Corrective Action Plans

U.S. Department of Education Coastal Carolina University respectfully submits the following corrective action plan for the year ended June 30, 2025. Audit Period: July 1, 2024 - June 30, 2025 The findings from the schedule of findings and questioned costs are discussed below. The findings are numbered consistently with the numbers assigned in the schedule. FINDINGS - FINANCIAL STATEMENT AUDIT None noted FINDINGS - FEDERAL AWARD PROGRAMS AUDITS Department of Education 2025-001 National Student Loan Data System (NSLDS) Reporting Recommendation: We recommend the University review and update its policies and procedures to ensure all enrollment status changes are reviewed and submitted in a timely manner in accordance with federal requirements. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Corrective Action Plan: The University reviewed its reporting procedures for enrollment changes occurring after initial term reporting and implemented procedural changes to ensure timely updates. Anticipated Completion Date: Corrective action occurred prior to June 30, 2025. Name of Contact Person Responsible for the Corrective Action Plan: Stacy Wyeth, Registrar

The District has identified the issue and confirmed that enrollment records are now populating with the correct withdrawal dates. Moving forward, we will collaborate with Financial Aid and IT to implement a validation process. As part of this process, a sample of 20 students will be tested each reporting cycle to verify that dates reported to the National Student Clearinghouse (NSC) are accurately reflected in the National Student Loan Data System (NSLDS). To ensure continued compliance, the District will establish a new Enrollment Reporting Workgroup that will meet once per semester, following the submission of the second NSC report. This workgroup will review results of the sample testing, monitor reporting accuracy, and address any discrepancies promptly.

Recommendation: We recommend that the University establish procedures to ensure that FISAP is accurately presented. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: National University (NU) agrees with the importance of ensuring the accuracy of its data reported in the FISAP. The University will take the following steps to resolve the issue. NU identified a knowledge gap for the tuition and fees reporting required on the FISAP. Training will be conducted to review the requirements for reporting tuition and fees at the Undergraduate and Graduate levels, which are fully reconciled to the audited financial statements. In addition to the training, the University has implemented a secondary review of the calculation, which will be completed by the University controller prior to submission. Name(s) of the contact person(s) responsible for corrective action: - Robert Conlon, AVP Financial Aid Compliance - Christina Nowacki, Controller Planned completion date for corrective action plan: December 2025

Recommendation: We recommend that the University establish procedures to ensure that at least 7% of Federal Work Study allocation is used for community service jobs, including a reading tutor, or successfully receive a waiver. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: National University (NU) agrees with the importance of ensuring compliance with FWS community service requirements. The University implemented additional internal controls and policy changes to how it administers the FWS program and completes FISAP reporting to resolve this issue. During NU’s annual FISAP reporting process, it discovered that it had not met its FWS community service obligation. The University submitted a waiver, but it was denied. The University took immediate action to determine the cause of not meeting its FWS community service obligations. Community Partnership Management: National University previously had a partnership with Barrio Logan College Institute (BLCI) located in San Diego, CA. This partnership changed during the pandemic when all schools received a waiver for the community service requirement. In August 2024, Elyse Joiner, Director of Financial Aid Processing, again reached out to BLCI to reestablish a partnership. At that time, National was informed that the previous point of contact was no longer employed with BLCI, but the institute was still interested in partnering with National to meet the community service requirement for Federal Work Study. Ms. Joiner had several communications with BLCI to implement and finalize the setup of the reading and math tutors, with the only outstanding item related to the need for a virtual option. Unfortunately, communication between National University and BLCI ceased in April 2025 when National stopped receiving responses from BLCI to its inquiries. To establish another partnership, Ms. Joiner reached out to United Way of San Diego County to explore the possibility of establishing a reading or math tutor program with them but did not receive a response. Program Administration Change: Federal Work Study funds were budgeted to meet the University’s community service requirement; however, due to unforeseen circumstances and the efforts noted above, the University was unable to meet the 7% community service requirement. The University did have tutors available to the University community, but this did not fulfill the community service requirement. National University has since rectified this for the current aid year. The positions have been posted (R 2025 3051), and the University will have multiple FWS students at the Nest at Spectrum, offering tutoring services to both NU students and the public. The YMCA next to Spectrum will also be informed about the services to promote additional awareness within the local community. Additional opportunities are being actively explored within the Student Disability Services team and the Schools of Law & Public Service and Education. Steps taken to improve transparency and tracking: The University conducted a holistic review of the current FWS policies and procedures and has or will take the following steps: o Comprehensive training for administering the FWS program and Campus-Based Funding programs o Develop and implement an internal control plan that monitors FWS spending activity, allowing for the proactive identification of when the University should reallocate funds between campus-based programs. o Implemented quarterly calibration meetings between FWS/Operations leaders and HR to ensure its FWS program is on track to meet the FWS community service, literacy, and tutoring regulatory requirements. o Explore the expansion of community service relationships and opportunities within the Federal Work Study Program. Name(s) of the contact person(s) responsible for corrective action: - Alan Coddington, AVP Student Financial Services - Elyse Joiner, Director of Operations, Financial Aid Processing and Technical Solutions - Rob Conlon, AVP Financial Aid Compliance Planned completion date for corrective action plan: February 2026

