FAC Explorer

Finding 372107 (2023-003)

-
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-04
Audit: 293383
Organization: Avila University (MO)
Auditor: Forvis LLP

AI Summary

  • Core Issue: The University lacks a written information security program required by the Gramm-Leach-Bliley Act.
  • Impacted Requirements: The program must address eight minimum safeguards outlined in 16 CFR 314.
  • Recommended Follow-Up: Management should finalize and implement a compliant information security policy as per the identified safeguards.

Finding Text

Student Financial Assistance Cluster U.S. Department of Education ALNs 84.268, 84.063, 84.033, 84.379, 84.007 Federal Direct Student Loans - Award Year 2023 Federal Pell Grant Program - Award Year 2023 Federal Work-Study Program - Award Year 2023 Teacher Education Assistance for College and Higher Education Grants - Award Year 2023 Federal Supplemental Educational Opportunities Grant - Award Year 2023 Criteria or Specific Requirement – Special Tests & Provisions: Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing to their customers and to safeguard sensitive data. The Federal Trade Commision considers Title IV-eligible institutions that participate in Title IV Educational Assistance Program as "financial institutions" and subject to the Gramm-Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers. Under 16 CFR 314, institutions are required to develop, implement and maintain a comprehensive information security program that adresses the implementation of eight minimum safeguards. Condition – The University does not have a written information security program that addresses the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8), nor the requirements identified in 16 CFR 314.4(d) and (g). Questioned Costs – None noted. Context – Through inquirty of management and review of information policies published on the University's website, it was determined the eight requirements were not all included in a comprehensive policy that met the minimum requirements. Effect – The University was not in compliance with the Gramm-Leach-Bliley Act. Cause – The University's policy was not finalized. Identification as a Repeat Finding – Not applicable. Recommendation – We recommend management takes necessary steps to finalize a written information security policy that complies with the safeguards identified within 16 CFR 314. Views of Responsible Officials and Planned Corrective Actions – Management agrees with the stated finding and has implemented a corrective action plan.

Categories

Student Financial Aid Special Tests & Provisions Matching / Level of Effort / Earmarking

Other Findings in this Audit

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $8.47M
84.063 Federal Pell Grant Program $2.71M
84.031 Higher Education_institutional Aid $404,531
84.047 Trio_upward Bound $324,186
84.047 Trio Project Achieve $284,076
84.042 Trio_student Support Services $241,268
84.425 Covid-19 - Education Stabilization Fund/institutional Aid $100,000
84.033 Federal Work-Study Program $81,044
84.007 Federal Supplemental Educational Opportunity Grants $70,421
47.076 Education and Human Resources $48,058
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $16,974