FINDING 2022-005 ? Reporting Requirements ? Smith-Lever; Significant Deficiency in Internal Control over Compliance U.S. Department of Agriculture, Smith-Lever Funding Assistance Listing Numbers: 10.511 Federal Program Name: Smith-Lever (Various Programs) Award Year: 2021-22 Criteria: In accordance with grant requirements, a filing of the SF-425 is required on an annual basis with a due date of December 30th. Condition and context: The annual report was submitted on April 18, 2022, which was past the due date of December 30, 2021. Questioned costs: None Effect: The College is not in compliance with reporting requirements of the grant. Cause: With a delay in the financial close and reporting cycle, there was a delay in filing the report. Repeat finding: No Recommendation: We recommend the College implement controls to ensure timely submission of annual report. Views of responsible officials and planned corrective actions: Controls are in place for the Finance Division to ensure the timely submission of required financial reports for grant programs. The Finance Division will review and strengthen its processes and controls to ensure that the reconciliations of account balances are done on a timely basis to make sure that the expenses reported in the annual reports are accurate. A timeline of required reports will be provided by the Finance Officer to the Assistant Finance Officer and Accountants to follow and ensure that reports are submitted in a timely manner. Anticipated completion of the corrective action is expected by September 2023.
FINDING 2022-003 ? Special Tests and Provisions - Enrollment Reporting Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Number: 84.063 Federal Program Name: Federal Pell Grant Program Award Year: 2021-22 Criteria: Pell Grant, Section 34 CFR Section 690.83(b) (2) An institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. The National Student Loan Data System (NSLDS) is the Department of Education?s (ED) centralized database for students? enrollment information. It is the College?s responsibility to update this information timely and accurately. Effective January 12, 2023; NSLDS has published issues with the enrollment reporting website, affecting submissions from July 19, 2022 to February 28, 2023, thus those have been removed from the condition and context section. The College determines how often it receives the Enrollment Reporting roster file with the default set at every 60 days. The College has engaged the National Student Clearinghouse's (NSC) services to assist with the reporting of student's status changes and degrees to the NSLDS. Condition and context: In our audit sample of 25 items, which included 12 withdrawals and 13 graduated students, 11 status changes were reported late to NSLDS. Our sample was selected using a random sampling methodology, from a population of 104 withdrawals, and 174 graduates. Subsequently, the withdrawn or graduated student status was corrected for the sampled students, but not within the required timeframe. Questioned costs: None Effect: This information is utilized by ED, the Federal Direct Loan program, lenders, and other institutions to determine in-school status. American Samoa Community College doesn?t participate in loan programs, which limits the effect of non-compliance. Cause: This occurred because of a lack of control in place to monitor for compliance. Repeat finding: Yes, 2021-003. Recommendation: We recommend the College follow and enhance existing policies to ensure all student changes in status are identified timely and submitted accurately within the required time frame. Furthermore, we recommend the College educate staff involved in the process regarding the Enrollment Reporting compliance responsibilities and the consequences of inaccurate reporting to the NSLDS via the NSC. This policy should specifically address the personnel assigned to various tasks (data entry and review). Opportunities for additional NSC training in this area and others are available through the NSC?s Clearinghouse Academy page. Lastly, we recommend the College establish an internal monitoring control whereby a designated individual with NSLDS access, spot-checks the status updates on NSLDS on a sample basis so as to internally audit the submissions. Views of responsible officials and planned corrective actions: NSLDS Plan and Corrective Actions: The Financial Aid Coordinator (control #1, with FA Officer as alternate) has been assigned to transmit the bi-monthly Enrollment Report roster. The control #1 reviews the roster and performs data entry, status updates and submission by the 15th of the reporting month. On the 1st of every nonreporting month, control #1 will review and report any enrollment status changes before the 15th. Counselor III (control #2) is assigned to monitor and spot check the status updates on NSLDS after the 25th of every month to internally audit the submissions. The policy will ensure all student changes in status are identified, updated and submitted timely and accurately. ASCC FAO participates in Federal Student Aid (FSA) training and conferences regarding NSLDS updates, changes and functionality. FAO also subscribes to the Weekly Knowledge Center Updates from FSA Partner Connect. ASCC is a member of the National Association of Student Financial Aid Administrators (NASFAA). All of these resources provide access and education in the process of enrollment reporting and compliance, as well as responsibilities and consequences of inaccurate reporting. Controls (#1 and #2) shall be included accordingly in the job descriptions of the Financial Aid Coordinator and Counselor III as well as the Financial Aid Standard Operating Procedures for consistency in compliance and reporting. Graduates: Students who graduate will be updated into NSLDS within one week after graduation. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.