Recommendation: We recommend the University establish and implement a contingency process to ensure enrollment reporting continues during system access disruptions. This process should include monitoring NSC access status and developing alternative procedures to prevent reporting gaps, ensuring that all student statuses are submitted accurately and within the required 60-day timeframe. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: National University agrees with the importance of ensuring accurate and timely enrollment reporting to NSLDS. The University has taken significant steps to improve its internal controls and compliance with enrollment reporting requirements. The University has identified a few items that have resulted in challenges to accurate and timely enrollment reporting during the audit year. National Student Clearing House (NSC) reporting: On October 18, 2024, the institution was notified by NSC that its access to process enrollment reporting on behalf of NU was revoked during July 2024, resulting in a reporting gap. The University took immediate action to restore access to NSC. Access issues were fully resolved on October 23, 2024. Additionally, NU revised its policies and implemented an internal control plan that monitors NSC activity allowing for proactive identification of future service interruptions. All 33 enrollment certification errors occurred during the disconnect noted above. The University believes its current enrollment certification processes are timely, accurate, and compliant. Timing of implemented enrollment reporting changes: During the audit period National University implemented several improvements to refine and enhance the timeliness of its enrollment reporting. NU established stronger alignment across both OPEIDs and adjusted its timelines to ensure consistent and timely submissions. As part of this effort, the University restructured its reporting schedule, so that finalized enrollment report is submitted by the 6th of each month, supporting a successful and expedited monthly transfer from NSC to NSLDS. Since implementing these revised timelines and deadlines, the University has observed significant improvements and consistency in its internal QA audit scores during the audit period (since January 2025). Four of the five late reporting instances occurred before the implementation date of the University’s enrollment reporting changes. The University believes its refined and enhanced process changes demonstrate its commitment to timely, accurate, and compliant enrollment certification processes. One of the five late reporting instances occurred after the implementation date, and that was related to the student’s status change from active, to pending graduate, to graduate, and then withdrawn. The University will evaluate its process for reporting student status changes from pending graduate, graduate, and withdrawal to ensure clear definitions and status flows are in place. The University will create and deliver focused training in this area to stress the importance of accurate enrollment reporting. In addition to the above, the University will continue to take the following steps: • Continued monitoring and refining of processes to maintain timely and accurate reporting. Including, but not limited to its monthly testing of enrollment reporting accuracy to NSLDS conducted by the quality assurance team. • Identification and timely delivery of training for areas of opportunity identified in the monthly reviews to the registrar and data operations teams. • Revise the internal changes and documentation processes to ensure clarity of policy and regulatory guidance in areas of identified risk/confusion during enrollment reporting processing. Name(s) of the contact person(s) responsible for corrective action: - Rob Conlon, AVP Financial Aid Compliance - Sarah Massey, AVP of Operations Student Support and Registrar Operations - Gabrielle Witruke, Associate Director Data Analytics Planned completion date for corrective action plan: November 2025

