Finding 367192 (2023-001)

Significant Deficiency

Requirement

Questioned Costs

Year

2023

Accepted

2024-02-13

Audit: 290312

Organization: University of Saint Katherine (CA)

Auditor: Capincrouse LLP

AI Summary

Core Issue: The University is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA), particularly in security risk assessment and data management.
Impacted Requirements: Key areas include documentation of security measures, internal vulnerability scanning, vendor management, employee training, and annual reporting to the board.
Recommended Follow-Up: Allocate more resources to meet GLBA requirements and implement a corrective action plan as agreed by management.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $0 Context: The University has not sufficiently documented its security risk assessment and safeguards, including data retention and deletion, implemented internal vulnerability scanning or sufficient vendor management policies and reviews. Additionally, the University has not implemented policies and procedures that support employee training, awareness, and skills, or provided a written, annual report to the board that includes all required areas based on the updated regulations. Cause: The University has limited resources and has allocated certain staff time and dollars as available to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We commend the University for the work completed on GLBA. We recommend the University continue to allocate sufficient resources to address the remaining requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: USK's 001 Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: 1. Write a comprehensive Information Security Program, specifically addressing GLBA compliance, and the below areas of concern: a. Design and implement safeguards to protect customer information. b. Address risk assessment, identifying how risks are evaluated and categorized and how existing controls mitigate these risks. Include a plan to implement additional mitigations or formal risk acceptance for any risks outside of management’s risk. c. Detail and establish continuous monitoring processes for information systems or periodic vulnerability assessments and penetration testing. d. Implement policies and procedures that support employee and information security staff training, awareness, and skills. e. Create procedures to periodically assess service providers. f. Review the plan annually, or as needed, as policies, vendors, and staffing change g. Present the written annual status report on the effectiveness of the program to USK’s cabinet Persons Responsible for Corrective Action Plan: Laurel Maguire Controller, Director of HR / Marina Trigonis COO / Wayne Mealhouse - LinkServ Anticipated Date of Completion: May 1st, 2024

Other Findings in this Audit

367193 2023-001

Significant Deficiency
367194 2023-001

Significant Deficiency
367195 2023-001

Significant Deficiency
943634 2023-001

Significant Deficiency
943635 2023-001

Significant Deficiency
943636 2023-001

Significant Deficiency
943637 2023-001

Significant Deficiency

Programs in Audit

ALN	Program Name	Expenditures
84.268	Federal Direct Student Loans	$1.75M
84.063	Federal Pell Grant Program	$398,511
84.007	Federal Supplemental Educational Opportunity Grants	$22,720
84.033	Federal Work-Study Program	$19,552