FAC Explorer

Finding 369357 (2023-001)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-02-15
Audit: 290586
Organization: Oklahoma Panhandle State University (OK)
Auditor: Cliftonlarsonallen (cla) LLP

AI Summary

  • Core Issue: The University’s Written Information Security Program (WISP) does not meet the new requirements of the Gramm-Leach-Bliley Act (GLBA), including the lack of a designated qualified individual for oversight.
  • Impacted Requirements: Compliance with GLBA mandates for information security practices and internal controls as outlined in 16 CFR 314 and 2 CFR 200.303.
  • Recommended Follow-Up: The College should review and update its WISP to include all GLBA requirements and designate a qualified individual to oversee the program.

Finding Text

Federal agency: Department of Education Federal program title: Student Financial Assistance Cluster Assistance Listing Number: 84.007, 84.033, 84.063, 84.268 Federal Award Identification Number and Year: P007A223438 - 2023, P033A223438 - 2023, P063P222047 - 2023, P268K232047 - 2023 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: • Compliance, Other Matter • Significant Deficiency in Internal Control over Compliance Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program. (16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University has a Written information Security Program; however, the University did not meet the minimum requirements stated in the Gramm-Leach-Bliley Act. Additionally, the University did not designate a qualified individual responsible for overseeing and implementing the information and security program. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Questioned costs: None. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University was not in Gramm-Leach-Bliley compliance standards. Repeat Finding: No Recommendation: We recommend that the College review the updated GLBA requirements and ensure their WISP includes all required elements. Views of Responsible Officials: Management agrees with the finding and has developed a plan to correct the finding.

Categories

Subrecipient Monitoring Significant Deficiency Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties

Other Findings in this Audit

  • 369355 2023-001
    Significant Deficiency
  • 369356 2023-001
    Significant Deficiency
  • 369358 2023-001
    Significant Deficiency
  • 369359 2023-002
    Significant Deficiency
  • 369360 2023-002
    Significant Deficiency
  • 369361 2023-002
    Significant Deficiency
  • 369362 2023-002
    Significant Deficiency
  • 369363 2023-003
    Material Weakness
  • 369364 2023-003
    Material Weakness
  • 369365 2023-003
    Material Weakness
  • 369366 2023-003
    Material Weakness
  • 369367 2023-004
    Significant Deficiency
  • 369368 2023-004
    Significant Deficiency
  • 369369 2023-004
    Significant Deficiency
  • 369370 2023-004
    Significant Deficiency
  • 369371 2023-005
    Significant Deficiency
  • 369372 2023-005
    Significant Deficiency
  • 369373 2023-005
    Significant Deficiency
  • 369374 2023-005
    Significant Deficiency
  • 945797 2023-001
    Significant Deficiency
  • 945798 2023-001
    Significant Deficiency
  • 945799 2023-001
    Significant Deficiency
  • 945800 2023-001
    Significant Deficiency
  • 945801 2023-002
    Significant Deficiency
  • 945802 2023-002
    Significant Deficiency
  • 945803 2023-002
    Significant Deficiency
  • 945804 2023-002
    Significant Deficiency
  • 945805 2023-003
    Material Weakness
  • 945806 2023-003
    Material Weakness
  • 945807 2023-003
    Material Weakness
  • 945808 2023-003
    Material Weakness
  • 945809 2023-004
    Significant Deficiency
  • 945810 2023-004
    Significant Deficiency
  • 945811 2023-004
    Significant Deficiency
  • 945812 2023-004
    Significant Deficiency
  • 945813 2023-005
    Significant Deficiency
  • 945814 2023-005
    Significant Deficiency
  • 945815 2023-005
    Significant Deficiency
  • 945816 2023-005
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $3.85M
84.063 Federal Pell Grant Program $2.85M
84.031 Higher Education_institutional Aid $466,004
84.047 Trio_upward Bound $302,971
84.425 Education Stabilization Fund $65,168
93.788 Opioid Str $58,358
84.007 Federal Supplemental Educational Opportunity Grants $46,313
84.033 Federal Work-Study Program $37,269
47.076 Education and Human Resources $12,000