Corrective Action Plans

Views of Responsible Officials and Planned Corrective Actions – The National Student Clearinghouse (NSC) Graduation Status submission calendar will be updated to reflect the necessary reporting timeline. The report will be completed after verification of graduation requirements and credentialing are completed in Colleague by the Registrar's Office. The Registrar and Associate Registrar complete different steps in the credentialing process, but will review the student records together to ensure accuracy and timely completion. Submission of graduation status to NSC will occur after each academic term (fall and spring semester, January and summer sessions).

Recommendation Test work on samples from both Portales and Roswell populations resulted in the identification of two possible issues related to incorrect calculations of aid to be returned to federal aid programs based on student’s complete withdrawal from the University. Contact was made with Ellucian/Banner customer support regarding the issue. Ellucian customer care subsequently verified a known issue within vendor software where the R2T4 calculation is incorrect when manual award adjustments or ‘locks’ are made to students who were not enrolled as full-time students when originally disbursed.   Management Response Corrective Action: In an immediate review of all students subject to return of funds calculations in both Banner instances for the 2022-2023 award year it was found that of the 322 (213 Portales/Ruidoso, 101 Roswell) students subject to Return of Title IV Funds, 17 students were identified where the calculation was incorrect, manual recalculation of funding is ongoing and will be handled within allowable timeframes with the business office. Although the software defect is present in both instances of banner no students at the Roswell campus were impacted as a result of procedural differences. Timeline of Corrective Action: Effective immediately the institution has implemented the recommended software vendor “work around”. In addition, all students enrolled less than full time will be monitored and calculations confirmed to ensure calculations are accurate. Responsible Party(ies): Financial Aid Directors – Portales and Roswell Campuses

Student Financial Assistance Cluster – Assistance Listing No. 84.268, 84.063, 84.007, 84.033, 84.379 Recommendation: We recommend that the University implement procedures to ensure that enrollment data, changes in status and effective dates within NSLDS match the records of the institution and are reported timely. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: EOU’s third party vendor, National Student Clearinghouse, has notified EOU of an additional reporting tab where a list of students who were on our degree report that was submitted, but for various reasons did not have a “Graduate” status applied to their record can be obtained. The Registrar’s office will access the report and manually update the student’s record. Moving forward, after our degree file is processed each term, we will review the students listed in this tab and manually update their status to match our records, so they will correctly and timely report to the National Student Loan Data System. Name(s) of the contact person(s) responsible for corrective action: Emily Sharratt Planned completion date for corrective action plan: February 9, 2024

Student Financial Assistance Cluster – Assistance Listing No. 84.063 Recommendation: We recommend the College review the current procedures for awarding Title IV funds and implement any changes necessary to ensure federal funds are awarded and disbursed in accordance with federal regulations. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Upon discovering that a student’s remaining Pell Grant LEU had not been rolled forward to the next term, it was immediately recalculated and disbursed. The process for calculating Pell is done in batch after each term has ended. Financial aid has added a reminder once per term to verify internally that the process has been run for the previous term, and any students with low LEU get their remaining eligibility rolled forward. If it has not been run, monitoring will continue until it is completed. Name(s) of the contact person(s) responsible for corrective action: Jason Hibbert Planned completion date for corrective action plan: March 22, 2024.