Recommendation: We recommend the University review the R2T4 requirements and implement adequate procedures to make sure that students that withdrew have a calculation performed. We also recommend the University to evaluate the R2T4 review process to ensure Title IV funds are returned timely. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The University agrees with the importance of ensuring that the return of Title IV funds (R2T4) calculation is performed both timely and accurately. The University has taken significant steps to improve its compliance with R2T4 requirements. These efforts have yielded improved results with the late return error rate decreasing year over year from 13% to 7%. The University will continue to monitor staffing levels and workload to ensure that staffing aligns with timeline requirements. The University’s Processing team will lead focused R2T4 training on topics related to areas of noncompliance. Additional topics will be identified throughout the year as trends are identified in the Quality Assurance Audit process. The following steps will be taken immediately to address finding 2025-001. - The Processing team will continue to conduct subject matter training monthly, prioritized as follows: o Post Withdrawal Disbursements (PWD) identification o Post Withdrawal Disbursement timeline requirements - A new weekly review will be implemented by quality assurance outside of the review completed by R2T4 leadership to test if processing specialists are accurately determining if an R2T4 is required and if a refund is needed for a withdrawn student. Results will be used to coach staff members as needed. The University’s Quality Assurance team will continue to conduct weekly R2T4 reviews to test the R2T4 calculation for accuracy, timeliness of funds returned, and verifying that all internal and external system inputs are completed correctly. Findings from the internal audits will inform ongoing training and remediation steps throughout the year. Name(s) of the contact person(s) responsible for corrective action: - Rob Conlon, AVP Financial Aid Compliance - Alan Coddington, AVP Student Financial Services - John Okel, Director of Operations, Financial Aid Processing Planned completion date for corrective action plan: January 2026

Finding 2025-002; Lehigh acknowledge that in two instances, Title IV credit balances were not refunded within the required 14-day timeframe. The two exceptions identified were isolated in nature and attributable to unique circumstances rather than systemic process failure. In the first instance, the student was enrolled in the summer term and their summer Pell Grant was not processed until October. As a result, the Title IV credit balance was created well after the end of the summer payment period, outside of our typical refund monitoring cycle for that term. In the second instance, the credit balance was identified within the 14-day requirement. However, the student had not enrolled in direct deposit through the eBill system. Lehigh contacted the student to obtain payment instructions. When no banking information was provided to Lehigh, a paper check had to be issued, which extended the disbursement timeline beyond the 14-day period. While these situations were atypical, we recognize the importance of ensuring timely disbursement regardless of individual circumstances. To strengthen controls, we continue to prioritize Title IV credit balance refunds over refunds resulting from institutional aid or other funding sources to ensure compliance with federal timelines. Although we continue our institutional practice of holding refunds until after the 10th day of class to account for schedule adjustments and enrollment changes, we will begin generating and reviewing credit balance reports earlier in the cycle to allow sufficient processing time. We will implement automated reporting to identify credit balances that occur after the end of an academic period. These reports will be sent to a shared bursar office email account rather than an individual staff member. This will ensure visibility and actionability even during staff absences, turnover, or non-workdays. Responsibility for monitoring and processing Title IV credit balances will be formally documented. Multiple staff members will be trained in the procedures to ensure appropriate backup coverage during employee absences, leave, or staffing transitions. Management will periodically review refund timelines to confirm adherence to procedures and verify that credit balances are disbursed within regulatory timeframes. We believe these corrective actions address the audit recommendation and will ensure timely and consistent processing of Title IV credit balance disbursements regardless of staffing availability.Name of contact person: Jennifer Mertz is the Assistant Vice Provost of Financial Services and Director of Financial Aid. Completion date: All of the control strengthening mechanisms and documentation will be complete by June 30, 2026.

Student Financial Assistance Cluster – Assistance Listing No. 84.007, 84.032, 84.033, 84.063 Recommendation: We recommend the University review its policies and procedures related to outstanding Title IV checks to ensure they are being returned to the Department of Education after being outstanding more than 240 days. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: La Salle University AVP/Controller and AVP/Student Financial Service have reviewed the finding related to the escheatment of Title IV student refunds and have implemented a formal step-by-step process and policy to ensure compliance going forward. The updated procedure outlines clear responsibilities, required timelines, and documentation standards for processing unclaimed refunds and escheating funds in accordance with federal and state regulations. Staff have been informed of the new process and will follow the documented policy moving forward. Name(s) of the contact person(s) responsible for corrective action: AVP/Controller, Viviana Yang and AVP/Student Financial Service, Michele McDevitt. Planned completion date for corrective action plan: March 31,2026

