FAC Explorer

Finding 385024 (2023-006)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-26
Audit: 298113
Organization: Morris Brown College (GA)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The College is not fully compliant with the Gramm-Leach-Bliley Act (GLBA), risking student information security.
  • Impacted Requirements: Key areas lacking include a written information security program, risk assessments, continuous monitoring, vendor management, incident response, employee training, and board reporting.
  • Recommended Follow-Up: Allocate resources to meet GLBA requirements and consider hiring an external company for compliance assistance.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with all the requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: The College has not: • completed a written information security program • sufficiently documented its security risk assessment and safeguards, including general threats • implemented continuous monitoring, such as penetration testing and vulnerability scanning • implemented sufficient vendor management policies and reviews • sufficiently implemented an incident response plan • sufficiently implemented employee training • provided a written, annual report to the board Cause: The College has been searching for an external company to assist with addressing and documenting compliance with the requirements of GLBA. Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Categories

Subrecipient Monitoring Material Weakness

Other Findings in this Audit

  • 385023 2023-006
    Material Weakness
  • 385025 2023-006
    Material Weakness
  • 385026 2023-006
    Material Weakness
  • 961465 2023-006
    Material Weakness
  • 961466 2023-006
    Material Weakness
  • 961467 2023-006
    Material Weakness
  • 961468 2023-006
    Material Weakness

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $1.24M
84.063 Federal Pell Grant Program $1.03M
84.007 Federal Supplemental Educational Opportunity Grants $244,739
93.243 Substance Abuse and Mental Health Services_projects of Regional and National Significance $168,902
84.033 Federal Work-Study Program $119,983
15.932 Preservation of Historic Structures on the Campuses of Historically Black Colleges and Universities (hbcus). $95,097
84.425 Covid-19 Heerf-Supplemental Support $24,718
21.027 Covid-19 Coronavirus State and Local Fiscal Recovery Funds $20,000