FAC Explorer

Finding 1165293 (2025-003)

Material Weakness Repeat Finding
Requirement
N
Questioned Costs
-
Year
2025
Accepted
2025-12-18
Audit: 375827
Organization: Mount Saint Mary's University (CA)
Auditor: BAKER TILLY US LLP

AI Summary

  • Core Issue: The University lacks updated procedures for the Gramm-Leach-Bliley Act (GLBA) security policy, putting it at risk of noncompliance.
  • Impacted Requirements: The GLBA mandates a comprehensive information security program that addresses all required elements, which the University has not fully implemented.
  • Recommended Follow-Up: Update the GLBA security policy to include all required elements and ensure timely completion of ongoing processes.

Finding Text

Finding 2025-003: Gramm-Leach-Bliley Act Security Policy Program: Student Financial Assistance Cluster Assistance Listing Number (ALN): Various Federal Agency: U.S. Department of Education Federal Award Identification Number: N/A Federal Award Year: June 30, 2025 Repeat Finding: 2024-001 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). In 2021, the Federal Trade Commission issued final regulations that altered the current required elements of an information security program and added several new elements. Under the regulations, institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts. The written information security program for institutions must address all elements that apply. The elements for the information security programs set forth in this section 16 CFR 314.4 are high-level principles that set forth basic issues the programs must address, and do not prescribe how they will be addressed. Condition/Context: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy review and updates are still in process. Cause: The University noted that several items required are in process or only partially completed. Effect: Failure to comply with the requirements of GLBA standards puts the University out of compliance with requirements and potentially at risk of compromising consumer, nonpublic personal information. Questioned costs: Not applicable Recommendation: It is recommended that the University update its written GLBA security policy to address all the required elements. At a minimum, the University should address each of the required minimum elements noted in the GLBA regulations (16 CFR 314.4). Management's Response: The University agrees with the finding. The University notes that several items required are in process or being developed to comply with the requirements.

Corrective Action Plan

Mount Saint Mary’s University Corrective Action Plan For the Year Ended June 30, 2025 Finding 2025-003 Condition: The University did not have updated procedures and processes in place specific to all the required GLBA elements. The GLBA policy review and updates are still in process. Corrective Action Plan: Due to the transition within the institution’s information security department, the University is still in the process of updating its information security policy and framework and will have these approved in fiscal year 2026. The University is continuing to work on implementing the remaining elements of the GLBA requirements and has been tracking and monitoring its progress. Name(s) of Contact Person(s) Responsible for Corrective Action: Jamal Nasser, Chief Information Officer Anticipated Completion Date: June 30, 2026 Joy E. Brathwaite, MBA MSA Vice President for Finance and Administration Dated: 12/4/2025

Categories

No categories assigned yet.

Other Findings in this Audit

  • 1165279 2025-001
    Material Weakness Repeat
  • 1165280 2025-001
    Material Weakness Repeat
  • 1165281 2025-001
    Material Weakness Repeat
  • 1165282 2025-001
    Material Weakness Repeat
  • 1165283 2025-001
    Material Weakness Repeat
  • 1165284 2025-002
    Material Weakness Repeat
  • 1165285 2025-002
    Material Weakness Repeat
  • 1165286 2025-002
    Material Weakness Repeat
  • 1165287 2025-002
    Material Weakness Repeat
  • 1165288 2025-002
    Material Weakness Repeat
  • 1165289 2025-003
    Material Weakness Repeat
  • 1165290 2025-003
    Material Weakness Repeat
  • 1165291 2025-003
    Material Weakness Repeat
  • 1165292 2025-003
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
84.268 FEDERAL DIRECT STUDENT LOANS $29.65M
84.063 FEDERAL PELL GRANT PROGRAM $7.09M
47.076 STEM EDUCATION (FORMERLY EDUCATION AND HUMAN RESOURCES) $649,967
84.033 FEDERAL WORK-STUDY PROGRAM $560,787
93.364 NURSING STUDENT LOANS $536,717
84.031 HIGHER EDUCATION INSTITUTIONAL AID $489,665
84.042 TRIO STUDENT SUPPORT SERVICES $346,573
84.325 SPECIAL EDUCATION - PERSONNEL DEVELOPMENT TO IMPROVE SERVICES AND RESULTS FOR CHILDREN WITH DISABILITIES $316,829
84.007 FEDERAL SUPPLEMENTAL EDUCATIONAL OPPORTUNITY GRANTS $278,581
11.028 CONNECTING MINORITY COMMUNITIES PILOT PROGRAM $122,210
16.525 GRANTS TO REDUCE DOMESTIC VIOLENCE, DATING VIOLENCE, SEXUAL ASSAULT, AND STALKING ON CAMPUS $104,446
10.558 CHILD AND ADULT CARE FOOD PROGRAM $38,709
10.561 STATE ADMINISTRATIVE MATCHING GRANTS FOR THE SUPPLEMENTAL NUTRITION ASSISTANCE PROGRAM $30,172
19.009 ACADEMIC EXCHANGE PROGRAMS - UNDERGRADUATE PROGRAMS $28,602
93.242 MENTAL HEALTH RESEARCH GRANTS $24,751
93.575 CHILD CARE AND DEVELOPMENT BLOCK GRANT $24,487
11.417 SEA GRANT SUPPORT $18,780
45.162 PROMOTION OF THE HUMANITIES TEACHING AND LEARNING RESOURCES AND CURRICULUM DEVELOPMENT $9,048