Student Financial Assistance Cluster – Assistance Listing No. 84.007, 84.063, 84.268 Recommendation: We recommend the University evaluate its procedures and policies to ensure correct dates are being used in the calculation and that it is reviewed for accuracy. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Selected semester-related values in our Student Information System (BANNER) will be reviewed for compliance with the official, stated values in the school’s academic calendar. Adjusting for Housing-related dates or potential extensions due to possible delays caused by uncontrollable events will not be included. Name(s) of the contact person(s) responsible for corrective action: Gerard Donahue, Registrar Planned completion date for corrective action plan: Corrected as of Summer 2026 (Fall 2025 and Spring 2026 are already in process as of this writing)

Student Financial Assistance Cluster – Assistance Listing No. 84.063, 84.268 Recommendation: We recommend the University evaluate its policies and procedures around reporting student status changes to the NSLDS to ensure that all relevant information is being captured and reported timely in accordance with applicable regulations. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: La Salle contractually relies on the National Student Clearinghouse (NSC) to conduct its enrollment reporting to NSLDS. While there has been closer adherence to the overall transmission schedule established with the NSC, and this covers enrollment reporting for the vast majority of our registered students, such was not always the case in prior semesters, and selected exceptional registration transactions are not directly reported when they actually occur, resulting in delays, until the next regularly scheduled transmission. Going forward, upon encountering these exceptional transactions, we will take steps to ensure reporting of individual enrollments to the NSC within 1-2 business days following the transaction’s occurrence. Name(s) of the contact person(s) responsible for corrective action: Gerard Donahue, Registrar Planned completion date for corrective action plan: Corrected as of Spring 2026 (Fall 2025 is already complete as of this writing)

Student Financial Assistance Cluster – Assistance Listing No. 84.063 Recommendation: We recommend the University evaluate its procedures and review policies in overseeing COD reporting to ensure timely reporting. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: La Salle University has developed a report that enables weekly auditing of the Pell-eligible student population to ensure accurate identification and timely submission for evaluation. This report will be monitored on an ongoing weekly basis to promptly detect and address any errors related to Pell eligibility. Name(s) of the contact person(s) responsible for corrective action: Michele McDevitt, Assistant Vice President for Student Financial Services Planned completion date for corrective action plan: Corrected as of Spring 2026 (Fall 2025 is already complete as of this writing)

Finding 2025-001 Condition Significant Deficiency – Disbursement/Refund of Credit Balances - Title IV regulations (34 CFR 668.164(h)(1) require that Title IV credit balances on student accounts be paid directly to the student as soon as possible but no later than 14 days after the credit balance occurred. A student or parent may authorize the Institution to hold the credit balance to be applied to specified other nontuition fees, room and board charges as noted in the regulations at (34 CFR 668.165(b)). The credit balance generated in the accounts of 2 out of 25 students tested was not timely refunded to them based on the outlined criteria, leading to late refunds to those students (neither of which completed a voluntary hold authorization). The sample was not a statistically valid sample. The College's payment process cycle is not set up to process refunds as soon as possible, which caused delays in refunds being made to students, resulting in a violation of the 14-day maximum policy. Corrective Action Plan Corrective Action Planned: The College acknowledges the untimely disbursement of Title IV credit balance refunds. We concur that, for 2 of the 25 student accounts reviewed, Title IV credit balances were not refunded within the 14-day period required under 34 CFR 668.164(h)(1). We further acknowledge that no valid student or parent authorization to hold these credit balances was on file, and therefore the refunds should have been issued promptly. The College completed an internal review and determined that the delays resulted from the structure of the existing payment processing cycle. Although the College’s processes emphasize careful reconciliation and verification of student account activity, the timing of our refund cycle was not aligned with the regulatory requirement. To remediate this deficiency and ensure full compliance going forward, the College is implementing the following corrective action: Revision of Federal Funds Disbursement Policies: The College is revising its policy governing the drawdown and disbursement of federal funds to align the timing of Title IV activity with the academic add/drop period. This change will ensure greater predictability of credit balance creation and enhance monitoring capabilities. The College is committed to strengthening its internal controls to ensure sustained compliance with all Title IV cash management regulations. Name(s) of Contact Person(s) Responsible for Corrective Action: Pat Tyler, Bursar and Destiny Guerrero, Director of Financial Aid. Anticipated Completion Date: May 2026 – next semester starting date

Personnel Responsible for Corrective Action: Dr. Tom Stuart, Associate Vice President of Student Financial Services Anticipated Completion Date: April 14, 2026 Corrective Action Plan: The corrective action plan includes the following: 1) With assistance from the NSC, the College established a second branch for EMBA reporting and submitted an out-of-cycle update for all EMBA students in the 2024-2025 population. Moving forward an EMBA enrollment report will be submitted at the start of each monthly term. 2) With regard to program length corrections we have confirmed program-level records in SIS reflect accurate published program lengths and units as well as updated the enrollment reporting parameters used for NSC. We will continue to monitor to ensure that the changes to the reporting parameters correct the program length errors.

