FAC Explorer

Finding 1338 (2023-002)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2023-11-07
Audit: 2492
Organization: Life Pacific University (CA)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: Life Pacific University is not fully compliant with updated GLBA requirements, risking student information security.
  • Impacted Requirements: Key components missing include a designated security officer, a written security program, multi-factor authentication, continuous monitoring, vendor management, an incident response plan, and annual board reporting.
  • Recommended Follow-Up: Allocate necessary resources to meet GLBA requirements and implement corrective actions as agreed by management.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 - Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: Life Pacific University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: Life Pacific University has not completed the following components in light of the updated GLBA regulations. - designated a single individual responsible for the information security program - created a written information security program - implemented multi-factor authentication on systems containing personally identifiable information (PII) - implemented continuous monitoring, such as penetration testing and vulnerability scanning - implemented sufficient vendor management policies and reviews - implemented an incident response plan - provided a written, annual report to the board. Cause: Life Pacific University has experienced turnover in the information technology department during the time when the updated regulations went into effect. Effect: Life Pacific University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend Life Pacific University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: • Management has reached out to the audit team for guidance on implementation. LPU’s IT Director has been assigned the oversight of this project and will be making recommendations for leadership to consider. Leadership will balance these recommendations with current budget and resource restrictions. Budget constraints over the past several years have equated to limited resources in the IT department, as we currently have only one employee for IT needs. Person Responsible for Corrective Action Plan: Rachel Au, CFO Anticipated Date of Completion: Unknown. LPU’s current state make it difficult to identify with any specificity when this item will be addressed.

Categories

Subrecipient Monitoring Material Weakness

Other Findings in this Audit

  • 1339 2023-002
    Material Weakness
  • 1340 2023-002
    Material Weakness
  • 1341 2023-002
    Material Weakness
  • 577780 2023-002
    Material Weakness
  • 577781 2023-002
    Material Weakness
  • 577782 2023-002
    Material Weakness
  • 577783 2023-002
    Material Weakness

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $2.80M
84.063 Federal Pell Grant Program $1.03M
84.007 Federal Supplemental Educational Opportunity Grants $31,185
84.033 Federal Work-Study Program $30,084