FAC Explorer

Finding 551524 (2024-001)

Significant Deficiency Repeat Finding
Requirement
N
Questioned Costs
-
Year
2024
Accepted
2025-03-31
Audit: 352134
Organization: Pontifical Catholic University of Puerto Rico (PR)
Auditor: Kpmg LLP

AI Summary

  • Core Issue: The University lacks written procedures and formal policies for compliance.
  • Impacted Requirements: Specifically, elements 4, 5, 7, and 9 are not addressed.
  • Recommended Follow-Up: Develop and implement formal written procedures to ensure compliance with all required elements.

Finding Text

During our review of the internal controls over compliance and compliance requirements, we noted that the Pontifical Catholic University, "the University", did not have written procedures or formal policies to ensure compliance all the elements included in the criteria. We were no able to identify formal written procedures for the elements: 4,5,7 and 9.

Corrective Action Plan

Management has already written the basic Security of information Plan as required by 6 C.F.R. 313.3 and 313.4. This plan was sent to the Federal Student Aid (FSA) Cybersecurity Team (CCT). In July 18, 2024, after closing of the fiscal year, the CCT sent a letter stating they had reviewed the university submission and has determined that the CAP acceptably addresses the auditor finding for audit year 2023. Contracting of an independent third party to carry out a NIST CS IT Risk Assessment and Penetration Testing & vulnerability Assessment for PUCPR was completed. GM Security Technologies, is a qualified Security Assessor Company (QSAC) certified by the PCI Security Council. The initial report for a Pen Test & Vulnerability Assessments report by April 21st,2025. When evaluation is completed, GM Sectec will perform a retest to high/critical remediated vulnerabilities and a guide roadmap mapped to NIST Cyber Security Framework. These assessments are planned to be completed by June 2025

Categories

Internal Control / Segregation of Duties

Other Findings in this Audit

  • 551525 2024-002
    Material Weakness
  • 551526 2024-001
    Significant Deficiency Repeat
  • 551527 2024-001
    Significant Deficiency Repeat
  • 551528 2024-001
    Significant Deficiency Repeat
  • 551529 2024-001
    Significant Deficiency Repeat
  • 1127966 2024-001
    Significant Deficiency Repeat
  • 1127967 2024-002
    Material Weakness
  • 1127968 2024-001
    Significant Deficiency Repeat
  • 1127969 2024-001
    Significant Deficiency Repeat
  • 1127970 2024-001
    Significant Deficiency Repeat
  • 1127971 2024-001
    Significant Deficiency Repeat

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $43.47M
84.063 Federal Pell Grant Program $26.39M
84.033 Federal Work-Study Program $1.18M
97.036 Disaster Grants - Public Assistance (presidentially Declared Disasters) $1.13M
84.007 Federal Supplemental Educational Opportunity Grants $828,528
84.047 Trio Upward Bound $284,887
84.129 Rehabilitation Long-Term Training $233,528
84.425 Education Stabilization Fund $203,044
20.614 National Highway Traffic Safety Administration (nhtsa) Discretionary Safety Grants and Cooperative Agreements $90,798
47.076 Stem Education (formerly Education and Human Resources) $56,358
93.859 Biomedical Research and Research Training $38,223
16.575 Crime Victim Assistance $27,003
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $14,860
10.558 Child and Adult Care Food Program $6,712
15.657 Endangered Species Recovery Implementation $3,746
84.038 Federal Perkins Loan Program_federal Capital Contributions $0