Criteria: The University is required to comply with the Gramm-Leach-Bliley Act (GLBA) section 16 CFR 314.4(b). Condition: A GLBA compliance risk assessment was not performed within the last fiscal year. Various vulnerability assessments have been conducted since 2020, however updated GLBA compliance guidance has more specific requirements for what must be performed as part of an IT risk assessment in order to identify reasonable, foreseeable internal and external risks to the security, confidentiality, and integrity of student information that addresses the following areas: a. Information systems, including network and software design, as well as information processing, storage, transmission and disposal. b. Detecting, preventing and responding to attacks, intrusions, or other systems failures. c. Documented safeguards for each identified risk. d. Appropriate mitigated risk levels for each identified risk. Updated GLBA guidance requires that a Qualified Individual who oversees the Information Security Program makes a written report to the Board of Trustees on the status of the Information Security Program at least annually. The University's Information Security Program and IT policies has four attributes that were not appropriately documented for GLBA compliance: a. Conduct a periodic inventory of data, noting where its collected, stored, or transmitted. b. Encrypt customer information on the University's system and when it's in transit. c. Assess apps developed by the University. d. Implement multi-factor authentication for anyone accessing customer information on the University's system. Cause: The University did not have controls in place to ensure all GLBA requirements were met. Effect: The University is not in compliance with GLBA requirements. Corrective Actions Taken or Planned: Items that have been resolved: a. Customer data, and backups of customer data, is now encrypted at rest and in transit. b. All users with access to customer data are required to use multi-factor authentication.c. The University password policy has been updated to strengthen passwords and increase minimum length to 12 characters with complexity. The University has also implemented a tool to block the reuse of compromised passwords from the HIBP database. Items to be resolved: a. An update on the University’s information security program draft has been shared with the Board of Trustees and a final report will be issued by February 1, 2024. b. The University has begun an inventory of customer data and systems storing customer data. The University does not have any University developed apps that handle or store customer data (this will be documented in the customer data inventory). This inventory will be completed by April 15, 2024. c. The University is evaluating proposals for an assessment to include a risk assessment and internal and external vulnerability scans. The IT risk assessment is planned to be completed by June 1, 2024. d. Updated GLBA policies, including a disaster recovery policy, will be completed by June 1, 2024 Person Responsible for Implementing Correction Action: Ezra Krumhansl, Chief Financial Officer Implementation Date: Through June 1, 2024

The University will add additional enrollment reports to our current schedule. This will allow for more frequent degree and enrollment reporting that will correct this type of reporting error in the future.

Subject: Corrective Action Plan for Title IV Federal Financial Aid Audit Finding Responsible Party: Jill Jonhson, Registrar, johnsoj@smcsc.edu 864-587-4232 We appreciate the opportunity to address the finding related to the untimely reporting of withdrawn and graduated students to the National Student Loan Data System (NSLDS) during the recent Title IV Federal Financial Aid audit. We acknowledge the importance of accurate and timely reporting and have taken immediate corrective actions to rectify the identified issue. 1. Root Cause Analysis: Upon investigation, we identified that the finding was a result of a recent change in the software system used for reporting data to the National Student Clearinghouse (Clearinghouse) which in turn is reported to NSLDS. This change led to a disruption in the timely reporting of students who withdrew or graduated from our institution. 2. Immediate Correction: As soon as the error was identified, our IT team worked promptly to update the system configuration. This correction ensured that all relevant data for withdrawn and graduated students was accurately pulled and submitted to Clearinghouse and NSLDS. 3. Verification and Submission: We have thoroughly reviewed the data to ensure that all students who withdrew or graduated during the audit period have been correctly reported to Clearinghouse. Subsequently, accurate information has been submitted to the NSLDS to fulfill reporting requirements. 4. System Enhancement: To prevent similar issues in the future, we have enhanced our system configuration. This includes implementing additional checks and validations to ensure that the reporting of withdrawn and graduated students is consistently accurate and timely. Our IT team, the Registrar's Office, and Financial Aid Director have conducted rigorous testing to verify the effectiveness of these enhancements. 5. Monitoring and Oversight: Going forward, we will establish a robust monitoring and oversight mechanism to regularly review the data reporting process. This proactive approach will help identify and address any potential issues before they impact compliance with NSLDS reporting requirements. We are confident that the corrective actions implemented will prevent a recurrence of this issue and enhance the accuracy and timeliness of our NSLDS reporting. We remain committed to maintaining the highest standards of compliance with federal regulations and appreciate your understanding in this matter.

Management is responsible for establishing a comprehensive information security policy to safeguard sensitive data. Personnel Responsible for Corrective Action: James Nelson, Chief Technology Officer, and Scott Fergerson, Chief Business Officer Anticipating Completion Date: The corrective action plan will be implemented by June 30, 2024. Corrective Action Plan: Management will continue to implement the remainining compliance required into a comprehensive policy.

