FAC Explorer

Finding 24942 (2022-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2022
Accepted
2023-03-30
Audit: 25226
Organization: Marian University, Inc. (WI)
Auditor: Cliftonlarsonallen LLP

AI Summary

  • Core Issue: The University failed to document its GLBA risk assessment and required safeguards by June 30, 2022.
  • Impacted Requirements: Compliance with 16 CFR 314.4 (b) regarding employee training, information systems, and response to security threats.
  • Recommended Follow-Up: Continue collaboration with the outside service provider to complete the risk assessment documentation and achieve compliance.

Finding Text

2022 ? 002: GLBA Risk Assessment Requirements Federal Agency: U.S. Department of Education Federal Program Name: Student Financial Aid Cluster Assistance Listing Number: 84.007, 84.033, 84.063, 84.268, 84.379 Federal Award Identification Number and Year: P007A214513-2022, P033A214513-2022, P063P212439-2022, P268K222439-2022, P379T222439-2022 Award Period: July 1, 2021 to June 30, 2022 Type of Finding: ? Significant Deficiency in Internal Control over Compliance ? Other Matters Criteria or specific requirement: The institution is required to perform a risk assessment that addresses the three required areas noted in 16 CFR 314.4 (b), which are (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other system failures. In addition, each institution has to document a safeguard for each risk identified from the criteria noted. Condition: As of June 30, 2022, the University had not formally documented the risk assessment and required safeguards in accordance with the stated criteria. Questioned costs: There are no questioned costs. Context: In performing our audit, we noted that the University had not formally documented the risk assessment and required safeguards in accordance with the stated criteria. This was noted from our review of the information technology policies and procedures. Cause: The University is working with an outside service provider to formally document the risk assessment and required safeguards to ensure compliance with the stated criteria. That process had not been completed as of June 30, 2022. Effect: The University was not in compliance with the statement criteria as of June 30, 2022. Repeat Finding: No Recommendation: We recommend that the University continue to work with the outside service provider to ensure compliance with the stated criteria. Views of responsible officials: There is no disagreement with the audit finding.

Categories

Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 24939 2022-002
    Significant Deficiency
  • 24940 2022-003
    Significant Deficiency
  • 24941 2022-008
    Significant Deficiency
  • 24943 2022-003
    Significant Deficiency
  • 24944 2022-008
    Significant Deficiency
  • 24945 2022-003
    Significant Deficiency
  • 24946 2022-002
    Significant Deficiency
  • 24947 2022-008
    Significant Deficiency
  • 24948 2022-010
    Material Weakness
  • 24949 2022-011
    Material Weakness
  • 24950 2022-002
    Significant Deficiency
  • 24951 2022-005
    Significant Deficiency
  • 24952 2022-006
    Material Weakness
  • 24953 2022-007
    Significant Deficiency
  • 24954 2022-008
    Significant Deficiency
  • 24955 2022-009
    Significant Deficiency
  • 24956 2022-010
    Material Weakness
  • 24957 2022-011
    Material Weakness
  • 24958 2022-002
    Significant Deficiency
  • 24959 2022-006
    Material Weakness
  • 24960 2022-008
    Significant Deficiency
  • 24961 2022-004
    Significant Deficiency
  • 24962 2022-004
    Significant Deficiency
  • 601381 2022-002
    Significant Deficiency
  • 601382 2022-003
    Significant Deficiency
  • 601383 2022-008
    Significant Deficiency
  • 601384 2022-002
    Significant Deficiency
  • 601385 2022-003
    Significant Deficiency
  • 601386 2022-008
    Significant Deficiency
  • 601387 2022-003
    Significant Deficiency
  • 601388 2022-002
    Significant Deficiency
  • 601389 2022-008
    Significant Deficiency
  • 601390 2022-010
    Material Weakness
  • 601391 2022-011
    Material Weakness
  • 601392 2022-002
    Significant Deficiency
  • 601393 2022-005
    Significant Deficiency
  • 601394 2022-006
    Material Weakness
  • 601395 2022-007
    Significant Deficiency
  • 601396 2022-008
    Significant Deficiency
  • 601397 2022-009
    Significant Deficiency
  • 601398 2022-010
    Material Weakness
  • 601399 2022-011
    Material Weakness
  • 601400 2022-002
    Significant Deficiency
  • 601401 2022-006
    Material Weakness
  • 601402 2022-008
    Significant Deficiency
  • 601403 2022-004
    Significant Deficiency
  • 601404 2022-004
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $9.11M
84.063 Federal Pell Grant Program $1.91M
84.038 Federal Perkins Loan Program $902,034
84.042 Trio_student Support Services $257,623
84.047 Trio_upward Bound $229,732
84.425 Education Stabilization Fund $212,715
84.007 Federal Supplemental Educational Opportunity Grants $73,796
84.033 Federal Work-Study Program $58,875
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $7,543