FAC Explorer

Finding 1205544 (2025-103)

Material Weakness Repeat Finding
Requirement
N
Questioned Costs
-
Year
2025
Accepted
2026-03-31
Audit: 397241
Organization: Bay County District School Board (FL)
Auditor: CARR RIGGS & INGRAM LLC

AI Summary

  • Core Issue: Multi-factor authentication is not in place for accessing student information, creating a significant security risk.
  • Impacted Requirements: This violates 2 CFR section 200.303 and 16 CFR 314.4(c), which mandate proper internal controls and security measures for federal awards.
  • Recommended Follow-up: Implement a multi-factor authentication policy immediately to safeguard student information and comply with federal regulations.

Finding Text

2025-103 Multi-factor Authentication Not Required When Accessing Student Information Assistance Listing Number: 84.063 Program Title: Federal Pell Grant Program Compliance Requirement: Special Tests and Provisions – Gramm-Leach Bliley Act- Student Information Security Federal Agency: United States Department of Education FAIN and year: P063P203385, 2024-2025 Finding Type: Material Weakness in Internal Control Known Questioned Costs: $0 Criteria: 2 CFR section 200.303 requires that nonfederal entities receiving federal awards establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. The institution’s written information security policy must address the implementation of safeguards identified in 16 CFR 314.4(c) which includes the implementation of multi-factor authentication for anyone accessing student information on the institution’s system. Condition: Multi-factor authentication has not been implemented on the District’s system in regards to access of student information. Cause: The security parameters for accessing student information do not include multi-factor authentication in conjunction with passwords when accessing student information from the District’s information system. Effect: Student information could be inappropriately accessed. Recommendation: The requirement for multi-factor authentication policy should be put in place. Management Response: See attached Corrective Action Plan.

Corrective Action Plan

Finding Number: 2025-103 The deficiencies resulted from the absence of a comprehensive, system-based control structure capable of: ● Enforcing secure system access protocols, including multi-factor authentication The institution will implement multi-factor authentication (MFA) across all financial aid and student information systems to: ● Protect Title IV data from unauthorized access ● Align with federal information security expectations ● Ensure compliance with institutional cybersecurity policies Anticipated Completion Date: 8/31/2026 Responsible Contact Person: Angela Reese

Categories

Special Tests & Provisions Student Financial Aid Material Weakness Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties

Other Findings in this Audit

  • 1205542 2025-101
    Material Weakness Repeat
  • 1205543 2025-102
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
10.555 NATIONAL SCHOOL LUNCH PROGRAM $9.30M
84.010 TITLE I GRANTS TO LOCAL EDUCATIONAL AGENCIES $9.15M
84.027 SPECIAL EDUCATION GRANTS TO STATES $7.31M
84.425U COVID-19 EDUCATION STABILIZATION FUND $6.50M
10.553 SCHOOL BREAKFAST PROGRAM $2.40M
84.184 SCHOOL SAFELY NATIONAL ACTIVITIES $2.21M
84.063 FEDERAL PELL GRANT PROGRAM $1.55M
84.367 SUPPORTING EFFECTIVE INSTRUCTION STATE GRANTS (FORMERLY IMPROVING TEACHER QUALITY STATE GRANTS) $1.31M
97.036 DISASTER GRANTS - PUBLIC ASSISTANCE (PRESIDENTIALLY DECLARED DISASTERS) $1.11M
97.039 HAZARD MITIGATION GRANT $764,190
93.243 SUBSTANCE ABUSE AND MENTAL HEALTH SERVICES PROJECTS OF REGIONAL AND NATIONAL SIGNIFICANCE $664,503
84.424 STUDENT SUPPORT AND ACADEMIC ENRICHMENT PROGRAM $546,356
10.558 CHILD AND ADULT CARE FOOD PROGRAM $521,854
84.048 CAREER AND TECHNICAL EDUCATION -- BASIC GRANTS TO STATES $403,764
84.002 ADULT EDUCATION - BASIC GRANTS TO STATES $317,675
84.365 ENGLISH LANGUAGE ACQUISITION STATE GRANTS $288,099
84.173 SPECIAL EDUCATION PRESCHOOL GRANTS $233,770
84.041 IMPACT AID $221,350
10.559 SUMMER FOOD SERVICE PROGRAM FOR CHILDREN $183,751
12.U01 AIR FORCE JUNIOR RESERVE OFFICERS TRAINING CORPS $146,713
93.959 BLOCK GRANTS FOR PREVENTION AND TREATMENT OF SUBSTANCE ABUSE $137,500
84.196 EDUCATION FOR HOMELESS CHILDREN AND YOUTH $120,416
84.425W COVID-19 EDUCATION STABILIZATION FUND $114,697
12.U03 MARINE CORPS JUNIOR RESERVICE OFFICERS TRAIN $73,653
12.U02 ARMY JUNIOR RESERVE OFFICERS TRAINING CORPS $65,984
12.U04 NAVY JUNIOR RESERVE OFFICERS TRAINING CORPS $52,387
10.582 FRESH FRUIT AND VEGETABLE PROGRAM $35,454