FAC Explorer

Finding 400618 (2023-002)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-06-12
Audit: 308676
Organization: Pillar College and Subsidiaries (NJ)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The College is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA).
  • Impacted Requirements: Key areas include lack of an Information Security Program, insufficient documentation of risk assessments, and inadequate vendor management.
  • Recommended Follow-Up: Allocate necessary resources to meet GLBA requirements and implement a corrective action plan.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: The College has not implemented an Information Security Program, sufficiently documented its security risk assessment and safeguards, including general threats, implemented multi-factor authentication on systems containing personally identifiable information (PII), or fully implemented continuous monitoring, such as penetration testing and vulnerability scanning. Additionally, the College has not implemented sufficient vendor management policies and reviews. Cause: The College has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The GLBA Information Security document will be updated to reflect the February 2023 changes. Person Responsible for Corrective Action Plan: Washington Ricardo Izquierdo, Senior Director of Information Technology Anticipated Date of Completion: May 31, 2024.

Categories

Subrecipient Monitoring Material Weakness

Other Findings in this Audit

  • 400619 2023-002
    Material Weakness
  • 400620 2023-002
    Material Weakness
  • 400621 2023-002
    Material Weakness
  • 400622 2023-003
    Material Weakness
  • 400623 2023-003
    Material Weakness
  • 400624 2023-004
    Significant Deficiency Repeat
  • 400625 2023-004
    Significant Deficiency Repeat
  • 400626 2023-005
    Significant Deficiency Repeat
  • 400627 2023-006
    -
  • 400628 2023-006
    -
  • 977060 2023-002
    Material Weakness
  • 977061 2023-002
    Material Weakness
  • 977062 2023-002
    Material Weakness
  • 977063 2023-002
    Material Weakness
  • 977064 2023-003
    Material Weakness
  • 977065 2023-003
    Material Weakness
  • 977066 2023-004
    Significant Deficiency Repeat
  • 977067 2023-004
    Significant Deficiency Repeat
  • 977068 2023-005
    Significant Deficiency Repeat
  • 977069 2023-006
    -
  • 977070 2023-006
    -

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $2.83M
84.063 Federal Pell Grant Program $1.76M
84.007 Federal Supplemental Educational Opportunity Grants $57,869
84.033 Federal Work-Study Program $41,879