FAC Explorer

Finding 387169 (2023-006)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-28
Audit: 299440
Organization: Fresno Pacific University and Subsidiaries (CA)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The University is not fully compliant with the Gramm-Leach-Bliley Act (GLBA), risking student information security.
  • Impacted Requirements: Key areas include information security documentation, risk assessments, vendor management, and incident response plans.
  • Recommended Follow-Up: Allocate sufficient resources to meet GLBA requirements and enhance compliance efforts.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 (Student Financial Assistance Cluster) Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with all the requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not sufficiently updated its documentation of its information security program, its security risk assessment and safeguards, including general threats, implemented sufficient vendor management policies and reviews, updated its incident response plan to cover all components of the revised regulations, nor provided a written, annual report to the board. Cause: The University has experienced significant turnover in IT personnel that has not allowed sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: N/A Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: A CIS Risk Assessment, Implementation Goup 1 (IG I), has been completed and a detailed plan with 25 Action Items is being worked on which includes a step-by-step plan to obtain full GLBA compliance. The estimated schedule for addressing the GLBA compliance items specifically called out in the finding is as follows:  Written Information Security Program - Q2 2024  Risk Assessment and safeguards - Risk Assessment is complete, Q2 2025 to address 25 Action Items  Vendor management policies - Q3 2024  Incident response plan - Q2 2024  Written Annual Report to the board - Q4 2024 Person Responsible for Corrective Action Plan: Brad Barker, Chief Information Officer Anticipated Date of Completion: Q2 2025 for Full GLBA Compliance

Categories

Subrecipient Monitoring Significant Deficiency

Other Findings in this Audit

  • 387156 2023-002
    Material Weakness
  • 387157 2023-002
    Material Weakness
  • 387158 2023-002
    Material Weakness
  • 387159 2023-002
    Material Weakness
  • 387160 2023-002
    Material Weakness
  • 387161 2023-002
    Material Weakness
  • 387162 2023-003
    Material Weakness Repeat
  • 387163 2023-003
    Material Weakness Repeat
  • 387164 2023-003
    Material Weakness Repeat
  • 387165 2023-003
    Material Weakness Repeat
  • 387166 2023-004
    Material Weakness
  • 387167 2023-004
    Material Weakness
  • 387168 2023-005
    Significant Deficiency
  • 387170 2023-006
    Significant Deficiency
  • 387171 2023-006
    Significant Deficiency
  • 387172 2023-006
    Significant Deficiency
  • 387173 2023-006
    Significant Deficiency
  • 387174 2023-006
    Significant Deficiency
  • 387175 2023-007
    -
  • 387176 2023-008
    -
  • 387177 2023-009
    -
  • 387178 2023-009
    -
  • 963598 2023-002
    Material Weakness
  • 963599 2023-002
    Material Weakness
  • 963600 2023-002
    Material Weakness
  • 963601 2023-002
    Material Weakness
  • 963602 2023-002
    Material Weakness
  • 963603 2023-002
    Material Weakness
  • 963604 2023-003
    Material Weakness Repeat
  • 963605 2023-003
    Material Weakness Repeat
  • 963606 2023-003
    Material Weakness Repeat
  • 963607 2023-003
    Material Weakness Repeat
  • 963608 2023-004
    Material Weakness
  • 963609 2023-004
    Material Weakness
  • 963610 2023-005
    Significant Deficiency
  • 963611 2023-006
    Significant Deficiency
  • 963612 2023-006
    Significant Deficiency
  • 963613 2023-006
    Significant Deficiency
  • 963614 2023-006
    Significant Deficiency
  • 963615 2023-006
    Significant Deficiency
  • 963616 2023-006
    Significant Deficiency
  • 963617 2023-007
    -
  • 963618 2023-008
    -
  • 963619 2023-009
    -
  • 963620 2023-009
    -

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $21.60M
84.063 Federal Pell Grant Program $6.22M
84.425 Covid-19 Education Stabilization Fund Heerf - Institutional Portion $4.09M
84.425 Covid-19 Education Stabilization Fund Heerf - Minority Serving Institutions $1.29M
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $426,874
84.033 Federal Work-Study Program $389,051
84.007 Federal Supplemental Educational Opportunity Grants $324,032
84.038 Federal Perkins Loan Program $269,283
84.425 Covid-19 Education Stabilization Fund Heerf - Student Aid Portion $26,000