Name of Responsible Individual: James Slizewski, Registrar and Director of Institutional Research Corrective Action: The University will make sure that all students who earn a “G” status of graduated are reported correctly to National Student Clearinghouse, and then to NSLDS. This will include all students who are in certificate programs that earn a credential and are graduated. Anticipated Completion Date: Fall 2024

Name of Responsible Individual: Jane Wang, Controller and Melissa Walsh, Director of Financial Aid Corrective Action: Students are awarded Federal Work Study based on financial need and their indication on the FAFSA that they are interested in Federal Work Study. Sometimes, students indicate they are not interested in Federal Work Study but end up pursuing campus employment. In these cases, we have re-allocated some students’ earnings to Federal Work Study if they remained eligible. Beginning with the 2024-2025 school year, all eligible students will be awarded Federal Work Study, regardless of their expressed interest. This will minimize the need to re-allocate funding between campus employment and Federal Work Study funding sources. Additionally, the Payroll department will enhance scrutiny and review within the federal work-study payroll process to ensure timely receipt of supporting documents for re-allocation and rectification of any errors before payroll processing. Anticipated Completion Date: Fall 2024

Name of Responsible Individual: Melissa Walsh, Director of Financial Aid Corrective Action: Campus Logic is used to send financial aid award letters to full-time undergraduate students. Part-time and graduate students fill out an institutional application, upon which their financial aid is based. These students have typically been sent an email directing them to view their aid on the Self-Service portal when their application has been reviewed. Through Self-Service, students have the ability to accept or decline their loans. Starting with the 2024-2025 school year, an award letter will be sent from Campus Logic to this population as well. They will no longer be sent an email directing them to Self-Service. Anticipated Completion Date: Fall 2024

Name of Responsible Individual: Sarah Tomlinson, Director of Student Accounts Corrective Action: Changing from manually pulling loan disbursement lists from the Ellucian Colleague system using the TFAR report to setting up Communications Management within the Colleague system so that the notifications are automatically emailed, and no manual intervention is needed. Working with our Information Technology services. Anticipated Completion Date: Spring 2024

Condition: Sinclair Community College did not report student status changes timely and accurately for certain students who withdrew and graduated during the year. Planned Corrective Action: Sinclair Community College will perform a comprehensive review of Enrollment Reporting to the National Student Loan Data System by way of the National Student Clearinghouse. This will include a review of enrollment reporting processing, personnel responsibilities, system modifications, and make all necessary revisions to workflows to prevent future occurrence of this finding. A review of activity prior to implementation of revised procedures will be conducted and any exceptions will be documented and corrected. Contact person responsible for corrective action: Dr. Tina L. Hummons, Registrar, Office of Registration & Student Records Anticipated Completion Date: 12/31/2023

Management understands this finding and has made all corrections to the identified records. The University will review and revise procedures where necessary, specific to the withdrawal of students and the updating of records in NSLDS, to act with certainty so that dates match across all areas of campus and that the program withdrawal date is updated along with the financial aid withdrawal date.

Management understands the finding and has already established new procedures for the required monthly reconciliation. The reconciliation process will be comleted each month upon receipt of the SAS. The Financial Services Office will use a PowerFAIDS consultant to update settings in the PowerFAIDS system so that all SAS reconciliation documentation will be kept as opposed to deleted after 90 days. A complete reconciliation of 2022-2023 Title IV aid will be done to ensure accuracy of all aid.

Management has maintained communication with the ESF Reporting Helpdesk. Year Three remains closed at this time but should it be reopened Management will provide the additional data requested. In June 2023, the remaining grant funds were drawn down and a quarterly report was both submitted to the Department of Education and posted to the College’s website. The Fourth Annual Report covering the calendar 2023 reporting period will be due in early 2024. This will be the final report as both the Emergency Financial Aid and Institutional grants are now closed. Management will complete and submit the annual report when the website is functional.

The auditors observed the following conditions in connection with our testing of the various U.S. Department of Education, Title IV, Student Financial Assistance Programs. • The College had differences in the following programs, which were not reconciled to the general ledger: Federal Pell Grant and Federal Direct Student Loans. The college should implement corrective actions to ensure that the above findings are resolved and will not reoccur in future periods. The College’s Corrective Plan: The College accepts the auditor’s recommendations and will establish procedures going forth to ensure that Financial Aid and Business Office staff identify and correct any differences between the programs and the general ledger.

