FAC Explorer

Finding 386106 (2023-001)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-27
Audit: 298492
Organization: Northwest Mississippi Community College (MS)
Auditor: Forvis LLP

AI Summary

  • Core Issue: The College lacks a formal written information security program required by the Gramm-Leach-Bliley Act.
  • Impacted Requirements: Compliance with 16 CFR 314.4(c)(1) through (8) for safeguarding student financial aid information.
  • Recommended Follow-Up: Management should formalize written policies and procedures to ensure compliance with information security requirements.

Finding Text

Criteria: Special Test – Gramm-Leach-Bliley Act – Student Information Security – The Gramm-Leach- Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act , schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: The College must have a written information security program to address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). Questioned Costs: None Context: The College has designated an individual to coordinate the information security program, and the College has procedures in place to perform a risk assessment and safeguard the security of student information; however, the College does not have a written information security program in accordance with the condition stated above. Effect: Non-compliance with program requirements. Cause: Internal controls were not adequately designed and implemented to ensure compliance with the program’s requirements. Identification as a Repeat Finding, if Applicable: N/A Recommendation: We recommend management continue to formalize their written policies and procedures for a information security to ensure program compliance the College complies with the program’s compliance requirements. Views of Responsible Officials and Planned Corrective Actions: Administration concurs with the finding. See Management’s Corrective Action Plan.

Categories

Student Financial Aid Subrecipient Monitoring Internal Control / Segregation of Duties

Other Findings in this Audit

  • 386104 2023-001
    Significant Deficiency
  • 386105 2023-001
    Significant Deficiency
  • 386107 2023-001
    Significant Deficiency
  • 962546 2023-001
    Significant Deficiency
  • 962547 2023-001
    Significant Deficiency
  • 962548 2023-001
    Significant Deficiency
  • 962549 2023-001
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.063 Federal Pell Grant Program $15.50M
84.268 Federal Direct Student Loans $6.03M
84.002 Adult Education - Basic Grants to States $603,105
84.425 Education Stabilization Fund $371,972
84.048 Career and Technical Education -- Basic Grants to States $350,434
17.259 Wia Youth Activities $350,379
84.007 Federal Supplemental Educational Opportunity Grants $319,383
93.558 Temporary Assistance for Needy Families $295,571
84.042 Trio_student Support Services $286,378
84.033 Federal Work-Study Program $251,216
17.278 Wia Dislocated Worker Formula Grants $157,884
93.575 Child Care and Development Block Grant $60,528
17.258 Wia Adult Program $42,916
90.204 States' Economic Development Assistance Program $41,578
21.027 Coronavirus State and Local Fiscal Recovery Funds $17,000