2025-001 Special Tests and Provisions - Enrollment Reporting Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests and Provisions). Program. Student Financial Assistance Cluster; U.S. Department of Education; Assistance Listing Number 84.268; Award Numbers P268K240222, and P268K250222. Criteria. Per 34 CFR §685.309(b)(2), institutions must report accurate enrollment status changes to the National Student Loan Data System (NSLDS) within 60 days of the date the institution determines a student has ceased to be enrolled at least half-time. The status effective date must reflect the actual date the student ceased attendance, not the date the institution processed or became aware of the change. Condition. In our testing of eighteen students, we noted two students reported with inaccurate effective dates. Cause. The University's reporting process relies on SAP system data for NSLDS reporting, which did not accurately reflect the student’s actual last date of attendance. Effect. This discrepancy may result in inaccurate enrollment status reporting to NSLDS, potentially affecting loan servicing, grace period calculations, and compliance with Title IV requirements. It may also lead to inconsistencies in federal reporting and audit findings. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the University enhance its policies and procedures regarding enrollment reporting to ensure that reporting is completed accurately and timely. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
2025-002 Special Tests and Provisions - Gramm Leach Bliley Act Missing Compliance Requirements Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Special Tests and Provisions). Program. Student Financial Assistance Cluster; U.S. Department of Education; Assistance Listing Numbers 84.007, 84.033, 84.063, 84.268 and 84.379; Award Numbers P007A241985, P033A241985, P063P220222, P063P230222, P063P240222, P268K240222, P268K250222, and P379T250222. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The Gramm Leach Bliley Policy, in effect at time of audit, failed to explicitly state how the University addressed the implementation of multi-factor authentication for anyone accessing customer information on the institution's system, conducting a periodic inventory of data that notes where it is collected, stored, or transmitted, encrypting customer information on the institution's system and when it's in transit, and anticipating and evaluating changes to the information system or network. Cause. The University did not have a review process in place for ensuring all required safeguard policies were written in the information security program in accordance with the Gramm Leach Bliley Act. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the University. Questioned Costs. No costs were required to be questioned as a result of this finding inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the University implement procedures to ensure that all Gramm Leach Bliley Policies are met and verified by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.