FAC Explorer

Audit 43905

FY End
2022-06-30
Total Expended
$65.64M
Findings
16
Programs
21
Organization: University of Hartford (CT)
Year: 2022 Accepted: 2023-03-30
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
52228 2022-002 Significant Deficiency - N
52229 2022-002 Significant Deficiency - N
52230 2022-001 Significant Deficiency - N
52231 2022-002 Significant Deficiency - N
52232 2022-002 Significant Deficiency - N
52233 2022-003 Significant Deficiency Yes N
52234 2022-002 Significant Deficiency - N
52235 2022-003 Significant Deficiency Yes N
628670 2022-002 Significant Deficiency - N
628671 2022-002 Significant Deficiency - N
628672 2022-001 Significant Deficiency - N
628673 2022-002 Significant Deficiency - N
628674 2022-002 Significant Deficiency - N
628675 2022-003 Significant Deficiency Yes N
628676 2022-002 Significant Deficiency - N
628677 2022-003 Significant Deficiency Yes N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $43.48M Yes 2
84.063 Federal Pell Grant Program $5.70M Yes 2
84.425 Education Stabilization Fund $3.64M Yes 0
84.038 Federal Perkins Loan Program $3.48M Yes 2
97.036 Disaster Grants - Public Assistance (presidentially Declared Disasters) $906,726 Yes 0
43.008 Education $677,995 Yes 0
84.007 Federal Supplemental Educational Opportunity Grants $591,926 Yes 1
84.033 Federal Work-Study Program $356,732 Yes 1
59.043 Women's Business Ownership Assistance $277,385 - 0
14.218 Community Development Block Grants/entitlement Grants $50,000 - 0
47.041 Engineering $44,516 Yes 0
84.215 Fund for the Improvement of Education $39,999 - 0
47.076 Education and Human Resources $29,557 Yes 0
12.420 Military Medical Research and Development $22,872 Yes 0
93.191 Graduate Psychology Education Program and Patient Navigator and Chronic Disease Prevention Program $21,984 Yes 0
84.037 Federal Perkins Loan Cancellations $19,272 Yes 0
93.110 Maternal and Child Health Federal Consolidated Programs $18,825 Yes 0
93.243 Substance Abuse and Mental Health Services_projects of Regional and National Significance $8,801 - 0
12.300 Basic and Applied Scientific Research $3,699 Yes 0
11.417 Sea Grant Support $2,603 Yes 0
20.205 Highway Planning and Construction $100 Yes 0

Contacts

Name Title Type
G1HAYR9Y1FJ9 Elaine Daly Auditee
8607684652 Vicki Raivitch Auditor
No contacts on file

Notes to SEFA

Title: Loan/loan guarantee outstanding balances Accounting Policies: Basis of PresentationThe accompanying Schedule of Expenditures of Federal Awards (the Schedule) includes the federal grant activity of the University of Hartford (the University) for the year ended June 30, 2022 and is presented on the accrual basis of accounting. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principals, and Audit Requirements of Federal Awards. This Schedule presents only a selected portion of the Universitys operations, and it is not intended to and does not present the financial position, changes in net assets or cash flows of the University. De Minimis Rate Used: N Rate Explanation: The University applies its predetermined approved facilities and administrative rate when charging indirect costs to federal awards rather than the 10% de minimis cost rate as described in Section 200.414 of the Uniform Guidance. The University has negotiated a predetermined facilities and administration cost rate, which is effective for the period of July 1, 2016 through June 30, 2022. The predetermined rate is based upon 2016 financial information and is 43% for on-campus and 32% for off-campus research. The base used to calculate indirect costs for the University is direct salaries and wages. During the year ended June 30, 2022, the University processed $43,476,904 of new loans under the Federal Direct Loan Program (Assistance Listing Number 84.268). With respect to the Direct Loan program, the University is responsible only for the performance of certain administrative duties as part of the initial disbursement of the loans, and, accordingly, these loan balances are not in the Universitys financial statements. It is not practical to determine the balances of loans outstanding from students of the University under this program as of June 30, 2022.Under federal law, the authority for schools to make new loans under the Perkins Loan Program ended on September 30, 2017, and final disbursements were permitted through June 30, 2018. The amount included on the schedule of expenditures of federal awards includes the outstanding balance as of June 30, 2021 of $3,484,196. The outstanding loan balance as of June 30, 2022 was $2,957,366. Perkins loan cancellations (Assistance Listing Number 84.037) equaled $19,272for the year ended June 30, 2022.

