FAC Explorer

Finding 2180 (2023-001)

-
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2023-11-20
Audit: 3767
Organization: Denver Seminary (CO)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The Seminary is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA), particularly regarding multi-factor authentication and annual reporting.
  • Impacted Requirements: Failure to implement multi-factor authentication for systems with personally identifiable information (PII) and incomplete annual reports to the board.
  • Recommended Follow-Up: Allocate more resources to meet GLBA requirements and ensure compliance to protect student information from security risks.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION ALN #: 84.268 and 84.033 - Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The Seminary did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $0 Context: The Seminary has not implemented multi-factor authentication on all systems containing personally identifiable information (PII) or had the qualified individual approve in writing the exception. Additionally, the written, annual report to the board does not include all the required areas based on the updated regulations. Cause: The Seminary has limited resources and has allocated certain staff time and dollars as available to address and document compliance with the requirements of GLBA. Effect: The Seminary has a couple of gaps to adequately address the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We commend the Seminary for the work completed on GLBA. We recommend the Seminary allocate sufficient resources to address the remaining requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The school’s student information system vendor did not offer multi-factor authentication (MFA) capability during or prior to the year under audit. This capability has just become available for their software as of October 2023. The school has requested access to this capability from the vendor and will be coordinating implementation of MFA as soon as possible. The written annual report will be modified to include all required areas based on updated regulations. Person Responsible for Corrective Action Plan: Debra Kellar, VP of Finance and Campus Operations Anticipated Date of Completion: March 31, 2024

Categories

No categories assigned yet.

Other Findings in this Audit

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $2.83M
21.027 Covid-19 Coronavirus State and Local Fiscal Recovery Funds $66,260
84.033 Federal Work-Study Program $60,500