FAC Explorer

Finding 1127538 (2024-008)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2024
Accepted
2025-03-31
Audit: 352022
Organization: William Peace Universirty (NC)
Auditor: Cliftonlarsonallen LLP

AI Summary

  • Core Issue: The University lacks a complete written information security program, failing to meet key requirements of the Gramm-Leach-Bliley Act.
  • Impacted Requirements: Missing elements include customer data encryption, system change evaluations, and regular testing of security measures.
  • Recommended Follow-Up: Ensure the written information security program includes all required elements and aligns with compliance standards.

Finding Text

Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Aid Cluster Assistance Listing Number: 84.063, 84.268, 84.007, 84.033 Federal Award Identification Number: P007A233144, P063P231946, P033A233144, P268K241946 Award Period: July 1, 2023 – June 30, 2024 Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include nine elements for institutions with 5,000 or more customers, (16 CFR 314.3(a)). The elements that an institution must address in its written information security program are at 16 CFR 314.4. Condition: Certain elements of the University’s information security program were not maintained in written form. Questioned Costs: N/A Context: As of June 2024, the University’s written information security program did not address the following requirements: • Encrypting customer information on the institution’s system and during transit. • Anticipating and evaluating changes to the information system or network. • Regularly testing or monitoring the effectiveness of implemented safeguards (16 CFR 314.4(d)). • Evaluating and adjusting the information security program based on testing and monitoring results, material changes to operations or business arrangements, risk assessment results, or any other circumstances that may materially impact the program (16 CFR 314.4(g)). Cause: The University’s written policy did not explicitly address the required elements, and there was no process in place to ensure the written information security program aligned with the requirements. Effect: Information security management may not be optimized and responses delayed without the written plan. Repeat Finding: No Recommendation: We recommend the University ensure its written information security program addresses the required minimum elements as outlined in 16 CFR 314.4. Views of responsible officials: There is no disagreement with the audit finding and the University is in the process of implementing corrective procedures.

Categories

Subrecipient Monitoring Student Financial Aid Significant Deficiency

Other Findings in this Audit

  • 551087 2024-005
    Significant Deficiency
  • 551088 2024-005
    Significant Deficiency
  • 551089 2024-005
    Significant Deficiency
  • 551090 2024-005
    Significant Deficiency
  • 551091 2024-006
    Significant Deficiency
  • 551092 2024-006
    Significant Deficiency
  • 551093 2024-007
    Significant Deficiency
  • 551094 2024-008
    Significant Deficiency
  • 551095 2024-008
    Significant Deficiency
  • 551096 2024-008
    Significant Deficiency
  • 551097 2024-009
    Significant Deficiency Repeat
  • 551098 2024-010
    Material Weakness
  • 551099 2024-011
    Significant Deficiency
  • 551100 2024-011
    Significant Deficiency
  • 551101 2024-011
    Significant Deficiency
  • 551102 2024-011
    Significant Deficiency
  • 551103 2024-012
    Significant Deficiency
  • 551104 2024-012
    Significant Deficiency
  • 551105 2024-013
    Significant Deficiency
  • 551106 2024-014
    Material Weakness
  • 551107 2024-014
    Material Weakness
  • 551108 2024-014
    Material Weakness
  • 551109 2024-014
    Material Weakness
  • 1127529 2024-005
    Significant Deficiency
  • 1127530 2024-005
    Significant Deficiency
  • 1127531 2024-005
    Significant Deficiency
  • 1127532 2024-005
    Significant Deficiency
  • 1127533 2024-006
    Significant Deficiency
  • 1127534 2024-006
    Significant Deficiency
  • 1127535 2024-007
    Significant Deficiency
  • 1127536 2024-008
    Significant Deficiency
  • 1127537 2024-008
    Significant Deficiency
  • 1127539 2024-009
    Significant Deficiency Repeat
  • 1127540 2024-010
    Material Weakness
  • 1127541 2024-011
    Significant Deficiency
  • 1127542 2024-011
    Significant Deficiency
  • 1127543 2024-011
    Significant Deficiency
  • 1127544 2024-011
    Significant Deficiency
  • 1127545 2024-012
    Significant Deficiency
  • 1127546 2024-012
    Significant Deficiency
  • 1127547 2024-013
    Significant Deficiency
  • 1127548 2024-014
    Material Weakness
  • 1127549 2024-014
    Material Weakness
  • 1127550 2024-014
    Material Weakness
  • 1127551 2024-014
    Material Weakness

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $4.29M
84.063 Federal Pell Grant Program $1.43M
84.033 Federal Work-Study Program $46,035
84.007 Federal Supplemental Educational Opportunity Grants $39,392