FAC Explorer

Finding 1146872 (2023-006)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2025-07-02
Audit: 361393
Organization: College of Micronesia - Fsm (FM)
Auditor: Ernst & Young

AI Summary

  • Core Issue: The College lacks a qualified individual and a formal program to oversee compliance with the Gramm-Leach-Bliley Act (GLBA) for student information security.
  • Impacted Requirements: Noncompliance with GLBA puts the College at risk of failing to protect sensitive student financial aid information as mandated by federal regulations.
  • Recommended Follow-Up: Develop a comprehensive GLBA information security program, designate a qualified overseer, provide staff training, and conduct regular reviews to ensure compliance.

Finding Text

Federal Agency: U.S. Department of Education AL Program: Student Financial Assistance Cluster - 84.063 Federal Pell Grant Federal Award No.: Title IV HEA Program OPE ID 01034300 Area: Special Tests and Provisions: Gramm-Leach-Bliley Act Student Information Security Questioned Costs: $--- Criteria: The Gramm-Leach-Bliley Act (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistrance Programs as financial institutions and subject to the Gramm-Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions should comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College does not have a qualified individual to oversee the GLBA information security program. Additionally, the Company does not have an existing GLBA information security program in place. Cause: The non-compliance is due to a lack of awareness and understanding of the GLBA requirements and the absence of a formalized process for establishing and maintaining an information security program Effect: The College is in noncompliance with applicable GLBA requirements. Recommendation: The College should develop and implement a comprehensive GLBA information security program that includes risk assessments, safeguards, and regular testing and monitoring of the effectiveness of these safeguards. A qualified individual with the necessary expertise and authority to oversee the GLBA information security program should also be designated. Provide training to relevant staff on GLBA requirements and the importance of information security. Conduct periodic reviews and updates of the information security program to ensure ongoing compliance with GLBA requirements. Views of responsible officials The College acknowledges the finding. Refer to their corrective action plan.

Categories

Student Financial Aid Subrecipient Monitoring Special Tests & Provisions

Other Findings in this Audit

  • 570428 2023-004
    Significant Deficiency
  • 570429 2023-005
    Significant Deficiency
  • 570430 2023-006
    Material Weakness
  • 570431 2023-007
    Material Weakness
  • 570432 2023-008
    Material Weakness
  • 570433 2023-009
    Significant Deficiency
  • 570434 2023-009
    Significant Deficiency
  • 570435 2023-009
    Significant Deficiency
  • 570436 2023-009
    Significant Deficiency
  • 570437 2023-009
    Significant Deficiency
  • 1146870 2023-004
    Significant Deficiency
  • 1146871 2023-005
    Significant Deficiency
  • 1146873 2023-007
    Material Weakness
  • 1146874 2023-008
    Material Weakness
  • 1146875 2023-009
    Significant Deficiency
  • 1146876 2023-009
    Significant Deficiency
  • 1146877 2023-009
    Significant Deficiency
  • 1146878 2023-009
    Significant Deficiency
  • 1146879 2023-009
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.063 Federal Pell Grant Program $9.33M
84.425 Education Stabilization Fund $1.26M
10.511 Smith-Lever Extension Funding $772,212
15.875 Economic, Social, and Political Development of the Territories $671,227
84.047 Trio Upward Bound $596,043
11.307 Economic Adjustment Assistance $424,597
11.028 Connecting Minority Communities Pilot Program $341,775
84.044 Trio Talent Search $340,205
93.236 Grants to States to Support Oral Health Workforce Activities $289,130
10.203 Payments to Agricultural Experiment Stations Under the Hatch Act $190,567
10.322 Distance Education Grants for Institutions of Higher Education in Insular Areas $83,237
10.514 Expanded Food and Nutrition Education Program $56,096
10.308 Resident Instruction, Agriculture, and Food Science Facilities and Equipment Grants $43,325
47.076 Stem Education (formerly Education and Human Resources) $26,110