Student Financial Aid Corrective Action Plan Institution Name: Southwestern University Audit/Review Period: FY 2024-2025 Date of Plan: Feb 4, 2026 Finding: 2025-001 Effect: The University did not report withdraw changes to the NSLDS timely. Recommendation: The University should put in place a process to timely capture student status changes so that they can be reported to the NSLDS. Management Response: The University concurs with this finding. University Corrective Action Plan: Every 30 days, the University reports updated student enrollment activity, encompassing attendance levels, graduation status, withdrawals, dropouts, and enrollment changes, to the National Student Loan Database System via the National Student Clearinghouse. Regrettably, during the 2024-25 academic year, an unforeseen error from the Clearinghouse resulted in the dissemination of incorrect enrollment statuses for a subset of our students. This oversight was beyond the Registrar's Office's knowledge, leading to an unintended delay in rectifying the reported statuses. We believe this Clearinghouse error was an isolated incident, having never occurred in any preceding academic year. The issue has been effectively resolved and should not recur in the future. Nevertheless, as a proactive measure, commencing with the 2025-26 academic year, the Financial Aid Office will collaborate with the Registrar's Office to review a representative sample of at least 10% of student records transmitted to the Clearinghouse. This review process will serve as an additional safeguard, ensuring the accuracy and timeliness of our reporting requirements.

February 18, 2026 2025 - 001 Federal Program - Student Financial Assistance Cluster - Asstance Listing Nos. 84.063, Federal Pell Grant Program and 84.268 Federal Direct Student Loans U.S. Department of Education Program Year 2024 - 2025 - Enrollment Reporting Summary of Findings: A student record graduation status was not reported correctly. The student was flagged by the Clearinghouse as not having a graduation status applied after the spring degree file submission, but that error was not resolved by the registrar. The failure to resolve this issue was due to staffing issues within the Office of the Registrar. Additionally, another student's withdrawal status was not reported correctly. This student submitted a complete withdrawal form prior to the end of the 2025 spring semester effective for the 2025 fall semester and had their program closed in the school's SIS after the spring semester ended. Students who separate from the university in between regular semesters, and who don't have enrollment in the non-standard summer term, need to be reported as withdrawn individually. Their status change will not be picked up by our normal enrollment process. Recommendations: Staffing issues may be problematic again in the future. Cross-training and adequate staffing is necessary to make sure enrollment reporting is finished in a timely manner. A change to how summer enrollment reporting is handled is necessary to ensure student status changes are reported correctly. Action taken in response to findings: The university has eliminated the hourly graduation specialist position and moved the resposibility for submitting and resolving errors on the degree file to the Associate Registrar. The registrar has also created an enrollment and degree reporting checklist to ensure the process of submitting and resolving errors is completed. The university is changing how it handles complete withdrawals. The Registrar's Office will be responsible for closing out student programs and processing the complete withdrawal form starting this spring. Derrick Weddle University Registrar

Student Financial Aid Cluster – Assistance Listing No.: Various Recommendation: We recommend the University evaluate its procedures and policies around reporting disbursements to COD to ensure that student information is reported accurately and timely. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Outdated Banner jobs have been updated. After review, the 3PELL disbursement on 08/28/2024 was not caused by human intervention. The early disbursement occurred because Automic ran during that period using the outdated RPEDISB job, which can, in rare cases, trigger a disbursement without a COD Document ID. The Pell grant did not officially originate in COD until 09/12/2024, so the disbursement technically occurred earlier than expected. This was due to the legacy process still running in Automic despite Ellucian phasing out RPEDISB. Name of the contact person responsible for corrective action: This change was made by our former IT Department, prior to contracting with our current IT Managed Services partner, Collegis Education. Going forward, any similar technical issues would fall under the leadership of our new CIO, Debra Lang. Planned completion date for corrective action plan: September 2024 If the United States Department of Education has questions regarding this schedule, please call LaNita Robinson at 651-690-7795.

