FAC Explorer

Finding 1172044 (2025-001)

Material Weakness Repeat Finding
Requirement
N
Questioned Costs
-
Year
2025
Accepted
2026-02-03
Audit: 385130
Organization: Moraine Park Technical College District (WI)
Auditor: CLIFTONLARSONALLEN LLP

AI Summary

  • Core Issue: The College lacks formal documentation for securing sensitive student financial aid information, violating the Gramm-Leach-Bliley Act.
  • Impacted Requirements: Compliance with internal control processes and documentation standards mandated by the Gramm-Leach-Bliley Act.
  • Recommended Follow-Up: Implement and document controls to safeguard sensitive information and ensure ongoing compliance with the Act.

Finding Text

Federal agency: Department of Education Federal program title: Student Financial Aid Cluster CFDA Numbers: 84.063, 84.007, 84.033 Award Period: July 1, 2024 through June 30, 2025 Type of Finding: * Significant Deficiency in Internal Control over Compliance * Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None Context: During our audit procedures, it was noted that the College did not provide formalized documentation which addresses the secured, internal development of applications which transmit sensitive information or the Organizations process to evaluate the security of externally developed applications which transmit sensitive information. The College has not provided formalized documentation which identifies continuous monitoring and safeguarding controls testing. Cause: The college should have an internal control process designed and implemented to ensure compliance with the documentation requirements of the Gramm-Leach-Bliley Act. Effect: The student personal information could be vulnerable. Repeat Finding: No Recommendation: We recommend that the College design and implement controls to ensure that all safeguards for identified risks required by the Gramm-Leach-Bliley Act are fully documented and updated as necessary. Views of responsible officials: There is no disagreement with the audit finding.

Corrective Action Plan

Student Financial Aid Cluster – Assistance Listing No. 84.063, 84.007, 84.033 Recommendation: Recommend that the College design and implement controls to ensure that all safeguards for identified risks required by the Gramm-Leach-Bliley Act (GLBA) are fully documented and updated as necessary. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Moraine Park Technical College will take or has already taken the following actions to address the audit finding: 1. Updated existing policies and documentation to fully reflect the controls in place to safeguard identified risks under the Gramm-Leach-Bliley Act. 2. Revised and formalized the following documents to ensure they clearly describe current practices and continuous monitoring activities: • Incident Response document • Risk Assessment document • Written Information Security Plan • IT Vulnerability Management Practices document These updates ensure that all existing controls and processes are fully documented, current, and aligned with GLBA requirements. Name(s) of the contact person(s) responsible for corrective action: Larry Plamann, Director of Enterprise Infrastructure Planned completion date for corrective action plan: January 2026

Categories

Student Financial Aid Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 1172040 2025-001
    Material Weakness Repeat
  • 1172041 2025-001
    Material Weakness Repeat
  • 1172042 2025-001
    Material Weakness Repeat
  • 1172043 2025-001
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
84.268 FEDERAL DIRECT STUDENT LOANS $2.23M
16.812 SECOND CHANCE ACT REENTRY INITIATIVE $291,075
84.042 TRIO STUDENT SUPPORT SERVICES $288,650
17.268 H-1B JOB TRAINING GRANTS $181,174
84.007 FEDERAL SUPPLEMENTAL EDUCATIONAL OPPORTUNITY GRANTS $94,584
17.258 WIOA ADULT PROGRAM $76,950
84.048 CAREER AND TECHNICAL EDUCATION -- BASIC GRANTS TO STATES $43,530
84.002 ADULT EDUCATION - BASIC GRANTS TO STATES $36,340
97.044 ASSISTANCE TO FIREFIGHTERS GRANT $28,415
17.261 WORKFORCE DATA QUALITY INITIATIVE (WDQI) $24,352
84.033 FEDERAL WORK-STUDY PROGRAM $17,443
20.703 INTERAGENCY HAZARDOUS MATERIALS PUBLIC SECTOR TRAINING AND PLANNING GRANTS $6,500
47.076 STEM EDUCATION (FORMERLY EDUCATION AND HUMAN RESOURCES) $6,000
84.063 FEDERAL PELL GRANT PROGRAM $5,520
15.108 INDIAN EMPLOYMENT ASSISTANCE $1,392
64.028 POST-9/11 VETERANS EDUCATIONAL ASSISTANCE $300