FAC Explorer

Finding 403024 (2023-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-06-26
Audit: 310166
Organization: Word of Life Fellowship, Inc. and Subsidiary (NY)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: Word of Life failed to meet updated GLBA requirements, particularly in multi-factor authentication and vendor management.
  • Impacted Requirements: Compliance with 16 CFR 314.3 and 16 CFR 314.4 is lacking, risking exposure of personally identifiable information (PII).
  • Recommended Follow-Up: Allocate necessary resources to ensure full compliance with GLBA and provide an annual report to the board.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 - Student Financial Assistance Cluster Federal Award Identification #: 2023-2024 Financial Aid Year Condition: Word of Life did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: Word of Life has not fully implemented multi-factor authentication on systems containing personally identifiable information (PII) or sufficient vendor management policies and reviews. Additionally, Word of Life has not provided a written, annual report to the board. Cause: Word of Life has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: Word of Life has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend Word of Life allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: Our plan to correct issues associated with GLBA compliance by sections are stated as below: For 16 CFR § 314.4(c)(l-8) (partially implemented) We plan to implement and correct all deficiencies related to the multi-factor authentication on our VPN, by implementing a new software and hardware solution that will sufficiently address the lack of MFA on that side. One of our other software products used for Financial Aid administration will require either a replacement, or compensating control/exception placed into our policies and risk management policies. Modify our asset risk assessment policy to include steps to annually review access to all financial applications to determine whether the user is still required to access the systems. For 16 CFR § 314.4(f)(3) (partially implemented) We plan to change our risk management policy to do regular (at least annually) checks on all of our vendors supplying information on whether they comply with GLBA in their security, disaster recovery and incident response controls to keep our data confidential, keep its integrity and require its availability. For 16 CFR § 314.4(i) (not implemented) Adjust our information security policy to include reporting to our board of directors annually with a written report about the Program and its compliance with GLBA. Person Responsible for Corrective Action Plan: Matthew Hager, Director of IT. Anticipated Date of Completion: 7/31/2024

Categories

Significant Deficiency

Other Findings in this Audit

  • 403021 2023-001
    Material Weakness
  • 403022 2023-001
    Material Weakness
  • 403023 2023-001
    Material Weakness
  • 403025 2023-002
    Significant Deficiency
  • 403026 2023-002
    Significant Deficiency
  • 403027 2023-002
    Significant Deficiency
  • 979463 2023-001
    Material Weakness
  • 979464 2023-001
    Material Weakness
  • 979465 2023-001
    Material Weakness
  • 979466 2023-002
    Significant Deficiency
  • 979467 2023-002
    Significant Deficiency
  • 979468 2023-002
    Significant Deficiency
  • 979469 2023-002
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $1.35M
84.063 Federal Pell Grant Program $1.16M
84.033 Federal Work-Study Program $23,002
84.007 Federal Supplemental Educational Opportunity Grants $19,444