2023-002 Student Financial Assistance Cluster – Federal Assistance Listing Numbers 84.063, 84.268 Recommendation: We recommend the College evaluate its policies and procedures in overseeing submissions to the NSLDS. In addition, we recommend the College review its policies and procedures on reporting enrollment information to the NSLDS to ensure all relevant information is being captured on reports utilized to submit data to the NSLDS. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Registrar’s office has contacted the SIS vendor, Ellucian, to report this issue. Ellucian has acknowledged that the inconsistency in the graduation dates is a result of a defect in the software. They have created a defect report to this effect. The Registrar’s office will spot-check graduation dates on the NSC report. The Registrar’s office will also research the feasibility of standardizing graduation dates across the board. This would entail additional manual intervention which the office is striving to move away from. Names of the contact persons responsible for corrective action: Usha Jenemann, Associate Registrar and Kristen Smith, Registrar Planned completion date for corrective action plan: Fall 2024

Department of Education 2023-001 Student Financial Assistance Cluster – Federal Assistance Listing Numbers 84.007, 84.033, 84.038, 84.063, 84.268 Recommendation: We recommend the College evaluate its policies and procedures surrounding the completion of R2T4 calculations to ensure scheduled breaks are properly factored into calculations. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Swarthmore College utilizes the Return of Title IV Funds Calculation Web Tool available through the Department of Education’s (DOE) Common Origination and Disbursement (COD) site to calculate the amount of federal funds needing to be returned to the DOE when a student withdraws during a semester. Upon the withdraw of an eligible student, two Financial Aid professionals review the calculation of the return of Title IV funds. In addition, Financial Aid will have two professionals review the initial set up of semesters, dates and cost configurations in the COD Return of Title IV Funds Calculation Web Tool. Please note, each year, Swarthmore College has less than five students withdraw resulting in a return of Title IV Funds Calculation. The 2022-23 finding impacted three students with less than $100 of Title IV funds per student returned to the DOE. Name of the contact person responsible for corrective action: Judy Strauser, Director of Operations, Financial Aid Planned completion date for corrective action plan: Fall 2024

Corrective Action Planned: As soon as the improper calculation was brought to the attention of the College, all fourteen students for whom a Spring Return of Title IV calculation was performed, had their R2T4s recalculated. Going forward, the Assistant Vice President of Financial Aid (Asst. VP) will review the academic year calendar and determine the start and end dates of each term and each break in attendance. The Asst. VP will enter the appropriate dates into the PowerFAIDS Administration POEs and Budgets module. The Associate Director of Financial Aid (Associate Director) will then review the academic calendar and confirm that the dates entered into the PowerFAIDS Administration POEs and Budgets module are accurate. An email will be sent from the Associate Director to the Asst. VP for record keeping and confirmation of the review. In addition, for a student who may be eligible for a post withdrawal disbursement, the Associate Director will calculate the amount to be disbursed and then the Asst. VP will confirm the amount to be disbursed at the time the disbursement is authorized. The College believes this two‐step confirmation approach will reduce the likelihood of an error moving forward. Names of Contact Persons Responsible for Corrective Action: Paula Lehrberger, Assistant Vice President of Financial Aid and Wendy Kern, Associate Director of Financial Aid Anticipated Completion Date: September 19, 2023

