FAC Explorer

Finding 517599 (2024-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2024
Accepted
2025-01-03
Audit: 335626
Organization: Jevs Human Services and Affiliates (PA)
Auditor: Cla - Cliftonlarsonallen LLP

AI Summary

  • Core Issue: JEVS Human Services lacks proper documentation in their information security program, failing to meet GLBA requirements.
  • Impacted Requirements: The organization did not document essential safeguards in their written information security plan, risking student personal information.
  • Recommended Follow-Up: Management should enhance their information security plan and ensure all required documentation aligns with GLBA standards.

Finding Text

2024-002 Federal Agency: U.S. Department of Education (ED) Federal Program Name: Student Financial Aid Cluster Assistance Listing Numbers: 84.007, 84.033, 84.063, 84.268 Award Period: July 1, 2023 to June 30, 2024 Type of Finding: Compliance and Significant Deficiency in Internal Control over Compliance Uniform Guidance Requirement: Gramm-Leach Bliley Act (GLBA) Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). Condition: During the audit, we noted JEVS Human Services has gaps within their written information security program and policies when compared to the Safeguards Rule. Questioned Costs: None Context: The GLBA Safeguard rules requires an organization to document the following within their written information security plan: (1) how the institution regularly tests or otherwise monitors the effectiveness of the safeguards it has implemented, (2) Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program, and (3) Addresses how the institution will oversee its information system service providers. While evidence of these three safeguards' occurrence was provided to us during the audit, they were not documented within the written information security plan as required by GLBA. Cause: The Agency does have policies and controls that address potential risks; however, the risk assessment was not documented. Effect: Failure to comply with the GLBA standards puts the Agency at risk of compromising student personal information. Repeat Finding: No Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules. Views of Responsible Officers and Corrective Action Plan: Please refer to JEVS Human Services and Affiliates’ Corrective Action Plan

Corrective Action Plan

JEVS HUMAN SERVICES AND AFFILIATES CORRECTIVE ACTION PLAN YEAR ENDED JUNE 30, 2024 FINDINGS – FEDERAL AWARD PROGRAM AUDITS (CONTINUED) U.S. Department of Education 2024-002 Significant Deficiency in Internal Control over Compliance Student Financial Aid Cluster: 84.007 - Federal Supplemental Educational Opportunity Grants 84.063 – Federal Pell Grant Program 84.268 – Federal Direct Student Loans Condition: During the audit, we noted JEVS Human Service has gaps within their Written Information Security Program and policies when compared to the Safeguards Rule. Recommendation: We recommend management continue to evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules. Explanation of Disagreement with Audit Finding There is no disagreement with the audit finding. Action taken in response to finding: Management will evaluate its written information security plan and establish the required documentation in accordance with GLBA safeguard rules. Planned completion date for corrective action plan: March 31, 2025

Categories

Student Financial Aid Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 517598 2024-001
    Significant Deficiency
  • 517600 2024-001
    Significant Deficiency
  • 517601 2024-002
    Significant Deficiency
  • 517602 2024-001
    Significant Deficiency
  • 517603 2024-002
    Significant Deficiency
  • 517604 2024-001
    Significant Deficiency
  • 517605 2024-002
    Significant Deficiency
  • 1094040 2024-001
    Significant Deficiency
  • 1094041 2024-002
    Significant Deficiency
  • 1094042 2024-001
    Significant Deficiency
  • 1094043 2024-002
    Significant Deficiency
  • 1094044 2024-001
    Significant Deficiency
  • 1094045 2024-002
    Significant Deficiency
  • 1094046 2024-001
    Significant Deficiency
  • 1094047 2024-002
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
93.558 Temporary Assistance for Needy Families $13.51M
84.268 Federal Direct Student Loans $1.81M
84.063 Federal Pell Grant Program $1.25M
93.566 Refugee and Entrant Assistance State/replacement Designee Administered Programs $928,440
84.126A Rehabilitation Services Vocational Rehabilitation Grants $483,596
17.259 Wioa Youth Activities - It Pre-Apprenticship Program $394,526
17.258 Wioa Adult Program - PA Careerlink $344,756
16.812 Second Chance Act Reentry Initiative $341,871
17.278 Wioa Dislocated Worker Formula Grants - PA Careerlink $269,724
93.959 Block Grants for Prevention and Treatment of Substance Abuse $244,842
17.270 Reentry Employment Opportunities - Oic Soar 4 Rp-3 $220,470
17.268 Rapid It Training and Employment Intiative $198,962
17.270 Reentry Employment Opportunities - Strive International $187,446
17.289 U.s. Department of Labor Employment & Training Administration - Otc Customized Training $115,354
17.258 Wioa Adult Program - Edu Connect $95,911
16.738 Edward Byrne Memorial Justice Assistance Grant Program $87,526
21.027 Coronavirus State and Local Fiscal Recovery Funds $84,362
17.289 U.s. Department of Labor Employment & Training Administration - Center for Healthcare Career $64,587
17.289 U.s. Department of Labor Employment & Training Administration - Otc Trades Day $63,330
17.285 Registered Apprenticeship Apprenticeship Building America $60,838
17.258 Wioa Adult Program - Rsa $60,005
64.027 Post 9/11 - Financial Assistance $56,087
17.278 Wioa Dislocated Worker Formula Grants - Rsa $46,946
84.007 Federal Supplemental Educational Opportunity Grants $37,413
17.289 U.s. Department of Labor Employment & Training Administration - Project Wow $32,771
17.259 Wioa Youth Activities - PA Careerlink $31,142
10.561 State Administrative Matching Grants for the Supplemental Nutrition Assistance Program $29,001
17.289 U.s. Department of Labor Employment & Training Administration - Residential $28,754
17.289 U.s. Department of Labor Employment & Training Administration - Project Wow - Other $11,045
17.270 Reentry Employment Opportunities - Oic Soar 5 Pathways Home $9,458
84.033 Federal Work-Study Program $8,599
17.259 Wioa Youth Activities - Rsa $5,420