Finding 384991 (2023-004)

Significant Deficiency

Requirement

Questioned Costs

Year

2023

Accepted

2024-03-26

Audit: 298054

Organization: Emmaus Bible College (IA)

Auditor: Capincrouse LLP

AI Summary

Core Issue: Emmaus Bible College is not fully compliant with the Gramm-Leach-Bliley Act (GLBA), lacking necessary documentation and safeguards.
Impacted Requirements: Key areas include security risk assessments, multi-factor authentication for systems with personally identifiable information (PII), and employee training policies.
Recommended Follow-Up: Allocate resources to meet all GLBA requirements and enhance compliance efforts.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: Emmaus Bible College did not sufficiently comply with all the requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $-0- Context: Emmaus Bible College has not sufficiently documented its security risk assessment, implemented all required safeguards under the revised legislation, implemented multi-factor authentication on all systems containing personally identifiable information (PII), implemented policies and procedures that support employee and information security staff training, and provided a written, annual report to the board. Cause: Emmaus Bible College has made progress in addressing and documenting compliance with the requirements of GLBA but has remaining areas to improve or fully implement. Effect: Emmaus Bible College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We recommend Emmaus Bible College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The College concurs with the audit finding of partial compliance and recognizes the need to fully comply with GLBA regulations. The College has implemented annual cybersecurity training for employees. The College is in process on updating its risk assessment, improving safeguards, updating and improving policies and procedures, improving continuous monitoring, and updating incident response plan. The Director of Technology Services will present written status report to the board at the next relevant meeting after March 2024 and this will be done on an annual basis going forward. Person Responsible for Corrective Action Plan: Steven Jabini, Director of Technology Services Anticipated Date of Completion: May 31, 2024

Other Findings in this Audit

384992 2023-004

Significant Deficiency
384993 2023-004

Significant Deficiency
384994 2023-004

Significant Deficiency
961433 2023-004

Significant Deficiency
961434 2023-004

Significant Deficiency
961435 2023-004

Significant Deficiency
961436 2023-004

Significant Deficiency

Programs in Audit

ALN	Program Name	Expenditures
84.063	Federal Pell Grant Program	$434,616
84.268	Federal Direct Student Loans	$363,005
84.007	Federal Supplemental Educational Opportunity Grants	$10,125
84.033	Federal Work-Study Program	$9,305