Student Financial Aid Cluster – Assistance Listing No.: Various Recommendation: We recommend the University review its reporting procedures to ensure the students’ statuses are accurately and timely reported to NSLDS as required by regulations. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: We continue to have system-related issues, for example, the NSC FTP didn't accept our October report, so it was late and it took a long time for us to figure out what had happened. Also, the wrong dates were sent in fall. Our system sent summer dates during the fall semester. Student Affairs staff are now contacting students who have withdrawn in the semester to encourage them to complete a “Leave of Absence” (LOA) request if they think they will not be returning in the subsequent semester. Students have the ability to make their decision at any time. Once we are notified of an LOA, we are updating our system and sending that information to NSLDS. Name of the contact person responsible for corrective action: Kerri Vickers, Registrar. Planned completion date for corrective action plan: On-going.

Identifying Number: 2025-003 Finding: Graham Leach Bliley Act – Student Information Security The College’s written information security program did not include the following elements required by regulation as agreed to in the PPA: • The College has performed a risk assessment utilizing internal resources but has not fully integrated the information security program on the results of this assessment, nor has the College included all required elements of internal and external risks to the security, confidentiality or integrity of customer information. The College’s risk assessment is in the process of implementing an inventory of IT systems that process and store customer information and the compliance with information security elements related to multifactor authentication, access control, change management, logging and alerting and encryption. • The College has not identified, designed or implemented safeguards for all of the risks identified in the risk assessment. The safeguards do not include the identification of security events the detection and response capabilities to support incident response is still being developed. • The College has not been able to test safeguards because safeguards have not been fully designed or implemented in response to the risk assessment. • The College has not developed written policies and procedures to ensure that personnel are able to enact the information security program. There is a lack of evidence of leadership being required to report to the board or an appropriate supervisory council to ensure those charged with governance are informed on the current state of the information security program. Corrective Actions Taken or Planned: 1. Integration of Risk Assessment Results • Corrective Actions Taken or Planned: Complete a new risk assessment for our new information systems and fully integrate the results including safeguards into the College’s information security program. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: June 30, 2026 2. Provide Training for Written Policies and Procedures • Corrective Actions Taken or Planned: Distribute written policies and procedures to ensure personnel can enact the information security program. Provide training to all relevant staff. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: June 30, 2026 3. Testing of Safeguards • Corrective Actions Taken or Planned: Conduct regular testing of implemented safeguards to ensure effectiveness. Document results and make improvements as needed. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: June 30, 2026 4. Comprehensive Inventory of IT Systems • Corrective Actions Taken or Planned: Update and maintain our inventory of all IT systems that process and store customer information. Ensure compliance with multifactor authentication, access control, change management, logging, alerting, and encryption requirements. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: June 30, 2026 5. Governance and Reporting • Corrective Actions Taken or Planned: Establish a formal process requiring leadership to report on the state of the information security program to the Board of Trustees and include in our security policies. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: 6/30/2026 6. GLBA Policy Enhancement • Corrective Actions Taken or Planned: Review and revise the information security policy to ensure all GLBA-required elements are included, referencing current regulatory guidance. • Person Responsible: James Stevens, Chief Information Officer, jstevens@knox.edu • Anticipated Completion Date: 6/30/2026

Identifying Number: 2025-002 Finding: Disbursements to or on Behalf of Students (Credit Balances) The College did not pay the Title IV credit balances to the students directly within the required timeline noted above. Out of the 40 students tested, we noted 2 students (5%) whose credit balances were not paid directly to the students within the required timeframe noted above. The incorrect timing did not have an effect on the total award given to students (timing only). The College did not have formally documented controls related to the process associated with disbursements to or on behalf of students (credit balances), which is required under Uniform Grant Guidance. Corrective Actions Taken or Planned: Knox College has implemented the following corrective measures to ensure compliance with federal credit balance requirements: 1. Automated Monitoring: A system-generated report (Aging Report) of all student credit balances is now produced twice per week from the Jenzabar J1 student information system. 2. Formal Workflow: The AVP of Student Financial Services (SFS) will review the Student Accounts Aging Report. Student Financial Services Advisors will review each of their student accounts that have a credit balance within 24 hours. If the student has a credit balance and has receive Title IV aid during the academic year, the advisor will review if the credit balance is derived by Title IV. A standardized credit balance processing schedule has been established, ensuring that credit balances are reviewed and released within 14 days of disbursement. Role Clarification: Responsibilities are now clearly defined: • SFS confirms refund eligibility. • Business Office processes refunds through Bill.com and posts to the student account. Staff Training: Relevant staff received training on: • Title IV credit balance requirements • Handling of student/parent authorizations • Timely return of unclaimed funds Documentation Controls: All credit balance disbursement and return transactions are documented and retained as part of the official audit record. Person Responsible: Leigh Brinson, Assistant Vice President of Student Financial Services, ltbrinson@knox.edu Anticipated Completion Date: November 10, 2025

