Finding Text
Assistance Listing, Federal Agency, and Program Name - 84.268 Federal Direct Student Loans, 84.007 Federal Supplemental Educational Opportunity Grants, 84.033 Federal Work Study Program, 84.038, Federal Perkins Loan Program, 84.379 Teacher Education Assistance for College and Higher Education Grants (TEACH Grants), 84.063 Federal Pell Grant Program, U.S. Department of Education (ED), Student Financial Assistance Cluster Federal Award Identification Number and Year - Various Pass through Entity - N/A Finding Type - Material weakness Repeat Finding - No Criteria - The College should have appropriate internal controls in place related to the version updates, patches, and modifications in the student and general ledger systems. Condition - The College did not have appropriate internal controls in place related to the version updates, patches, and modifications to the student and general ledger systems. Questioned Costs- None If questioned costs are not determinable, description of why known questioned costs were undetermined or otherwise could not be reported - N/A Identification of How Questioned Costs Were Computed - N/A Context - The College lacks a documented review of the testing of version updates, patches, and modifications to the student and general ledger systems by users outside of the information and systems personnel. In addition, the College lacks documented segregation of duties controls over the implementation of these changes as the same individual has the ability to implement changes in the test and production environments. Cause and Effect - The College had staff departures and generally a small information technology office that caused resource and process restrictions. As a result, the College was unable to implement controls to ensure appropriate documentation of the testing of system changes were maintained or ensure appropriate segregation of duties over the process. Recommendation - The College should implement controls to ensure appropriate documentation of all system changes is maintained while maintaining appropriate segregation of duties of the users with the ability to make system changes. Views of Responsible Officials and Planned Corrective Actions - The College agrees with the finding. The CFO and Controller will work with the CIO to ensure that appropriate internal controls, including segregation of duties, around system upgrades, patches and modifications are completed. The internal control processes will cover the following key areas: • Planning and Authorization of the upgrade, patch or change • Implementation and Testing of the upgrade, patch or change, including user acceptance testing • Change Management and Documentation of the change, including logs or appropriate audit trails • Post Implementation Monitoring and Review