Finding No. 2024-002 Special Tests: Enrollment Reporting and Gramm-Leach-Bliley Act Compliance / Material Weakness in Internal Controls over Compliance Finding: Instances of noncompliance have been identified around major compliance requirements Enrollment Reporting and Gramm-Leach-Bliley Act, which are both part of special tests identified in the 2024 Compliance Supplement. Additionally, due to a transition in Registrar leadership and concurrent updates to Student Information System (SIS) configurations, a subset of students who had graduated and ceased attendance were incorrectly reported with a “Withdrawn” enrollment status. As part of the institution’s standard enrollment reporting process, student enrollment and graduation data are transmitted monthly from the SIS to the National Student Clearinghouse (NSC). NSC subsequently reports this information to the National Student Loan Data System (NSLDS). Under normal system operations, graduation data should be automatically included with the monthly enrollment transmission and used to determine the correct final enrollment status. However, following the SIS configuration update, the automated linkage between degree conferral data and enrollment status reporting did not function as intended. As a result, certain students with conferred degrees were systemically classified as “Withdrawn” rather than “Graduated” in the enrollment file submitted by the Registrar’s Office. Upon identification of the issue, the Registrar’s Office submitted a help desk ticket to the SIS Helpdesk to document the findings and initiate a technical review of the enrollment reporting configuration. Corrective Actions Taken: A formal help desk ticket was submitted to the SIS Helpdesk to investigate the enrollment status reporting discrepancy. SIS technicians reviewed enrollment reporting configurations and confirmed that graduation data was not being correctly incorporated into the monthly enrollment extract. The Registrar’s Office identified the affected student population and validated degree conferral information against official graduation records. Corrected enrollment statuses have been submitted. Corrective Actions Planned: Concurrently with Fall 2025, SUBSEQUENT OF TERM enrollment report, the Registrar’s Office will submit corrected enrollment records for any additional student to the National Student Clearinghouse (NSC) to ensure that accurate graduation information is transmitted to the National Student Loan Data System (NSLDS). (Due by 01/31/2026) Starting with Fall 2025 graduates, the Registrar’s office will manually update graduation statuses for all identified impacted students to ensure institutional records accurately reflect degree conferral prior to subsequent enrollment reporting cycles. Last, Enrollment reporting procedures will be updated to document revised controls, roles, and review steps, including specific checks related to graduation status accuracy following SIS configuration changes or staffing transitions. Additionally, related to the Gramm-Leach-Bliley Act requirements, IWP acknowledges the repeated finding and has taken immediate steps to ensure full compliance with the Gramm-Leach-Bliley Act requirements outlined in the 2024 Compliance Supplement. Specifically: - Formal Written Information Security Program: A comprehensive written policy is being finalized to address all seven required elements under 16 CFR 314.4(b), including risk assessment, safeguards, and oversight. - Annual Review Process: The CIO will review updates to the Student Financial Aid Cluster within the OMB Compliance Supplement annually to confirm continued compliance. - Policy Approval and Oversight: Once completed, the policy will be reviewed and approved by the EVP to ensure all required elements are included. - Implementation and Training: Staff training will be conducted to ensure awareness and adherence to the security program. - Monitoring and Updates: The Institute will monitor for any changes to federal requirements and update the policy accordingly. The written security program will be completed and implemented by the end of FY2026, with ongoing annual reviews thereafter. Responsibility for oversight rests with the CIO, with final approval by the EVP.