Identifying Number: 2025-001 Finding: Error in Reporting for National Student Loan Data System (NSLDS) The College did not properly report the student enrollment change for students who received federal student aid to the NSLDS. The College did not timely report three students’ Program-Level or Campus-Level enrollment status change to NSLDS. Out of the 25 students tested, we noted 3 students (12%) whose status change at the Program-Level and Campus-Level was not timely reported to NSLDS. The College did not have adequate controls related to the process of enrollment reporting, which is required under Uniform Grant Guidance. Corrective Actions Taken or Planned: Knox College will add a third report submission to the end of the term. This will ensure that we report any students that made end of term withdrawals within the time window we are required to report. Any students who withdraw between terms will be captured in the first report submitted after our two week census. Person Responsible: Patrick Hathaway, Registrar, phathaway@knox.edu Anticipated Completion Date: December 31, 2025

Finding 2025-003: Late Student Status Change Reporting Federal Agency: U.S. Department of Education Program: Student Financial Assistance Cluster Criteria: 34 CFR 668.32 requires that an organization reports student status changes within 60 days of graduation, withdrawal, or other roster status changes. Condition: The change in status for 4 of 40 students tested was not reported to the National Student Loan Data System (NSLDS) within 60 days of the change. Cause: Staffing changes during the year impacting the College’s internal control structure resulted in an administrative delay in reporting the changes to NSLDS. Effect: The effect of the condition described above was that the College was not in compliance with NSLDS reporting requirements. Repeat Finding: This is not a repeat finding. Questioned costs: There are no known questioned costs to report. Recommendation: We recommend that the College ensures sufficient staffing is available to report NSLDS requirements timely. View of Responsible Officials and Planned Corrective Action Corrective Action Plan: There is no disagreement with this audit finding. During the fall of 2024 the Registrar’s Office was downsized. This resulted in the delayed processing of the error report following the 10.25.2024 report. This resolution required contacting NSC for assistance in clearing two of the errors, which increased the processing time. Moving forward, the Registrar’s Office will continue to report to NSC on the predetermined schedule, process errors timely, and additionally, a quality control check will be implemented for the Financial Aid Office to compare NSLDS records following the NSC transmissions. Name(s) of the contact person(s) responsible for corrective action: Dr. Melissa Wisniewski, Dean of Enrollment Services at 717-391-7234. Planned completion date for corrective action plan: February 2026 If the Department of Education has questions regarding this plan, please call the Vice President of Finance and Administration, Mr. George Longridge at 717-391-6947.

Finding 2025-002: Student Financial Aid Cluster – Allowable Costs and Allowable Activities and Eligibility Federal Agency: U.S. Department of Education Program: Student Financial Assistance Cluster Criteria: The College is required to have controls in place to ensure students receive the proper amount of student financial assistance they are entitled to based on financial need. Condition: Our financial aid sample of 40 items tested yielded 31 students who received Direct Loan Funding. Of the 31 students who received Direct loan funding, we noted 1 instance where the student received the incorrect amount of Unsubsidized funding. Based on the students Student Aid Index, the student should have received $1,750 in Unsubsidized funding; however, they received $2,227 in Unsubsidized Direct Loan funding, resulting in an overpayment of Direct Loan funding of $477. Cause: The controls in place did not detect that the student had incorrectly been awarded assistance based on more than 30 credits when they actually had 25 credits. The additional 5 credits needed for the amount of the award were not earned until the following semester. Effect: Internal controls related to student financial assistance were not operating properly. Repeat Finding: This is not a repeat finding. Questioned costs: $477 Recommendation: We recommend Thaddeus develop systems that would detect credits posted but not earned to ensure proper student assistance is awarded. View of Responsible Officials and Planned Corrective Action: Management agrees. See separate Corrective Action Plan. Corrective Action Plan: There is no disagreement with the audit finding. After reviewing the policy for Grade-Level Advancement for Direct Loan Consideration, it was determined that the student referenced in the funding did not meet the qualifications needed to be considered a sophomore level student for the Fall 2024 semester. The student became eligible for the increased loan amount in the Spring 2025 semester. The $500 that was incorrectly awarded to the student for the Fall 2024 semester has been corrected and reallocated to Spring 2025. The Office of Financial Aid has created a procedure to check student loan amounts during fall and spring semester to ensure accuracy. Additionally, an Assistant Director of Financial Aid was hired in February 2025 to strengthen financial aid administration within the department. Name(s) of the contact person(s) responsible for corrective action: Melissa Wisniewski, Dean of Enrollment Services at 717-391-7234. Planned completion date for corrective action plan: January 2026. If the Department of Education has questions regarding this plan, please call the Vice President of Finance and Administration, George Longridge at 717-391-6947.