FINDING 2022-005 ? Reporting Requirements ? Smith-Lever; Significant Deficiency in Internal Control over Compliance U.S. Department of Agriculture, Smith-Lever Funding Assistance Listing Numbers: 10.511 Federal Program Name: Smith-Lever (Various Programs) Award Year: 2021-22 Criteria: In accordance with grant requirements, a filing of the SF-425 is required on an annual basis with a due date of December 30th. Condition and context: The annual report was submitted on April 18, 2022, which was past the due date of December 30, 2021. Questioned costs: None Effect: The College is not in compliance with reporting requirements of the grant. Cause: With a delay in the financial close and reporting cycle, there was a delay in filing the report. Repeat finding: No Recommendation: We recommend the College implement controls to ensure timely submission of annual report. Views of responsible officials and planned corrective actions: Controls are in place for the Finance Division to ensure the timely submission of required financial reports for grant programs. The Finance Division will review and strengthen its processes and controls to ensure that the reconciliations of account balances are done on a timely basis to make sure that the expenses reported in the annual reports are accurate. A timeline of required reports will be provided by the Finance Officer to the Assistant Finance Officer and Accountants to follow and ensure that reports are submitted in a timely manner. Anticipated completion of the corrective action is expected by September 2023.
FINDING 2022-003 ? Special Tests and Provisions - Enrollment Reporting Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Number: 84.063 Federal Program Name: Federal Pell Grant Program Award Year: 2021-22 Criteria: Pell Grant, Section 34 CFR Section 690.83(b) (2) An institution shall submit, in accordance with deadline dates established by the Secretary, through publication in the Federal Register, other reports and information the Secretary requires and shall comply with the procedures the Secretary finds necessary to ensure that the reports are correct. The National Student Loan Data System (NSLDS) is the Department of Education?s (ED) centralized database for students? enrollment information. It is the College?s responsibility to update this information timely and accurately. Effective January 12, 2023; NSLDS has published issues with the enrollment reporting website, affecting submissions from July 19, 2022 to February 28, 2023, thus those have been removed from the condition and context section. The College determines how often it receives the Enrollment Reporting roster file with the default set at every 60 days. The College has engaged the National Student Clearinghouse's (NSC) services to assist with the reporting of student's status changes and degrees to the NSLDS. Condition and context: In our audit sample of 25 items, which included 12 withdrawals and 13 graduated students, 11 status changes were reported late to NSLDS. Our sample was selected using a random sampling methodology, from a population of 104 withdrawals, and 174 graduates. Subsequently, the withdrawn or graduated student status was corrected for the sampled students, but not within the required timeframe. Questioned costs: None Effect: This information is utilized by ED, the Federal Direct Loan program, lenders, and other institutions to determine in-school status. American Samoa Community College doesn?t participate in loan programs, which limits the effect of non-compliance. Cause: This occurred because of a lack of control in place to monitor for compliance. Repeat finding: Yes, 2021-003. Recommendation: We recommend the College follow and enhance existing policies to ensure all student changes in status are identified timely and submitted accurately within the required time frame. Furthermore, we recommend the College educate staff involved in the process regarding the Enrollment Reporting compliance responsibilities and the consequences of inaccurate reporting to the NSLDS via the NSC. This policy should specifically address the personnel assigned to various tasks (data entry and review). Opportunities for additional NSC training in this area and others are available through the NSC?s Clearinghouse Academy page. Lastly, we recommend the College establish an internal monitoring control whereby a designated individual with NSLDS access, spot-checks the status updates on NSLDS on a sample basis so as to internally audit the submissions. Views of responsible officials and planned corrective actions: NSLDS Plan and Corrective Actions: The Financial Aid Coordinator (control #1, with FA Officer as alternate) has been assigned to transmit the bi-monthly Enrollment Report roster. The control #1 reviews the roster and performs data entry, status updates and submission by the 15th of the reporting month. On the 1st of every nonreporting month, control #1 will review and report any enrollment status changes before the 15th. Counselor III (control #2) is assigned to monitor and spot check the status updates on NSLDS after the 25th of every month to internally audit the submissions. The policy will ensure all student changes in status are identified, updated and submitted timely and accurately. ASCC FAO participates in Federal Student Aid (FSA) training and conferences regarding NSLDS updates, changes and functionality. FAO also subscribes to the Weekly Knowledge Center Updates from FSA Partner Connect. ASCC is a member of the National Association of Student Financial Aid Administrators (NASFAA). All of these resources provide access and education in the process of enrollment reporting and compliance, as well as responsibilities and consequences of inaccurate reporting. Controls (#1 and #2) shall be included accordingly in the job descriptions of the Financial Aid Coordinator and Counselor III as well as the Financial Aid Standard Operating Procedures for consistency in compliance and reporting. Graduates: Students who graduate will be updated into NSLDS within one week after graduation. