FAC Explorer

Audit 6239

FY End
2023-06-30
Total Expended
$2.48M
Findings
6
Programs
5
Organization: Summit Academy Oic (MN)
Year: 2023 Accepted: 2023-12-12
Auditor: Cliftonlarsonallen LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
3966 2023-001 Significant Deficiency - N
3967 2023-001 Significant Deficiency - N
3968 2023-001 Significant Deficiency - N
580408 2023-001 Significant Deficiency - N
580409 2023-001 Significant Deficiency - N
580410 2023-001 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $1.38M Yes 1
84.425 Education Stabilization Fund $862,919 Yes 0
17.289 Community Project Funding $179,660 - 0
84.007 Federal Supplemental Educational Opportunity Grants $37,250 Yes 1
84.033 Federal Work-Study Program $9,017 Yes 1

Contacts

Name Title Type
KXGJA3KKGHP4 Marc Carrier Auditee
6122785282 Daniel R. Persaud, CPA Auditor
No contacts on file

Notes to SEFA

Title: BASIS OF PRESENTATION Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The Organization has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The purpose of the schedule of expenditures of federal awards (the Schedule) is to present a summary of those activities of Summit Academy OIC that have been financed by the United States government (federal awards). Federal awards received directly from federal agencies are included in the Schedule, as are federal guaranteed loans disbursed by other sources. Additionally, all federal awards passed through from other entities have been included in the Schedule. The Organization is required to match certain grant agreements, as defined in the grants, and these matching amounts are not included in the Schedule. The information in the Schedule is presented in accordance with requirements of 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the Organization, it is not intended to and does not present the financial position, changes in net assets, or cash flows of Summit Academy OIC.

Finding Details

Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.
Finding 2023-001
2023 – 001: Gramm-Leach-Bliley Act (GLBA) and Information Security Federal Agency: Department of Education Federal Program Title: Student Financial Aid Cluster – Various Assistance Listing Numbers: Various Federal Award Identification Number and Year: Various Pass-Through Agency: N/A Pass-Through Number: N/A Award Period: July 1, 2022, through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control Over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The written information security program (WISP) for institutions with fewer than 5,000 customers must address seven elements (16 CFR 314.3(a) and 16 CFR 314.6). The elements that an institution must address in its written information security program are at 16 CFR 314.4. At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Condition: During our testing, we noted several steps missing from the Written Information Security Program (WISP). Questioned costs: None Context: These new GLBA requirements were applicable beginning on June 9, 2023 and there were several elements missing from their WISP. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: Student personal information could be vulnerable. Repeat finding: No Recommendation: We recommend that the Academy review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.