Finding 2025-001 Condition Management implemented controls that specifically addressed some of the circumstances surrounding prior year finding 2024-001. Management's review of the enrollment reporting did not timely report certain student Campus-Level and Program-Level data elements. Student records within the NSLDS was identified with non-timely Campus-Level and Program-Level data elements. Corrective Action Plan Corrective Action Planned: Management agrees with the finding. To resolve this issue, when a student formally withdraws or is academically dismissed in summer, the student information will be manually added to the next National Student Clearinghouse (NSC) upload file, submitted once a month, and marked as “Withdrawn” with an effective status date of the withdrawn date of determination. This complies with NSC processes detailed here: https://help.studentclearinghouse.org/compliancecentral/knowledge-base/enrollment-reporting-for-summer-and-other-non-required-terms/. Name of Contact Person Responsible for Corrective Action: Mark Fetherston, Vice President for Enrollment Management Anticipated Completion Date: Process and procedures will be updated in February 2026, with first implementation in May 2026 (as part of the Summer 2026 submission process).

Audit Period: June 30, 2025 The findings from the June 30, 2025 Schedule of Findings and Questioned Costs (the “Schedule”) are discussed below. The findings are numbered consistently with the number assigned in the Schedule. FINDINGS AND QUESTIONS COSTS – MAJOR FEDERAL AWARD PROGRAM AUDIT 2025-002 – U.S. Department of Education, SFA Cluster, Special Tests and Provisions - Return of Title IV Refunds (Significant Deficiency) Condition: From a population of 74 students that officially or unofficially withdrew during the term, we tested nine students and noted that four students required refund calculations. From the fall 2024 semester calculations we noted that the College did not deduct Thanksgiving break of nine days, November 23, 2024 through December 1, 2024, from the total days in the semester. Criteria: The total number of calendar days in a payment period or period of enrollment includes all days within the period that a student was scheduled to complete, except that scheduled breaks of at least five consecutive days are excluded from the total number of calendar days in a payment period or period of enrollment and the number of calendar days completed in that period (34 CFR Section 668.22(f)(2)(i)). Cause: Controls to ensure proper calculation of Title IV refunds did not function as related to the condition above. Effect: Calculations were incorrect for the three students tested that officially or unofficially withdrew during the fall 2024 term resulting in an incorrect amount of funds returned to the student and the Department of Education. Repeat Finding from a Prior Year: No Recommendation: We recommend the College implement procedures for accurate preparation and calculation of Title IV refunds. Management Response: The college is in agreement with the recommendation to implement procedures for accurate preparation and calculation of Title IV funds. If the Federal Audit Clearinghouse has questions regarding this plan, please call Danielle Pfaff, Controller, at 1-336-316-2140 or dpfaff@guilford.edu

The Office of Financial Aid is currently strengthening the Return to Title IV (R2T4) process by formalizing written procedures and integrating industry best practices. As part of this effort, we are implementing a quality control system whereby a second team member reviews each file to ensure the accuracy of calculations, the completion of necessary pullbacks or billings, and timely communication with students. Additionally, we are enhancing our Title IV reconciliation process to serve as an added layer of oversight, verifying that award data in our student information system (Banner) aligns with records in the Common Origination and Disbursement (COD) system.