Finding 523686 (2024-003)

Requirement

Questioned Costs

Year

2024

Accepted

2025-02-19

Audit: 343124

Organization: MacCormac College Dba Generations College (IL)

Auditor: Cherry Bekaert LLP

AI Summary

Core Issue: The College lacks a formal written security program for student information, failing to meet the requirements of the Gramm-Leach-Bliley Act.
Impacted Requirements: The College is not compliant with the seven elements outlined in 16 CFR 314.4 (b), which are essential for safeguarding sensitive information.
Recommended Follow-Up: The College should develop and implement a written security policy that addresses all required elements to mitigate risks.

Finding Text

Nonmaterial Noncompliance Findings Finding 2024-003 - Student Financial Aid Cluster, CFDA# 84.007, 84.033, 84.063, 84.268 Compliance Requirement: Gramm-Leach-Bliley Act – Student Information Security Criteria: The College is required to have a written security program that address the seven elements as described in 16 CFR 314.4 (b). Condition: The College does not have a written security program that address the seven elements as described in 16 CFR 314.4 (b) as of June 30, 2024. Cause: Although the College meets some of the seven elements as described in 16 CFR 314.4 (b), the College has yet to establish a formalized written policy. Context: Not all elements as described in 16 CFR 314.4 (b) have been met, nor is has the College establish a formalized written policy. Effect: The College could have risks associated with the safeguarding of sensitive information it is not aware of or does not protect against. Recommendation: The College should review and put in place the required minimum elements as described in 16 CFR 314.4 (b). Management Response: The College concurs with this finding. Corrective Action Plan: See attached management’s corrective action plan.

Corrective Action Plan

Finding 2024-003 Student Financial Aid Cluster, CFDA # 84.007, 84.033, 84.063, 84.268 Condition: The College does not have a written security program that address the seven elements as described in 16 CFR 314.4 (b) as of June 30, 2024. Corrective Action Plan: Objective: To ensure the development and implementation of a written Student Information Security Plan. Corrective Actions: 1. Develop and implement a written security program in line with the requirements outlined within 16 CFR 314.4 (b) 2. Assign a Security Program Manager and conduct a risk assessment 3. Update and enforce data security policies Monitoring and Follow-Up: • The College’s Security Program Manager will be responsible for ensuring the implementation of the CAP and will provide monthly progress reports to senior management. • Regular internal audits will assess compliance with the security program, with any necessary updates or changes implemented in a timely manner. Person(s) Responsible for Corrective Action Plan: Jamieta Hoskins, Director of Financial Aid Anticipated Completion Date for Corrective Action Plan: February 28, 2025

Other Findings in this Audit

523680 2024-001

Significant Deficiency
523681 2024-001

Significant Deficiency
523682 2024-001

Significant Deficiency
523683 2024-001

Significant Deficiency
523684 2024-002

-
523685 2024-002

-
523687 2024-003

-
523688 2024-003

-
523689 2024-003

-
523690 2024-004

-
523691 2024-004

-
1100122 2024-001

Significant Deficiency
1100123 2024-001

Significant Deficiency
1100124 2024-001

Significant Deficiency
1100125 2024-001

Significant Deficiency
1100126 2024-002

-
1100127 2024-002

-
1100128 2024-003

-
1100129 2024-003

-
1100130 2024-003

-
1100131 2024-003

-
1100132 2024-004

-
1100133 2024-004

-

Programs in Audit

ALN	Program Name	Expenditures
84.063	Federal Pell Grant Program	$2.84M
84.268	Federal Direct Student Loans	$1.10M
84.007	Federal Supplemental Educational Opportunity Grants	$71,096
84.033	Federal Work-Study Program	$11,628