FAC Explorer

Audit 5338

FY End
2023-06-30
Total Expended
$11.85M
Findings
28
Programs
10
Organization: Northwestern College (IA)
Year: 2023 Accepted: 2023-12-05
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
3407 2023-001 Significant Deficiency - N
3408 2023-001 Significant Deficiency - N
3409 2023-001 Significant Deficiency - N
3410 2023-001 Significant Deficiency - N
3411 2023-001 Significant Deficiency - N
3412 2023-001 Significant Deficiency - N
3413 2023-001 Significant Deficiency - N
3414 2023-002 Significant Deficiency - N
3415 2023-002 Significant Deficiency - N
3416 2023-002 Significant Deficiency - N
3417 2023-002 Significant Deficiency - N
3418 2023-002 Significant Deficiency - N
3419 2023-002 Significant Deficiency - N
3420 2023-002 Significant Deficiency - N
579849 2023-001 Significant Deficiency - N
579850 2023-001 Significant Deficiency - N
579851 2023-001 Significant Deficiency - N
579852 2023-001 Significant Deficiency - N
579853 2023-001 Significant Deficiency - N
579854 2023-001 Significant Deficiency - N
579855 2023-001 Significant Deficiency - N
579856 2023-002 Significant Deficiency - N
579857 2023-002 Significant Deficiency - N
579858 2023-002 Significant Deficiency - N
579859 2023-002 Significant Deficiency - N
579860 2023-002 Significant Deficiency - N
579861 2023-002 Significant Deficiency - N
579862 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $9.08M Yes 2
84.063 Federal Pell Grant Program $1.23M Yes 2
84.425 Education Stabilization Fund $569,484 - 0
84.038 Federal Perkins Loan Program $537,134 Yes 2
84.033 Federal Work-Study Program $158,455 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $138,772 Yes 2
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $119,399 Yes 2
84.334 Gaining Early Awareness and Readiness for Undergraduate Programs $15,000 - 0
47.049 Mathematical and Physical Sciences $4,274 - 0
84.063 Administrative Cost Allowance $1,480 Yes 2

Contacts

Name Title Type
YMK7VK3FKX47 Kent Wiersema Auditee
7127077121 Brenda Scherer Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The College has elected to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Northwestern College (the College) under programs of the federal government for the year ended June 30, 2023. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the College.
Title: FEDERAL LOAN PROGRAM Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The College has elected to use the 10% de minimis indirect cost rate as allowed under the Uniform Guidance. The Federal loan program listed subsequently is administered directly by the College, and balances and transactions relating to this program are included in the college’s financial statements. The balance of loans outstanding at June 30, 2023 and 2022, consists of: Federal Assistance Listing Number: 84.038, Program Name: Federal Perkins Loan Program, Outstancind balance as of: June 30, 2023 $537,134*, June 30, 2022 $890,934* *Balance on statement of financial position is less allowance.

Finding Details

Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-001
2023-001 Enrollment Reporting Federal Agency: Department of Education Federal Program: Title: Student Financial Assistance Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Code of Federal Regulations, 34 CFR 685.309 requires that enrollment status changes for students be reported to NSLDS within 30 days or within 60 days if the student with the status change will be reported on a scheduled transmission within 60 days of the change in status. Regulations require the status include an accurate effective date. In addition, regulations require that an institution make necessary corrections and return the records within 10 days for any roster files that don’t pass the NSLDS enrollment reporting edits. Condition: We noted, during our testing, that five out of 40 students tested whose enrollment status was not updated to graduate to NSLDS. Six out of 40 students tested enrollment status was reported timely. We also noted that 30 of the 40 students tested did not have effective dates in NLSDS compared to the institutions’ records. Lastly, for three of the 40 students tested, the program effective date did not agree in NSLDS to the institutions’ records. Questioned Costs: None Cause: The College’s processes and controls did not ensure that student status changes were properly and timely reported to NSLDS. Effect: The NSLDS system is not updated with the student information which can cause overawarding should the student transfer to another institution and the students may not properly enter the repayment period. Repeat Finding: No Recommendation: We recommend the College review its reporting procedures to ensure that students’ statuses are accurately and timely reported to NSLDS as required by regulations. Views of responsible officials and planned corrective actions: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023-002 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program: Student Financial Aid Cluster CFDA Numbers: 84.007 – Federal Supplemental Education Opportunity Grants 84.033 – Federal Work Study Program 84.038 – Federal Perkins Loans 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans 84.379 – Teacher Education Assistance for College and Higher Education Grants Award Period: July 1, 2022 through June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance and Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not prepare a formal risk assessment that addresses the three areas noted in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures and document safeguards for identified risks. Cause: The College has hired a consultant to help with and enhance the implementation of the updated Gramm-Leach-Bliley Act requirements and that didn’t occur until late in the 2023 fiscal year. Effect: The student personal information could potentially be vulnerable. Repeat Finding: No Recommendation: We recommend the College work with their consulting firm to review their documentation and ensure that there are documented safeguards for identified risks and the required documentation and practices are implemented. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.