FAC Explorer

Audit 4840

FY End
2023-06-30
Total Expended
$15.97M
Findings
24
Programs
20
Organization: Lincoln Land Community College (IL)
Year: 2023 Accepted: 2023-11-30
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
2952 2023-001 Significant Deficiency - N
2953 2023-001 Significant Deficiency - N
2954 2023-001 Significant Deficiency - N
2955 2023-001 Significant Deficiency - N
2956 2023-002 Significant Deficiency - E
2957 2023-002 Significant Deficiency - E
2958 2023-002 Significant Deficiency - E
2959 2023-002 Significant Deficiency - E
2960 2023-003 Significant Deficiency - N
2961 2023-003 Significant Deficiency - N
2962 2023-003 Significant Deficiency - N
2963 2023-003 Significant Deficiency - N
579394 2023-001 Significant Deficiency - N
579395 2023-001 Significant Deficiency - N
579396 2023-001 Significant Deficiency - N
579397 2023-001 Significant Deficiency - N
579398 2023-002 Significant Deficiency - E
579399 2023-002 Significant Deficiency - E
579400 2023-002 Significant Deficiency - E
579401 2023-002 Significant Deficiency - E
579402 2023-003 Significant Deficiency - N
579403 2023-003 Significant Deficiency - N
579404 2023-003 Significant Deficiency - N
579405 2023-003 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $6.89M Yes 3
84.268 Federal Direct Student Loans $5.71M Yes 3
84.048 Career and Technical Education -- Basic Grants to States $437,163 - 0
84.002 Adult Education - Basic Grants to States $268,144 - 0
93.575 Child Care and Development Block Grant $266,050 - 0
84.042 Trio_student Support Services $261,018 - 0
84.007 Federal Supplemental Educational Opportunity Grants $175,242 Yes 3
21.027 Coronavirus State and Local Fiscal Recovery Funds $147,725 - 0
84.033 Federal Work-Study Program $146,734 Yes 3
84.335 Child Care Access Means Parents in School $90,413 - 0
17.268 H-1b Job Training Grants $60,000 - 0
17.261 Wia Pilots, Demonstrations, and Research Projects $55,457 - 0
10.558 Child and Adult Care Food Program $45,211 - 0
81.129 Energy Efficiency and Renewable Energy Technology Deployment, Demonstration and Commercialization $43,701 - 0
84.425 Education Stabilization Fund $42,415 Yes 0
20.205 Highway Planning and Construction $33,932 - 0
20.235 Commercial Motor Vehicle Operator Training Grants $26,520 - 0
11.307 Economic Adjustment Assistance $18,757 - 0
84.116 Fund for the Improvement of Postsecondary Education $18,064 - 0
20.112 Aviation Maintenance Technical Workforce Grant Program $7,178 - 0

Contacts

Name Title Type
KN4JX3CSXLY3 Karie Longhta Auditee
2177862263 Adam Pulley Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principals contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. As of and during the year ended June 30, 2023, the College did not receive any noncash federal assistance, federal insurance, or loan guarantees. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Lincoln Land Community College – Community College District #526 (the College) under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of operations of the College, it is not intended to and does not present the net position, revenues, expenses, and changes in net position, or cash flows of the College.
Title: NONCASH ASSISTANCE Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principals contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. As of and during the year ended June 30, 2023, the College did not receive any noncash federal assistance, federal insurance, or loan guarantees. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. There was no noncash assistance in the current year.
Title: DIRECT LOAN PROGRAMS Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principals contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. As of and during the year ended June 30, 2023, the College did not receive any noncash federal assistance, federal insurance, or loan guarantees. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. During the fiscal year ended June 30, 2023, students and their parents were awarded $5,707,393 of federally guaranteed loans under the Federal Direct Student Loan Program. The College is responsible only for the performance of certain administrative duties with respect to the federally guaranteed student loan programs and, accordingly, balances relating to these loan programs are not included in the College’s basic financial statements.
Title: BACKGROUND INFORMATION ON GRANT ACTIVITY Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principals contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursements. As of and during the year ended June 30, 2023, the College did not receive any noncash federal assistance, federal insurance, or loan guarantees. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. Federal Basic: Grant is awarded to Adult Education and Family Literacy providers to assist adults in becoming literate and obtain the knowledge and skills necessary for employment and self-sufficiency; to assist adults who are parents in obtaining the educational skills necessary to become full partners in the educational development of their children; and to assist adults in completing a secondary school education. Career and Technical Education – Basic Grants to State (Perkins)/Federal Assistance Listing #84.048 Grant is awarded to community colleges as a result of the Carl D. Perkins Vocational and Technical Education Act of 1998 (Perkins III). This grant is intended to help accomplish the new vision of vocational and technical education for the 21st century. The central goals of this new vision are improving student achievement and preparing students for postsecondary education, further learning, and careers. The grant allows community colleges to focus on those programs and student populations they feel will allow for the greatest improvement in overall performance while assuring success for all students in career and technical education programs.

