FAC Explorer

Finding 567 (2023-001)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2023-10-24
Audit: 1114
Organization: Covenant College, Inc. and Supporting Foundation (GA)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The College is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA).
  • Impacted Requirements: Key areas lacking include multi-factor authentication, continuous monitoring, vendor management, and annual reporting.
  • Recommended Follow-Up: Allocate necessary resources to meet GLBA requirements and enhance security measures for protecting student information.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, and 84.379 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $0 Context: The College has not: • Implemented multi-factor authentication on systems containing personally identifiable information (PII) • Implemented continuous monitoring, such as penetration testing and vulnerability scanning • Implemented sufficient vendor management policies and reviews • Provided a written, annual report to the board Cause: The College has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: 1) Written Annual report to the Board of Directors on the overall status of ISP and GLBA compliance does not address risk management and control decisions, results of testing, security events or violations and management's response to each, and recommendations for changes in the Program. A report was submitted to the Board of Trustees in September 2023 for their review at the October meeting on campus. The Board will meet on campus again in March 2024 should any additional information or changes be needed. 2) MFA is not enabled for Banner by Ellucian and National Student Clearinghouse - § 314.4(c)(5) of the GLBA. This is in progress. Technical specifications for MFA in Banner have been reviewed. Testing of three possible options should be started in October 2023. Our Registrar has contacted the NSC and requested MFA on our accounts. 3) No annual penetration testing of information systems. This is in progress. As of September 2023 five vendors were being reviewed and evaluated for this engagement. 4) Vendors are only evaluated at contract initiation. This is in progress. Review of templates and approval needed has already started. Person Responsible for Corrective Action Plan: Dr. H. Collin Messer, Vice President for Academic Affairs Anticipated Date of Completion: May 1, 2024

Categories

Subrecipient Monitoring Significant Deficiency

Other Findings in this Audit

  • 568 2023-001
    Significant Deficiency
  • 569 2023-001
    Significant Deficiency
  • 570 2023-001
    Significant Deficiency
  • 571 2023-001
    Significant Deficiency
  • 572 2023-001
    Significant Deficiency
  • 577009 2023-001
    Significant Deficiency
  • 577010 2023-001
    Significant Deficiency
  • 577011 2023-001
    Significant Deficiency
  • 577012 2023-001
    Significant Deficiency
  • 577013 2023-001
    Significant Deficiency
  • 577014 2023-001
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $2.97M
84.063 Federal Pell Grant Program $741,477
84.038 Federal Perkins Loan Program $695,328
84.425 Covid-19 Education Stabilization Fund Heerf - Student Aid Portion $251,450
84.033 Federal Work-Study Program $231,083
84.007 Federal Supplemental Educational Opportunity Grants $155,390
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $3,722