FAC Explorer

Audit 6549

FY End
2023-06-30
Total Expended
$5.32M
Findings
16
Programs
6
Organization: Centenary College of Louisiana (LA)
Year: 2023 Accepted: 2023-12-13
Auditor: Forvis LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
4220 2023-001 Significant Deficiency - N
4221 2023-001 Significant Deficiency - N
4222 2023-001 Significant Deficiency - N
4223 2023-001 Significant Deficiency - N
4224 2023-002 Significant Deficiency - N
4225 2023-002 Significant Deficiency - N
4226 2023-002 Significant Deficiency - N
4227 2023-002 Significant Deficiency - N
580662 2023-001 Significant Deficiency - N
580663 2023-001 Significant Deficiency - N
580664 2023-001 Significant Deficiency - N
580665 2023-001 Significant Deficiency - N
580666 2023-002 Significant Deficiency - N
580667 2023-002 Significant Deficiency - N
580668 2023-002 Significant Deficiency - N
580669 2023-002 Significant Deficiency - N

Programs

ALN Program Spent Major Findings
84.268 Federal Direct Student Loans $3.71M Yes 2
84.063 Federal Pell Grant Program $1.02M Yes 2
84.038 Federal Perkins Loan Program $346,506 Yes 0
84.033 Federal Work-Study Program $142,182 Yes 2
84.007 Federal Supplemental Educational Opportunity Grants $59,576 Yes 2
47.074 Biological Sciences $33,124 - 0

Contacts

Name Title Type
JHPKSRLSJWW3 Robert Blue Auditee
3188695127 Sara Grenier Auditor
No contacts on file

Notes to SEFA

Title: Basis of Presentation Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if any, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The accompanying schedule of expenditures of federal awards (the Schedule) includes the federal award activity of Centenary College of Louisiana (College) under programs of the federal government for the year ended June 30, 2023. The information in this Schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Because the Schedule presents only a selected portion of the operations of the College, it is not intended to and does not present the financial position, changes in net assets or cash flows of the College.
Title: Federal Loan Programs Accounting Policies: Expenditures reported on the Schedule are reported on the accrual basis of accounting. Such expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. Negative amounts shown on the Schedule, if any, represent adjustments or credits made in the normal course of business to amounts reported as expenditures in prior years. De Minimis Rate Used: N Rate Explanation: The College has elected not to use the 10 percent de minimis indirect cost rate allowed under the Uniform Guidance. The federal loan programs listed subsequently are administered directly by the College, and balances and transactions relating to these programs are included in the College's financial statements. Loans outstanding at the beginning of the year are included in the federal expenditures presented in the Schedule. There were no loans made during the year ended June 30, 2023. The balance of loans outstanding at June 30, 2023, consists of: 84.038 Federal Perkins Loan Program $136,338

Finding Details

Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-001
Criteria or specific requirement – Special Tests and Provisions – Return of Title IV Funds (34 CFR 668.22(a)(1) through (a)(5) Condition – The College’s internal controls did not ensure the calculation of amounts to be returned to the U.S. Department of Education were correct and were performed timely. Questioned costs - $0 Context – Out of the population of 21 students who withdrew during the year and were awarded federal aid, 3 were selected for testing. Our sampling method was not, and was not intended to be, statistically valid. Total days in the semester for one of the withdrawals tested was calculated incorrectly and the withdrawal date that was used for one student was incorrect. Effect – More Title IV funds were returned to the U.S. Department of Education than required. Cause – The College’s internal controls did not ensure proper identification of withdrawal dates for unofficial withdrawals, nor did they ensure proper inputting of semester information into the calculation of returns of Title IV funds based on total days in the semester and total days attended. Identification of repeat finding, if applicable – N/A Recommendation –The College should update their controls to ensure that the total days in the semester are calculated correctly based on proper identification of withdrawal dates for unofficial withdrawals and total days attended by students are calculated correctly. Views of responsible officials and planned corrective actions – This finding is in reference to an R2T4 miscalculation for a graduate student enrolled in our MBA Program for the 2022-23 academic year. BACKGROUND: The Financial Aid Director has historically been the person to input semester/session beginning and ending dates into our CRM system (Banner ERP). The reason for this is because the financial aid office needs these exact dates in the system at least six months before any other department needs them. EXPLANATION: The MBA Program consists of five, 10-week sessions in an academic year. Since the inception of this program, the beginning and end dates of these sessions have been the same (within a few days). In particular, the “Winter I” session dates have historically started around the middle of October and ended the first week of January. It seems that the MBA Program Director decided to change the end date of this particular session from the first week of January to the third week of December for the 2022-23 academic year. The Financial Aid Director did not receive a communication of this change. It was included in the 2022-23 MBA Catalog. Entering the incorrect ending date for this session was the error of the Financial Aid Director. PLANNED CORRECTIVE ACTION: The Financial Aid Director will no longer enter the dates of semesters/sessions in the Banner ERP system. The Registrar will assume responsibility for this task and work in conjunction with directors of Financial Aid and the MBA program to ensure term dates are established when needed and accurately maintained.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.
Finding 2023-002
Criteria or specific requirement – Special Tests and Provisions – Gramm-Leach-Bliley Act (16 CFR 314) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (GLBA) because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition – The College must have a written information security program that addresses the required minimum seven elements. Questioned costs - $0 Context – The College is in the process of performing a risk assessment that will be used to generate the written information security program. The College has designated their Chief Information Officer as the qualified individual responsible for implementing and monitoring their information security program. They have started addressing the additional six required elements, including reviewing access controls, implementing multi-factor authentication for students, disposing of student information securely, and performing annual penetration testing but they are still in the process of reviewing the log for unauthorized access, implementing multi-factor authentication for staff and faculty with access to student information, implementing policies and procedures to ensure that personnel are able to enact the information security program and encrypting all information on the institution’s system and when it’s in transit. Effect – The College did not implement the revised GLBA regulations by the required date. Cause – The College’s controls did not ensure the revised GLBA regulations were implemented by the required date. Identification of repeat finding, if applicable – N/A Recommendation –The College should complete the risk assessment and implement a written information security program and ensure the additional six required GLBA elements are included in the program. Views of responsible officials and planned corrective actions – The College will continue to make progress of meeting the federal standards related to the GLBA security program. The college expects to at minimum 80% in compliance by the end of FY24 and in full compliance by the end of FY25. The college will prioritize key elements such as reviewing access controls, implementing multi-factor authentication for the campus, disposing of student information securely, performing annual penetration testing, and encrypting all the institution's information.