FAC Explorer

Finding 573356 (2024-011)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2024
Accepted
2025-08-12
Audit: 364132
Organization: Leech Lake Tribal College (AZ)
Auditor: Redw

AI Summary

  • Core Issue: The College lacks a comprehensive information security program required by the Gramm-Leach-Bliley Act (GLBA), putting student data at risk.
  • Impacted Requirements: Compliance with GLBA mandates that financial institutions, including educational institutions, protect sensitive student financial aid information.
  • Recommended Follow-Up: The College should prioritize developing and implementing a robust security program that meets GLBA requirements to ensure data protection.

Finding Text

2024-011 — Gramm-Leach-Bliley Act- Student Information Security (Special Test #11)– Material Weakness in Internal Control Over Compliance and Noncompliance Federal program information: Funding agencies: U.S. Department of Education Titles: SFA Cluster-Federal PELL Grant Program ALN Number: 84.063 Award years: Various Criteria: According to 16 CFR 314. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information sharing practices to their customers and to safeguard sensitive data. The Federal Trade Commission considers Title IV-eligible institutions that participate in the Title IV Education Assistance programs as “financial institutions” and subject to the GLBA. Institutions must protect student financial aid information, with particular attention to information. Condition: Institutions are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and includes specific elements. The College did not have a comprehensive information security program in place, written or otherwise, that met the specific elements. Cause: The College’s IT control environment is lacking certain key controls. There are currently no formalized IT policies and procedures, sufficient data backup processes, or a formalized disaster recovery plan. IT controls are not in place to ensure non-authorized individuals are restricted from adding new vendors, recording journal entries, and making/or changes to employee pay records. Effect: The College is not in compliance with the requirements of the program and student data may be compromised without policies in place to ensure otherwise. Questioned Costs: None Context: The College is not in compliance with the GLBA requirements. Recommendation: The College should comply with grant requirements and develop, implement, and maintain a comprehensive security program that includes the specific elements required. Management’s Response: The College is in process of developing policies for the GLBA

Corrective Action Plan

The Department will enforce policies and procedures to ensure that compliance with the requirements. New internal controls are expected to be implemented to address these findings.

Categories

Student Financial Aid Internal Control / Segregation of Duties Material Weakness

Other Findings in this Audit

  • 573328 2024-002
    Material Weakness Repeat
  • 573329 2024-002
    Material Weakness Repeat
  • 573330 2024-002
    Material Weakness Repeat
  • 573331 2024-002
    Material Weakness Repeat
  • 573332 2024-002
    Material Weakness Repeat
  • 573333 2024-002
    Material Weakness Repeat
  • 573334 2024-003
    Material Weakness Repeat
  • 573335 2024-003
    Material Weakness Repeat
  • 573336 2024-003
    Material Weakness Repeat
  • 573337 2024-003
    Material Weakness Repeat
  • 573338 2024-003
    Material Weakness Repeat
  • 573339 2024-003
    Material Weakness Repeat
  • 573340 2024-004
    Significant Deficiency
  • 573341 2024-004
    Significant Deficiency
  • 573342 2024-005
    Material Weakness Repeat
  • 573343 2024-005
    Material Weakness Repeat
  • 573344 2024-005
    Material Weakness Repeat
  • 573345 2024-005
    Material Weakness Repeat
  • 573346 2024-005
    Material Weakness Repeat
  • 573347 2024-006
    Significant Deficiency Repeat
  • 573348 2024-006
    Significant Deficiency Repeat
  • 573349 2024-006
    Significant Deficiency Repeat
  • 573350 2024-006
    Significant Deficiency Repeat
  • 573351 2024-006
    Significant Deficiency Repeat
  • 573352 2024-007
    Significant Deficiency
  • 573353 2024-008
    Material Weakness
  • 573354 2024-009
    Material Weakness
  • 573355 2024-010
    Material Weakness
  • 573357 2024-012
    Significant Deficiency
  • 573358 2024-012
    Significant Deficiency
  • 573359 2024-012
    Significant Deficiency
  • 573360 2024-012
    Significant Deficiency
  • 1149770 2024-002
    Material Weakness Repeat
  • 1149771 2024-002
    Material Weakness Repeat
  • 1149772 2024-002
    Material Weakness Repeat
  • 1149773 2024-002
    Material Weakness Repeat
  • 1149774 2024-002
    Material Weakness Repeat
  • 1149775 2024-002
    Material Weakness Repeat
  • 1149776 2024-003
    Material Weakness Repeat
  • 1149777 2024-003
    Material Weakness Repeat
  • 1149778 2024-003
    Material Weakness Repeat
  • 1149779 2024-003
    Material Weakness Repeat
  • 1149780 2024-003
    Material Weakness Repeat
  • 1149781 2024-003
    Material Weakness Repeat
  • 1149782 2024-004
    Significant Deficiency
  • 1149783 2024-004
    Significant Deficiency
  • 1149784 2024-005
    Material Weakness Repeat
  • 1149785 2024-005
    Material Weakness Repeat
  • 1149786 2024-005
    Material Weakness Repeat
  • 1149787 2024-005
    Material Weakness Repeat
  • 1149788 2024-005
    Material Weakness Repeat
  • 1149789 2024-006
    Significant Deficiency Repeat
  • 1149790 2024-006
    Significant Deficiency Repeat
  • 1149791 2024-006
    Significant Deficiency Repeat
  • 1149792 2024-006
    Significant Deficiency Repeat
  • 1149793 2024-006
    Significant Deficiency Repeat
  • 1149794 2024-007
    Significant Deficiency
  • 1149795 2024-008
    Material Weakness
  • 1149796 2024-009
    Material Weakness
  • 1149797 2024-010
    Material Weakness
  • 1149798 2024-011
    Material Weakness
  • 1149799 2024-012
    Significant Deficiency
  • 1149800 2024-012
    Significant Deficiency
  • 1149801 2024-012
    Significant Deficiency
  • 1149802 2024-012
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.425 Covid 19-Education Stabilization Fund $2.13M
84.063 Federal Pell Grant Program $864,525
84.031 Higher Education Institutional Aid $687,251
10.237 From Learning to Leading: Cultivating the Next Generation of Diverse Food and Agriculture Professionals $565,030
15.027 Assistance to Tribally Controlled Community Colleges and Universities $354,431
10.222 Tribal Colleges Endowment Program $191,617
10.221 Tribal Colleges Education Equity Grants $178,273
10.500 Cooperative Extension Service $156,521
10.202 Cooperative Forestry Research $116,495
10.766 Community Facilities Loans and Grants $96,941
43.008 Office of Stem Engagement (ostem) $3,829
47.076 Stem Education (formerly Education and Human Resources) $214