FAC Explorer

Finding 199 (2023-001)

-
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2023-10-06
Audit: 356
Organization: Nazarene Bible College (KS)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The College is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA).
  • Impacted Requirements: The College's vendor reviews and written information security program do not reflect the latest GLBA provisions.
  • Recommended Follow-Up: Update all policies and procedures to ensure compliance with GLBA revisions.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION ALN #: : 84.268, 84.063, 84.007, and 84.038 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with all of the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $0 Context: The College has not updated the review of vendors to include the updated provisions of GLBA. Additionally, the College's written information security program does not identify all the updated components of GLBA. Finally, the written annual report does not address all the updated components of the legislation. Cause: The College has not documented all updated policies for the revisions of GLBA. Effect: The College has not fully documented each updated area of GLBA, which may lead to unintended exposure of student data. Identification as repeat finding, if applicable: Not applicable Recommendation: We recommend the College update all policies and procedures to address the revisions of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The college has already updated its Information Security Policy (ISP), Vendor Policy, and created a new Change Management Policy to meet the stated GLBA requirements and resolve the findings of the audit. Prior to the board’s next meeting in April of 2024, in line with the newly updated policies, IT intends to both contact critical vendors to assess their compliance, and prepare a new Information Security Report for their consideration. We will use the provided templates to assist us in those processes. Person Responsible for Corrective Action Plan: Fred Phillips, CIO Anticipated Date of Completion: 04/1/2024

Categories

Special Tests & Provisions

Other Findings in this Audit

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $408,838
84.063 Federal Pell Grant Program $330,545
84.007 Federal Supplemental Educational Opportunity Grants $24,801
84.038 Federal Perkins Loan Program $2,510