Personnel Responsible for Corrective Action Plan: Eva Painter – Director of Institutional Research Anticipated Completion Date: February 15, 2024 Corrective Action Plan Context - As is noted in the original finding, the Institution submitted all enrollment and degree verify files to servicer (National Student Clearinghouse) according to the transmission schedule. After reviewing the timeline and files noted in the finding, it appears that the subsequent enrollment file was sent to National Student Clearinghouse on 5/16/23, which was consequently, prior to the Registrar completing process to roll students who graduated to a “G” status. Therefore, only some of our graduates were noted as “G” status in the May Enrollment Transmission. These students that were included were reported to NSLDS with a “G” status within the prescribed time period. All graduates were included in the Degree Verify transmission later in May; however, our institution does not participate in the Clearinghouse service to automatically roll degree verify transmissions to G status. Furthermore, the following scheduled enrollment transmission in July also included all of the Graduated students as a G status, but it was not received by NSLDS within the 60-day window. It is clear that the transmission schedule needs to be edited to avoid future issues. Additionally, this finding has also shed light on the need for a clear policy on the window in which we will allow students to reverse transfer back credit, should they want to be considered graduated in the same term they were last enrolled. The director of institutional research therefore recommends two action plan items and a set of best practices to follow on a continual basis. Corrective Action Items: 1. Review and edit the Clearinghouse Transmission Schedule The submission calendar will be reviewed by both the director of institutional research and the registrar to ensure the scheduled enrollment transmissions following graduation are scheduled so that there is enough time to roll all students to G status, but also that it will be received by NSLDS within 60 days. It will be recommended that all enrollment transmissions following a scheduled graduation be transmitted by the 30th of the month graduation took place and within 14 to 16 days. For example, a transmission will be submitted by the 30th of May following a May 11th graduation. 2. Develop and Codify Reverse Transfer Policy Best Practices The Registrar and Director of Institutional Research will develop a Reverse Transfer Policy and submit to Chief Academic Officer for approval. The policy will recommend that students who wish to receive a graduation award for a graduation date that falls within their last semester attended must submit any necessary reverse transfer credit within 14 business days (excluding holidays) “of the concurred graduation date of that semester. Should the student submit reverse transfer credit after that window, the student’s graduation date will reflect that of the following concurred graduation date. Ongoing Best Practice Protocols to be immediately implemented: 1. The Director of Institutional Research will confer with Registrar to ensure all graduates have been rolled over to g status prior to sending the enrollment transmission to Clearinghouse. 2. Upon receiving any reverse transfer credit, the Registrar will notify the Director of Institutional Research, so that the student can be manually changed to “G” status in the Clearinghouse System.

CORRECTIVE ACTION: THE UNIVERSITY CURRENTLY USES AN AUTOMATED WITHDRAWAL PROCESS FOR MAIN-CAMPUS UNDERGRADUATE STUDENTS. TO REMAIN COMPLIANT WITH RETURN OF TITLE IV REGULATIONS, THE OFFICE OF FINANCIAL AID WILL ENGAGE WITH ALL ACADEMIC LEVELS AND DEPARTMENTS ON CAMPUS AND ENCOURAGE THE USE OF THE AUTOMATED WITHDRAWAL PROCESS. THIS WILL ENSURE THE OFFICE OF FINANCIAL AID IS MADE AWARE WHEN A STUDENT IS NO LONGER ATTENDING THE UNIVERSITY AND CAN PROCESS THE R2T4 WITHIN REQUIRED TIMELINES. ANTICIPATED COMPLETION DATE: MAY 31, 2024. INDIVIDUALS RESPONSIBLE FOR CORRECTIVE ACTION PLAN: PRESTON DODSON, DIRECTOR OF FINANCIAL AID.

To ensure that student enrollment statuses are updated following any change in full time enrollment status, the University of Lynchburg is implementing a new Student information system (Ellucian Colleague) that will automate the management of student statuses based on NSLDS parameters and guidelines. The new system will drastically reduce the previous needs for the manual monitoring of student statuses. This new system will be fully implemented by August 2024. In the interim, the Registrar's Office is stepping up its efforts to ensure that the current manual monitoring process is effective.

Management determined the root cause of errors in the date of determination that the student withdrew (determination date), which ultimately led to funds not being returned within 45 days, was due to a process error. The old process relied on the Registrar's Office to provide the actual date to use (through a Withdrawal Report). It was discovered that with only one date able to be captured in the current (antiquated) ERP that the Date of Withdrawal was the only date provided. In the short term, this is being resolved by the Registrar's Office directly notifying the Financial Aid Office with both dates (not relying on a withdrawal report): Date of Withdrawal and Date of School's Determination. Beginning 2024 5 a new ERP will be in place that will allow both dates to show in the Financial Aid R2T4 module immediately as reported from the Registrar's Office.

Student Financial Aid Cluster – Federal Assistance Listing Numbers 84.007, 84.033, 84.063 and 84.268 Auditors’ Recommendation: We recommend the University review its policies and procedures related to outstanding student refund checks to ensure they are being returned to the Department of Education after 240 days. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The University has developed a policy to identify uncashed Title IV refund checks prior to the 240-day expiration date. The policy includes steps to contact students whose checks did not clear and to return the funds to the Department within 240 days after the issue date of the check. The procedures will ensure that reviews are completed and returned timely according to applicable regulations. Name(s) of the contact person(s) responsible for corrective action: Cynthia McDaniel, Controller, (201) 761-7424 Planned completion date for corrective action plan: Completed