Finding Details

Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-001
Section III – Federal Award Findings and Questioned Costs 2023 – 001 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Context: During our testing of the College’s information technology, we noted the following items in the College’s written security program did not meet the following compliance requirements: • Implementation and periodic review of access controls • Encryption of customer information on the College’s system and when it is in transit • Evaluating, assessing or testing the security of applications that transmit sensitive information • The anticipation and evaluation of changes to the information system or network • Regular testing or monitoring of established safeguards to ensure effectiveness • The implementation of policies and procedures which ensure personnel can enact the information security program • The monitoring of the College’s information system service providers Cause: The College has continued to make progress in updating the College’s written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the College designate an individual to oversee the information security function and work to update the College’s written security program to ensure compliance with all the standards. Views of responsible officials: Lincoln Land Community College (LLCC) acknowledges and takes seriously the audit findings presented, highlighting areas where compliance requirements were not met. These findings are crucial in ensuring the ongoing enhancement of our Information Security Program. To address these concerns LLCC has proactively taken several measures. In June 2022, the College appointed an IT Security and Assurance Manager, tasked with overseeing the Information Security Program and ensuring compliance with the Gramm-Leach-Bliley Act (GLBA). The Manager has played a pivotal role in developing a comprehensive roadmap to guide the continued evolution of our Information Security Program. This roadmap specifically outlines the steps required to address the identified deficiencies, as detailed in the schedule of findings document received from the CLA. LLCC affirms its agreement with the details provided in the document and has prioritized these findings as top-level concerns in the roadmap. Section III – Federal Award Findings and Questioned Costs (Continued) 2023 – 001 (Continued) Views of responsible officials (Continued) In the upcoming Fiscal Year 2024 (FY24), LLCC commits to diligently implementing the roadmap, with a focused emphasis on the following key areas: 1. Implementation and Periodic Review of Access Controls: The IT Security and Assurance Manager will lead efforts to establish robust access controls and ensure regular reviews to align with compliance requirements. 2. Encryption of Customer Information: Although informal procedures are in place, a comprehensive strategy for encrypting customer information both within the College’s system and during transit will be implemented to safeguard sensitive data. 3. Security Assessment of Applications: Rigorous evaluations, assessments, and testing procedures for applications transmitting sensitive information will be instituted to bolster the overall security posture. 4. Anticipation and Evaluation of System Changes: Proactive measures will be taken to anticipate and evaluate changes to the information system or network, ensuring a proactive stance against potential vulnerabilities, including the development of a formalized change management process. 5. Regular Testing and Monitoring: LLCC is committed to instituting regular testing, monitoring, and assessing protocols for established safeguards to ensure their ongoing effectiveness. 6. Implementation of Policies and Procedures: Policies and procedures will be refined and enforced to guarantee that personnel can effectively enact the information security program. 7. Monitoring Information System Service Providers: Development of a comprehensive approach to monitoring the College’s information system service providers has been initiated and will be established to ensure compliance with security standards. Lincoln Land Community College views this as an opportunity for continuous improvement and remains dedicated to upholding the highest standards of information security. The commitment to addressing these findings is integral to our ongoing efforts to safeguard sensitive information and maintain compliance with regulatory requirements.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-002
2023 – 002 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Federal Compliance Requirements require that all students leaving a financial aid program be provided exit counseling for the student to review loan information. Condition: During our testing, we noted 1 out of 40 students tested who withdrew but did not receive any exit counseling, as required. Questioned costs: None Context: It was noted that 1 out of 40 students tested did not receive the appropriate exit counseling for financial aid as required after withdrawing from the College. Cause: An information technology (IT) issue resulted in the counseling never being sent. The college has since fixed the issue with their IT department. Effect: The College did not comply with Department of Education (ED) regulations by offering exit counseling to all applicable students. Repeat finding: No Recommendation: We recommend that the College reviews its process to ensure all students receive the appropriate counseling. Views of responsible officials: The Financial Aid Office worked with the Information Technology department to determine the issue with the exit conference report and had corrected it.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.
Finding 2023-003
2023 – 003 Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: 84.007 (Federal Supplemental Educational Opportunity Grants Program), 84.033 (Federal Work Study Program), 84.063 (Federal Pell Grant Program), 84.268 (Federal Direct Student Loans Program) Federal Award Identification Number and Year: N/A; 2022-2023 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 – June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: Department of Education requires that all checks outstanding related to financial aid payments to students which are more than 240 days outstanding be returned to the Department of Education. Condition: During our testing, we noted 5 checks for students totaling $10,242 written for federal financial aid amounts that were outstanding for more than 240 days. Questioned costs: $10,242 Context: As it relates to outstanding checks over 240 days, tt was noted that the College did not have a proper procedure in place for returning funds to the Department of Education. Cause: The College did not have a process in place to ensure outstanding checks over 240 days old are returned to the Department of Education. Effect: The College did not comply with Department of Education (ED) regulations and did not return outstanding checks more than 240 days old. Repeat finding: No Recommendation: We recommend the College reevaluate its procedures and review policies surrounding the return of checks over 240 days old that specifically relate to student financial aid payments. Views of responsible officials: The College has created procedures to review outstanding checks monthly. Outstanding checks that are not resolved after several notifications to the student will be returned to the Department of Education. Checks will be returned within four months of the initial check issued date.