Finding Text
Federal Agency: U.S. Department of Education
Federal Program Title: Student Financial Aid Cluster
Assistance Listing Number: Various
Award Period: July 1, 2022 to June 30, 2023
Type of Finding:
• Significant Deficiency in Internal Control Over Compliance
• Other Matters
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi).
Condition: Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs.
Questioned costs: None
Context: During our audit procedures, it was noted the College did not have a written information security program and there was no documentation that the minimum elements were being addressed.
Cause: The College is working with a third-party servicer to become in compliance but the written policies were not in place during the year.
Effect: The student personal information could be vulnerable.
Repeat finding: Yes
Recommendation: We recommend the College review their documentation and ensure that the written information security program includes the required elements. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023.
Views of responsible officials: There is no disagreement with the audit finding.