FAC Explorer

Finding 1205064 (2025-009)

Material Weakness Repeat Finding
Requirement
N
Questioned Costs
-
Year
2025
Accepted
2026-03-31
Audit: 396707
Organization: School District of Polk County, Florida (FL)
Auditor: CLIFTONLARSONALLEN LLP

AI Summary

  • Core Issue: The District's written information security program lacks key elements required by the Gramm-Leach-Bliley Act.
  • Impacted Requirements: Missing components include a qualified individual for coordination, a change management policy, and documentation of continuous monitoring.
  • Recommended Follow-Up: Update the information security program to include all necessary elements to ensure compliance.

Finding Text

Gramm-Leach-Bliley Act Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Aid Cluster Assistance Listing Number: 84.063 Federal Award Identification Number and Year: N/A Award Period: July 1, 2024 – June 30, 2025 Type of Finding: Significant Deficiency in Internal Control over Compliance; Noncompliance (Other Matters) Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: During our audit procedures, we noted three elements that are not addressed in the District’s written information security program: (1) it does not identify a qualified individual to coordinate the information security program, (2) it does not include a change management policy, (3) it does not document continuous monitoring capabilities. Questioned costs: N/A Context: The District has policies related to change management, continuous monitoring, and designating a qualified individual. However, those policies are not included in the District’s written information security program. Cause: The District’s written information security program does not include all required elements. Effect: Noncompliance with the Gramm-Leach-Bliley Act. Repeat Finding: No Recommendation: We recommend that the District update its written information security program to ensure it includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.

Corrective Action Plan

Gramm-Leach-Bliley Act Recommendation: We recommend that the District update its written information security program to ensure it includes all required elements. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Actions planned in response to finding: The District will review and update its written information security program to ensure all required elements are included and fully aligned with applicable state and federal requirements. Updates will be completed and implemented in coordination with the appropriate departments to ensure compliance and ongoing monitoring. Responsible party: Director of Network Operations & Senior Director of Information Services Planned completion date for corrective action plan: April 30, 2026 Plan to monitor completion of corrective action plan: • The Director of Network Operations and Senior Director of Information Services will conduct periodic reviews to verify that updates to the information security program are completed, documented, and implemented as intended. • Progress will be reviewed with relevant departments to ensure ongoing compliance and to address any gaps identified during implementation.

Categories

Student Financial Aid Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 1205057 2025-002
    Material Weakness Repeat
  • 1205058 2025-003
    Material Weakness Repeat
  • 1205059 2025-004
    Material Weakness Repeat
  • 1205060 2025-005
    Material Weakness Repeat
  • 1205061 2025-006
    Material Weakness Repeat
  • 1205062 2025-007
    Material Weakness Repeat
  • 1205063 2025-008
    Material Weakness Repeat
  • 1205065 2025-010
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
10.555 NATIONAL SCHOOL LUNCH PROGRAM $56.56M
84.010 TITLE I GRANTS TO LOCAL EDUCATIONAL AGENCIES $54.79M
84.027 SPECIAL EDUCATION GRANTS TO STATES $32.98M
10.553 SCHOOL BREAKFAST PROGRAM $15.30M
93.600 HEAD START $10.53M
84.367 SUPPORTING EFFECTIVE INSTRUCTION STATE GRANTS (FORMERLY IMPROVING TEACHER QUALITY STATE GRANTS) $5.95M
84.424 STUDENT SUPPORT AND ACADEMIC ENRICHMENT PROGRAM $4.40M
84.063 FEDERAL PELL GRANT PROGRAM $3.27M
84.165 MAGNET SCHOOLS ASSISTANCE $2.63M
84.048 CAREER AND TECHNICAL EDUCATION -- BASIC GRANTS TO STATES $2.01M
84.365 ENGLISH LANGUAGE ACQUISITION STATE GRANTS $1.97M
84.002 ADULT EDUCATION - BASIC GRANTS TO STATES $1.69M
84.011 MIGRANT EDUCATION STATE GRANT PROGRAM $1.16M
12.U01 ARMY JUNIOR RESERVE OFFICERS TRAINING CORPS $1.14M
10.558 CHILD AND ADULT CARE FOOD PROGRAM $923,921
10.559 SUMMER FOOD SERVICE PROGRAM FOR CHILDREN $623,396
84.173 SPECIAL EDUCATION PRESCHOOL GRANTS $484,444
17.264 NATIONAL FARMWORKER JOBS PROGRAM $311,815
84.425 EDUCATION STABILIZATION FUND $276,635
84.196 EDUCATION FOR HOMELESS CHILDREN AND YOUTH $213,228
12.U03 AIR FORCE JUNIOR RESERVE OFFICERS TRAINING CORPS $115,714
21.019 CORONAVIRUS RELIEF FUND $85,491
12.U02 MARINE CORPS JUNIOR RESERVE OFFICERS TRAINING CORPS $81,921
84.184 SCHOOL SAFELY NATIONAL ACTIVITIES $74,944
12.U04 NAVY JUNIOR RESERVE OFFICERS TRAINING CORPS $64,147
84.282 CHARTER SCHOOLS $21,752