FAC Explorer

Finding 1161410 (2024-008)

Material Weakness Repeat Finding
Requirement
N
Questioned Costs
-
Year
2024
Accepted
2025-10-24
Audit: 371273
Organization: Wittenberg University (OH)
Auditor: RSM US LLP

AI Summary

  • Core Issue: The University has not fully implemented required controls under the Gramm Leach Bliley Act (GLBA), risking unauthorized access to sensitive customer data.
  • Impacted Requirements: Key safeguards like data encryption and regular data inventories are missing, and many elements of the annual risk assessment are not satisfactorily implemented.
  • Recommended Follow-Up: The University should establish a comprehensive quality assurance process to ensure compliance with GLBA requirements and document all controls effectively.

Finding Text

Federal Program: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.063, 84.033, 84.038, 84.007, 84.268, and 84.379 Federal Agency: Department of Education Award Year: 2024 Criteria: Under the Gramm Leach Bliley Act (GLBA) Safeguards Rule, the University must develop, implement, and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards. Condition: The University has not fully implemented or documented controls as required by the Gramm Leach Bliley Act. Specifically, the audit team observed that: • Customer data is not encrypted • Periodic inventories of data are not performed • While an annual risk assessment was performed, which included required elements, many of those elements were not found to be satisfactorily implemented. Cause: The University did not have adequate internal controls or monitoring procedures in place to ensure compliance with the GLBA Act. Context: Controls did operate properly for the University to comply with requirements of the GLBA Act Effect: Failure to implement and enforce access controls increases the risk of unauthorized access to sensitive customer data, potentially leading to data breaches, regulatory penalties, and reputational harm. Questioned Costs: None Repeat Finding: No Recommendations: The University should implement and document an overall quality assurance process including adequate controls to prevent overall noncompliance. Management's Response: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Wittenberg University will continue to perform a comprehensive review of its current information security program and practices to address the identified deficiencies under the Gramm Leach Bliley Act (GLBA) Safeguards Rule. The Chief Information Officer and Chief Information Security Officer are responsible for overseeing the development and implementation of a documented quality assurance process. These processes will include: • Implementing encryption protocols for all customer data, both at rest and in transit. • Conducting and documenting periodic inventories of sensitive data to ensure accurate tracking and protection. • Enhancing the annual risk assessment process to verify that all required elements are satisfactorily implemented, with clear action steps and follow-up procedures. • Developing and maintaining administrative, technical, and physical safeguards as outlined by GLBA requirements, supported by ongoing staff training and awareness programs. • Establishing continuous monitoring and internal audit procedures to regularly assess compliance and effectiveness of controls, with results reported to senior management. Implementation of these corrective actions will begin immediately, with full completion targeted for 9/30/2026. Progress will be tracked, and any issues identified will be addressed promptly to ensure sustained compliance and mitigate risk of future findings. Responsible Party Candice Santell CIO

Categories

Subrecipient Monitoring

Other Findings in this Audit

  • 1161387 2024-004
    Material Weakness Repeat
  • 1161388 2024-005
    Material Weakness Repeat
  • 1161389 2024-006
    Material Weakness Repeat
  • 1161390 2024-007
    Material Weakness Repeat
  • 1161391 2024-008
    Material Weakness Repeat
  • 1161392 2024-009
    Material Weakness Repeat
  • 1161393 2024-011
    Material Weakness Repeat
  • 1161394 2024-004
    Material Weakness Repeat
  • 1161395 2024-008
    Material Weakness Repeat
  • 1161396 2024-011
    Material Weakness Repeat
  • 1161397 2024-004
    Material Weakness Repeat
  • 1161398 2024-008
    Material Weakness Repeat
  • 1161399 2024-011
    Material Weakness Repeat
  • 1161400 2024-010
    Material Weakness Repeat
  • 1161401 2024-004
    Material Weakness Repeat
  • 1161402 2024-008
    Material Weakness Repeat
  • 1161403 2024-011
    Material Weakness Repeat
  • 1161404 2024-004
    Material Weakness Repeat
  • 1161405 2024-008
    Material Weakness Repeat
  • 1161406 2024-011
    Material Weakness Repeat
  • 1161407 2024-004
    Material Weakness Repeat
  • 1161408 2024-005
    Material Weakness Repeat
  • 1161409 2024-006
    Material Weakness Repeat
  • 1161411 2024-009
    Material Weakness Repeat
  • 1161412 2024-011
    Material Weakness Repeat
  • 1161413 2024-002
    Material Weakness Repeat
  • 1161414 2024-003
    Material Weakness Repeat
  • 1161415 2024-011
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
84.268 FEDERAL DIRECT STUDENT LOANS $8.07M
84.063 FEDERAL PELL GRANT PROGRAM $2.45M
84.038 FEDERAL PERKINS LOAN PROGRAM_FEDERAL CAPITAL CONTRIBUTIONS $1.72M
84.047 TRIO UPWARD BOUND $428,272
84.033 FEDERAL WORK-STUDY PROGRAM $257,699
84.007 FEDERAL SUPPLEMENTAL EDUCATIONAL OPPORTUNITY GRANTS $168,199
84.021 OVERSEAS PROGRAMS - GROUP PROJECTS ABROAD $104,391
47.049 MATHEMATICAL AND PHYSICAL SCIENCES $84,387
47.076 STEM EDUCATION (FORMERLY EDUCATION AND HUMAN RESOURCES) $73,919
84.379 TEACHER EDUCATION ASSISTANCE FOR COLLEGE AND HIGHER EDUCATION GRANTS (TEACH GRANTS) $18,680
43.001 SCIENCE $8,473
45.162 PROMOTION OF THE HUMANITIES TEACHING AND LEARNING RESOURCES AND CURRICULUM DEVELOPMENT $7,260
81.049 OFFICE OF SCIENCE FINANCIAL ASSISTANCE PROGRAM $2,386