss of data. As no backup procedures were in place, amounts had to be restored in the system using other financial source data. Auditor’s Recommendations: Establishing IT controls, policies and procedures, off-site electronic data backups, and a disaster recovery plan would better prepare the College for technology related issues, system crashes, or data breaches. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-004 — Journal Entry Approval Process – Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: A fundamental concept in a good system of internal control is a proper segregation of duties. Without adequate segregation of duties, the risk of an error or irregularity occurring and going undetected increases. Journal entries should be independently reviewed by someone other than the preparer of the entries prior to posting into the general ledger. No single individual should manage too many functions within a transaction cycle, and proper documentation should be maintained to show the review and approval process. Condition: Journal entries selected as part of our single audit testing were not reviewed or approved by anyone other than the preparer. Additionally, there was no documentation showing the review and approval process. The journal entries provided did not contain sufficient supporting documentation. Questioned Costs: N/A Cause: The College has limited staff and therefore proper segregation of duties has been difficult to accomplish. Effect: Without strong segregation of duties, there is an increase in the likelihood of errors or fraud. Auditor’s Recommendations: Establishing journal entry controls including an independent review and approval process for all entries and ensuring sufficient documentation is maintained for each entry. Management’s Response: Management concurs with this finding.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-005 — Single Audit Report Submission – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of finding 2022-003 and 2021-001) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: The Uniform Guidance 2 CFR 200.512 (a) requires the audit package and data collection from be submitted 30 days after receipt of the auditor’s report or 9 months after the end of the fiscal year, whichever comes first. Condition: The College’s fiscal year 2023 single audit reporting package was not submitted within nine months after the end of the audit period. Questioned Costs: N/A Cause: The College did not have appropriate internal control policies and procedures in place to ensure accounting records and financial statements were reconciled timely and the audit conducted to meet compliance requirements. Effect: The single audit reporting package was submitted after the required reporting time period. Auditor’s Recommendations: To ensure compliance with the Uniform Guidance, the College should prepare accurate, complete, and timely financial statements and ensure an audit is performed to ensure the timely submission of the single audit reporting package. Management’s Response: Management has implemented policies and procedures to ensure the timely submission of single audit reporting package.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-006 — Procurement – Material Weakness in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.318i, the recipient or subrecipient must maintain records sufficient to detail the history of each procurement transaction. These records must include the rationale for the procurement method, contract type selection, contractor selection or rejection, and the basis for the contract price. According to 2 CFR Section 0200.319a, all procurement transactions under the federal award must be conducted in a manner that provides full and open competition. Condition: The College did not maintain records sufficient to detail the history of each procurement transaction for the nine procurements contracts tested. Cause: The College did not have sufficient procedures in place to ensure that procurement records are maintained. Effect: The College is not in compliance with procurement requirements. Questioned Costs: None Context: Procurement documents were not retained for nine out of nine transactions tested. Recommendation: Formally document and enforce policies and procedures that will promote adequate monitoring of the procurement and bidding process. Ensure that any contract over the College’s threshold ($150,000) follow the sealed bid requirements listed in 2 CFR Section 200.320b1. Management’s Response: The College concurs with this finding.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-007 — Reporting – Significant Deficiency in Internal Control Over Compliance and Noncompliance (Repeat of Finding 2022-005, 2021-002 and 2020-004) Federal program information: Funding agencies: U.S. Department of Interior and U.S. Department of Education Titles: Assistance to Tribally Controlled Community Colleges; Higher Education Institutional Aid; and Education Stabilization Fund ALN Number: 15.027, 84.031, and 84.425 Award years: Various Criteria: According to 2 CFR Section 200.328, nonfederal entities may be required to submit performance reports at least annually as required by the terms of the federal award. In addition, ALN 84.425 requires quarterly expenditure and budget reports. Condition: The College did not submit annual performance reports on time for all three programs. The annual report for ALN 84.031 was inaccurate. In addition, two quarterly reports required for ALN 84.425 were not submitted timely. Cause: The College did not have sufficient procedures in place to ensure that the reports were completed timely and accurately. Effect: The three annual reports and two quarterly reports examined were submitted after the required time and one report was inaccurate. Questioned Costs: None Context: The annual reports and two quarterly reports were not submitted timely and one report was not accurate. Recommendation: The College should ensure that all grant reports are prepared in a timely manner and are accurate. Management’s Response: The College will ensure that all grant reports are reviewed in detail and information reported will be traced to the source reports by the reviewer. The College also implemented policies and procedures to ensure all grant reports are submitted prior to the due date.

2023-008 —Allowable Costs and Cost Principles– Significant Deficiency in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior Titles: Assistance to Tribally Controlled Community Colleges ALN Number: 15.027 Award years: 2023 Criteria: According to 2 CFR Section 200.405(b) All activities which benefit from the recipient’s or subrecipient’s indirect cost, including unallowable activities and donated services by the recipient or subrecipient of third parties, will receive an appropriate allocation of indirect costs. Condition: The College improperly calculated indirect costs for the fiscal year and overcharged for the federal program by $49,481. Cause: The College did not have sufficient procedures in place to ensure that indirect cost charges were calculated correctly. Effect: The College is not in compliance with Allowable Costs and Cost Principles requirements. Questioned Costs: $49,481 Context: Indirect Costs were overcharged by $49,481 during fiscal year 2023. Recommendation: Enforce policies and procedures to ensure that the calculated rates are in agreement with the approved indirect cost rate, management should perform reviews of the calculation to ensure accuracy. Management’s Response: The College concurs with this finding.

2023-008 —Allowable Costs and Cost Principles– Significant Deficiency in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Interior Titles: Assistance to Tribally Controlled Community Colleges ALN Number: 15.027 Award years: 2023 Criteria: According to 2 CFR Section 200.405(b) All activities which benefit from the recipient’s or subrecipient’s indirect cost, including unallowable activities and donated services by the recipient or subrecipient of third parties, will receive an appropriate allocation of indirect costs. Condition: The College improperly calculated indirect costs for the fiscal year and overcharged for the federal program by $49,481. Cause: The College did not have sufficient procedures in place to ensure that indirect cost charges were calculated correctly. Effect: The College is not in compliance with Allowable Costs and Cost Principles requirements. Questioned Costs: $49,481 Context: Indirect Costs were overcharged by $49,481 during fiscal year 2023. Recommendation: Enforce policies and procedures to ensure that the calculated rates are in agreement with the approved indirect cost rate, management should perform reviews of the calculation to ensure accuracy. Management’s Response: The College concurs with this finding.