FAC Explorer

Audit 7540

FY End
2023-06-30
Total Expended
$59.47M
Findings
10
Programs
22
Organization: Yosemite Community College District (CA)
Year: 2023 Accepted: 2023-12-19
Auditor: Crowe LLP

Organization Exclusion Status:

Findings

ID Ref Severity Repeat Requirement
5634 2023-001 Significant Deficiency - P
5635 2023-001 Significant Deficiency - P
5636 2023-001 Significant Deficiency - P
5637 2023-001 Significant Deficiency - P
5638 2023-001 Significant Deficiency - P
582076 2023-001 Significant Deficiency - P
582077 2023-001 Significant Deficiency - P
582078 2023-001 Significant Deficiency - P
582079 2023-001 Significant Deficiency - P
582080 2023-001 Significant Deficiency - P

Programs

ALN Program Spent Major Findings
84.063 Federal Pell Grant Program $27.57M Yes 1
93.575 Child Care and Development Block Grant $2.92M - 0
21.027 Coronavirus State and Local Fiscal Recovery Funds $1.28M - 0
84.007 Federal Supplemental Educational Opportunity Grants $1.15M Yes 1
84.048 Career and Technical Education -- Basic Grants to States $792,815 - 0
84.047 Trio_upward Bound $571,367 - 0
84.042 Trio_student Support Services $535,667 - 0
84.425 Covid-19 - Education Stabilization Fund $501,727 Yes 0
84.044 Trio_talent Search $382,640 - 0
84.033 Federal Work-Study Program $372,876 Yes 1
84.268 Federal Direct Student Loans $285,550 Yes 1
84.066 Trio_educational Opportunity Centers $220,877 - 0
84.031 Higher Education_institutional Aid $203,867 - 0
93.576 Refugee and Entrant Assistance_discretionary Grants $157,549 - 0
96.658 Foster Care $155,797 - 0
93.558 Temporary Assistance for Needy Families $148,927 - 0
10.558 Child and Adult Care Food Program $58,796 - 0
11.307 Economic Adjustment Assistance $39,009 - 0
93.364 Nursing Student Loans $19,885 Yes 1
93.778 Medical Assistance Program $7,176 - 0
64.120 Post-Vietnam Era Veterans' Educational Assistance $4,530 - 0
10.665 Schools and Roads - Grants to States $1,022 - 0

Contacts

Name Title Type
DLVKVBMZME64 Trevor Stewart Auditee
2095756531 Jennifer Richards Auditor
No contacts on file

Notes to SEFA

Title: NOTE 1 - PURPOSE OF SCHEDULES Accounting Policies: Schedule of Expenditures of Federal Awards: The Schedule of Expenditures of Federal Awards includes the federal award activity of Yosemite Community College District, and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. De Minimis Rate Used: N Rate Explanation: The District has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance. Schedule of Expenditures of Federal Awards: The Schedule of Expenditures of Federal Awards includes the federal award activity of Yosemite Community College District, and is presented on the accrual basis of accounting. The information in this schedule is presented in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Expenditures are recognized following the cost principles contained in the Uniform Guidance, wherein certain types of expenditures are not allowable or are limited as to reimbursement. The District has elected not to use the 10-percent de minimis indirect cost rate allowed under the Uniform Guidance.

Finding Details

Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.
Finding 2023-001
FINDING 2023-001 – Controls and Noncompliance Related to Student Information Security Federal Department: Department of Education CFDA Number(s): 84,003, 84.063, 84.007, 84.268, 93.364 Program Name(s): Student Financial Aid Cluster Questioned Costs: None Criteria Special Tests and Provisions - Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach- Bliley Act (“GLBA”) (Public Law 106-102) requires financial institutions to explain their information sharingpractices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to GLBA (16 CFR 313.3(k)(2)(iv)). Under an institution’s Program Participation Agreement with the Department of Education and the GLBA, institutions must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal financial aid programs. Institutions are required to designate a qualified individual responsible for implementing and monitoring the institution's information and security program. Additionally, the District is required to maintain written security program that addresses the minimum elements required by GLBA. Condition Yosemite Community College District (the “District”) did not have a designated individual responsible for implementing and monitoring the institution’s information and security program and did not have a written security program in place that addresses the minimum required elements under GLBA. Questioned Costs None noted. Context During inquiries with management, management established that there was not a designated individual responsible for implementing and monitoring the institutions information and security program, and there is not currently a written security program in place that addresses the minimum required elements under GLBA. However, management indicated that there were no data breaches or instances of the District’s information systems being compromised during the audit period. Effect Risks pertaining to Student Information Security may not be identified and/or addressed. Cause Turnover in the Information Systems department and a vacant role have caused a lack of available resources for purposes of appointing a designated individual and implementing GLBA compliant policies and procedures. Identification as a Repeat Finding, if Applicable Not applicable Recommendation We recommend that the District designate a qualified individual responsible for implementing and monitoring the institution's information and security program, and to develop and maintain written security program that addresses the minimum elements required by GLBA. Views of Responsible Officials and Planned Corrective Actions See Corrective Action Plan.