Finding Details

Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-001
2022-001 ? Perkins Loan Recordkeeping and Record Retention Federal Agency: U.S. Department of Education Federal Program Title: Federal Perkins Loan Program Federal Assistance Listing Number: 84.038 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: An institution shall keep original promissory notes and repayment schedules until Perkins loans are satisfied. If required to release original documents in order to enforce the loan, the institution must retain certified true copies of those documents. An institution shall keep the original paper promissory note or original paper MPN and repayment schedules in a locked, fireproof container (34 CFR 674.19(e)(4)). Condition: Original promissory notes were unable to be located. Questioned costs: None. Context: During our testing, we noted 7 instances out of 40 open Perkins loans tested where the University was unable to locate the original promissory note. Cause: The University did not have the appropriate policies and procedures in place when Perkins loans were awarded to students in order to ensure that recordkeeping and retention regulations were being followed. Effect: Open loan balances for these loans are not supported by an original promissory note. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around recordkeeping and record retention. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-003
2022-003 ? National Student Loan Data System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student?s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school?s Office of Postsecondary Education Identification (OPEID) number and the program?s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don?t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students? enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: ? 1 student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Withdraw but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. ? 16 students out of the sample of 40 students tested were reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. ? 2 students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students? grace period should begin. Repeat finding: Yes, 2021-001. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-003
2022-003 ? National Student Loan Data System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student?s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school?s Office of Postsecondary Education Identification (OPEID) number and the program?s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don?t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students? enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: ? 1 student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Withdraw but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. ? 16 students out of the sample of 40 students tested were reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. ? 2 students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students? grace period should begin. Repeat finding: Yes, 2021-001. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-001
2022-001 ? Perkins Loan Recordkeeping and Record Retention Federal Agency: U.S. Department of Education Federal Program Title: Federal Perkins Loan Program Federal Assistance Listing Number: 84.038 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: An institution shall keep original promissory notes and repayment schedules until Perkins loans are satisfied. If required to release original documents in order to enforce the loan, the institution must retain certified true copies of those documents. An institution shall keep the original paper promissory note or original paper MPN and repayment schedules in a locked, fireproof container (34 CFR 674.19(e)(4)). Condition: Original promissory notes were unable to be located. Questioned costs: None. Context: During our testing, we noted 7 instances out of 40 open Perkins loans tested where the University was unable to locate the original promissory note. Cause: The University did not have the appropriate policies and procedures in place when Perkins loans were awarded to students in order to ensure that recordkeeping and retention regulations were being followed. Effect: Open loan balances for these loans are not supported by an original promissory note. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around recordkeeping and record retention. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-003
2022-003 ? National Student Loan Data System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student?s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school?s Office of Postsecondary Education Identification (OPEID) number and the program?s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don?t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students? enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: ? 1 student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Withdraw but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. ? 16 students out of the sample of 40 students tested were reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. ? 2 students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students? grace period should begin. Repeat finding: Yes, 2021-001. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.
Finding 2022-002
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.
Finding 2022-003
2022-003 ? National Student Loan Data System (NSLDS) Reporting Federal Agency: U.S. Department of Education Federal Program Title: Federal Pell Grant Program; Federal Direct Loan Program Federal Assistance Listing Number: 84.063 and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Per U.S. Department of Education (ED) regulations, all schools participating (or approved to participate) in the Federal Student Aid programs must have an arrangement to report student enrollment data to the NSLDS through a roster file. The school is required to report enrollment status at both the school and program level. The school is required to report changes in the student?s enrollment status, the effective date of the status and an anticipated completion date. An academic program is defined as the combination of the school?s Office of Postsecondary Education Identification (OPEID) number and the program?s Classification of Instructional Program (CIP) code, credential level, and published program length. ED requires the University to report changes in enrollment status and indicate the date that the changes occurred (34 CFR 685.309). Changes in enrollment status must be reported within 30 days. However, if a roster file is expected within 60 days, you may provide the date on that roster file. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don?t pass the NSLDS enrollment reporting edits. ED requires the University to report changes in enrollment status within 30 or 60 days that the University determined the changes occurred (34 CFR 682.610). Condition: Certain students? enrollment information was not reported accurately or timely to the NSLDS. Questioned costs: None. Context: During our testing, we noted: ? 1 student out of a sample of 40 students tested was reported to the NSLDS with an enrollment status of Withdraw but was never updated subsequently to an enrollment status of Graduated for graduating from the University. This effected both the campus-level and program-level records in the NSLDS. ? 16 students out of the sample of 40 students tested were reported to the NSLDS with the incorrect effective date on the campus-level and program-level in NSLDS. ? 2 students out of a sample of 40 students tested were not reported to the campus-level record in the NSLDS in a timely manner. Cause: The University's system for which the information is pulled and sent to the NSLDS was not updated for the proper enrollment information per the University's records that are outside of the system. Effect: Inaccurate reporting to the NSLDS can result in incorrect determination of when the students? grace period should begin. Repeat finding: Yes, 2021-001. Recommendation: We recommend the University review its policies and procedures on reporting enrollment information to the NSLDS to ensure that all relevant information is being captured accurately and reported timely in accordance with applicable regulations. Views of responsible officials: Management agrees with the finding.