FAC Explorer

Finding 369856 (2023-002)

Significant Deficiency
Requirement
P
Questioned Costs
-
Year
2023
Accepted
2024-02-20
Audit: 291373
Organization: University of Hartford (CT)
Auditor: Cliftonlarsonallen LLP

AI Summary

  • Core Issue: The University lacks a complete written information security program, which is required by the Gramm-Leach-Bliley Act to protect student financial aid information.
  • Impacted Requirements: Compliance with the Gramm-Leach-Bliley Act is essential, as it mandates financial institutions, including educational institutions, to safeguard sensitive data.
  • Recommended Follow-Up: Assign a dedicated individual to oversee information security and prioritize updating the security program to meet all compliance standards.

Finding Text

2023-002 – Gramm-Leach-Bliley Act (GLBA)  Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2022 – 6/30/2023 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi)). Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protest student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned costs: None. Context: During our testing of the University’s information technology, it was noted that the University does not have an active written information security program in place that addressed all seven elements as required by the Gramm-Leach-Bliley Act. Cause: The University has continued to make progress in updating the Universities written security program to become compliance with all requirements; however, due to capacity and demands on the information technology individuals, this is still a work in process. Effect: The student personal information could be vulnerable. Repeat finding: No. Recommendation: We recommend the University designate an individual to oversee the information security function and work to update the Universities written security program to ensure compliance with all the standards. Views of responsible officials: Management agrees with the finding.

Categories

Student Financial Aid Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 369851 2023-002
    Significant Deficiency
  • 369852 2023-004
    Significant Deficiency
  • 369853 2023-002
    Significant Deficiency
  • 369854 2023-004
    Significant Deficiency
  • 369855 2023-001
    Significant Deficiency
  • 369857 2023-004
    Significant Deficiency
  • 369858 2023-002
    Significant Deficiency
  • 369859 2023-003
    Significant Deficiency Repeat
  • 369860 2023-004
    Significant Deficiency
  • 369861 2023-002
    Significant Deficiency
  • 369862 2023-003
    Significant Deficiency Repeat
  • 369863 2023-004
    Significant Deficiency
  • 946293 2023-002
    Significant Deficiency
  • 946294 2023-004
    Significant Deficiency
  • 946295 2023-002
    Significant Deficiency
  • 946296 2023-004
    Significant Deficiency
  • 946297 2023-001
    Significant Deficiency
  • 946298 2023-002
    Significant Deficiency
  • 946299 2023-004
    Significant Deficiency
  • 946300 2023-002
    Significant Deficiency
  • 946301 2023-003
    Significant Deficiency Repeat
  • 946302 2023-004
    Significant Deficiency
  • 946303 2023-002
    Significant Deficiency
  • 946304 2023-003
    Significant Deficiency Repeat
  • 946305 2023-004
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $45.27M
84.063 Federal Pell Grant Program $6.07M
84.038 Federal Perkins Loan Program $2.59M
43.008 Education $878,938
84.033 Federal Work-Study Program $750,000
84.007 Federal Supplemental Educational Opportunity Grants $489,622
59.043 Women's Business Ownership Assistance $163,697
84.425E Education Stabilization Fund $122,580
84.425X Education Stabilization Fund $117,000
20.205 Highway Planning and Construction $106,764
84.215 Fund for the Improvement of Education $89,618
14.218 Community Development Block Grants/entitlement Grants $65,000
47.076 Education and Human Resources $47,840
12.420 Military Medical Research and Development $37,896
47.243 Early Childhood Mental Health Program $32,455
84.425C Education Stabilization Fund $31,894
93.191 Graduate Psychology Education Program and Patient Navigator and Chronic Disease Prevention Program $19,050
81.140 Los Alamos National Laboratory - Fire Protection $17,447
47.041 Computer and Information Science and Engineering $14,652
93.110 Maternal and Child Health Federal Consolidated Programs $14,468
84.037 Federal Perkins Loan Cancellations $9,245
47.070 Education and Human Resources $4,058
11.417 Sea Grant Support $351