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-002 ? Special Tests and Provisions ? Return of Title IV Funds Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: Per 34 CFR Section 668.22; When a recipient of title IV grant or loan assistance withdraws from an institution during a payment period or period of enrollment in which the recipient began attendance, the institution must determine the amount of title IV grant or loan assistance that the student earned as of the student's withdrawal date. The unearned amount of title IV assistance to be returned is calculated by subtracting the amount of title IV assistance earned by the student as calculated from the amount of title IV aid that was disbursed to the student as of the date of the institution's determination that the student withdrew. Return of Title IV funds (R2T4) are required to be deposited or transferred into the Student Financial Assistance account or electronic fund transfers initiated to the Department of Education (ED) as soon as possible, but no later than 45 days after the date the institution determines that the student withdrew. Returns by check are late if the check is issued more than 45 days after the institution determined the student withdrew or the date on the canceled check shows the check was endorsed more than 60 days after the date the institution determined that the student withdrew (34 CFR 668.173(b)). Condition and context: A sample of 24 students who were recipients of Title IV funding and had withdrawn during the year was selected for our testing procedures. Our sample was selected using a random and judgmental sampling methodology, from a population of 59 total withdrawals. Student records were compared to the calculation of the return of Title IV funds. We noted that the identification of withdrawn students is not timely, therefore, the initial calculation to return Title IV was late for seven of the twenty-four selected for testing with four as official withdrawals and three as unofficial withdrawals. Questioned costs: None Effect: The College did not perform the Title IV calculation within a reasonable time, and as such the return of funds was delayed. Cause: This occurred because the process in place was not designed effectively to identify the withdrawal of students, either official or unofficial, to calculate the return of Title IV funds and to remit amounts on a timely basis. Repeat finding: Yes, 2021-002 Recommendation: We recommend the College implement a process to identify official and unofficial withdrawals on a timely basis and that the calculations be performed within the required timeframe. Views of responsible officials and planned corrective actions: Official Withdrawals: Financial Aid Counselors are responsible for the Identification of Official Withdrawals through the Attendance Pattern Comparison Report (APCR), which is run every Monday (or next business day). Each Counselor (control #1) is responsible for the performance of the R2T4 form for their respective students and forward to the designated Counselor (control #2) to ensure accuracy and completion. Control #2 is responsible to manually input the calculations into Datatel and ensure adjustments, if any, are processed and returned via COD. This action is to be completed and included in the next scheduled batch closure or no later than 45 days from the date of withdrawal. Unofficial Withdrawals: After final grades have been posted at the end of each session or semester, each counselor will review their respective students through student transcript, identify those with ?zero credits earned? and determine last date of attendance. Official Withdrawal procedures will then be performed. Official / Unofficial Withdrawal: All Withdrawals must then be reported to NSLDS by the Financial Aid Coordinator (with FA Officer as alternate) within 45 days. Anticipated completion of the corrective action is expected by June 2023.
FINDING 2022-004 ? Special Tests and Provisions ? Gramm-Leach-Bliley Act ? Student Information Security; Significant Deficiency in Internal Control over Compliance Student Financial Assistance Cluster U.S. Department of Education Assistance Listing Numbers: 84.063, 84.007, 84.033 Federal Program Name: Student Financial Assistance Cluster Award Year: 2021-22 Criteria: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as ?financial institutions? and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution?s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)) Condition and context: A written risk assessment wasn?t performed that addressed the three required areas noted in 6 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing, and responding to attacks, intrusions, or other systems failures until September 2022. Questioned costs: None Effect: The College does have limited controls in place surrounding student information security, which limits the effect of non-compliance. Cause: The finding and significant deficiency is due to a prior lack of understanding over the compliance requirement during the first half of the year and delays in implementation due to COVID-19. Repeat finding: Yes, 2021-004 Recommendation: We recommended the College?s designated individual should finalize and complete documentation surrounding the risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. This should be in place for the entire fiscal year. Views of responsible officials and planned corrective actions: The College has designated the Chief Information Officer (CIO) and on the following Items were completed in September 2022: a. ASCC Data / Information Security Program b. Risk Assessment that addresses (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures. The risk assessment identified action items to resolve findings and controls that are put in place in the meantime. Action Items and controls are reviewed and updated monthly. In November 2022, The Federal Student Aid (FSA) Cyber Compliance Team confirmed that ASCC has satisfied the minimum information security requirements under Gramm-Leach-Bliley Act (GLBA) and closed its. The next annual complete Risk Assessment will be completed in August 2023, and ASCC will continue to complete a Risk Assessment annually to stay in compliance with GLBA. Anticipated completion of the corrective action is expected by October 2023.