FAC Explorer

Audit 5899

FY End
2023-05-31
Total Expended
$8.13M
Findings
24
Programs
7
Organization: Warner Pacific University (OR)
Year: 2023 Accepted: 2023-12-08
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
3742 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3743 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3744 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3745 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3746 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3747 2023-002 Significant Deficiency - ABCEFGHIJLMNP
3748 2023-003 Significant Deficiency - N
3749 2023-003 Significant Deficiency - N
3750 2023-003 Significant Deficiency - N
3751 2023-003 Significant Deficiency - N
3752 2023-003 Significant Deficiency - N
3753 2023-003 Significant Deficiency - N
580184 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580185 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580186 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580187 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580188 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580189 2023-002 Significant Deficiency - ABCEFGHIJLMNP
580190 2023-003 Significant Deficiency - N
580191 2023-003 Significant Deficiency - N
580192 2023-003 Significant Deficiency - N
580193 2023-003 Significant Deficiency - N
580194 2023-003 Significant Deficiency - N
580195 2023-003 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $5.48M Yes 2
84.063 Federal Pell Grant Program $1.45M Yes 2
84.425 Education Stabilization Fund $539,326 - 0
84.038 Federal Perkins Loan Program $394,063 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $152,714 Yes 2
84.033 Federal Work-Study Program $106,590 Yes 2
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $11,316 Yes 2

Contacts

Name Title Type
NSSLBY9PG9L5 Kevin Finn Auditee
5035171206 Brenda Scherer Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if applicable, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The University has not elected to use the 10-percent de-minimis indirect cost rate as allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Warner Pacific University (the University) under programs of the federal government for the year ended May 31, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the University, it is not intended to and does not present the financial position, changes in net assets, or cash flows of the University.
Title: FEDERAL STUDENT LOAN PROGRAM Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if applicable, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The University has not elected to use the 10-percent de-minimis indirect cost rate as allowed under the Uniform Guidance. The balance of loans outstanding at May 31, 2023 consists of: Progrm Title: Federal Perkins Loan Program Assistance Listing Nimber: 84.038 Amount Outstanding: $89,515

Finding Details

Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-002
2023 – 002 Internal Controls Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: Per federal regulations 200.303, a non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. In addition, per the student financial aid handbook, a school must ensure that its administrative procedures for the FSA programs include an adequate system of internal controls or checks and balances. Condition: During our compliance testing for eligibility, we noted there is not an individual review of students' award packages; however, we noted there were some mitigating controls within the student information system as well as monthly reconciliations that may catch various issues. In addition, we noted there is no review for return of title IV calculations. There is one individual performing these calculations. Lastly, we noted there is only one individual who is processing and reviewing professional judgment cases. Questioned costs: None Context: During our audit procedures, it was noted there are not sufficient checks and balances in place over a few compliance requirements. Cause: The University has not historically had review procedures in place. Effect: While we found no compliance errors in our samples, there is a risk of human error causing future compliance errors. Repeat finding: No Recommendation: We recommend the University review their internal control procedures over awarding, return of title IV calculations, and professional judgment and implement a formally documented review process. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-003
2023 – 003 Gramm-Leach-Bliley Act Federal Agency: Department of Education Federal Program Name: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted the University did not properly document safeguards for the identified risks in their risk assessment over the following areas in 16 CFR 314.4 (b) which are (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures. Cause: The University was not aware of the Gramm-Leach-Bliley Act requirements to document safeguards. Effect: The student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend the University review their documentation and ensure that there are documented safeguards for identified risks. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023. Views of responsible officials: There is no disagreement with the audit finding.