Finding 582095 — 2023-001

AI Summary

Core Issue: The University lacks written policies to comply with the Gramm-Leach-Bliley Act (GLBA), which is essential for safeguarding sensitive data.
Impacted Requirements: GLBA mandates that financial institutions, including educational institutions receiving federal aid, must have clear information-sharing practices and data protection measures.
Recommended Follow-Up: Conduct an information security assessment and develop a comprehensive written information security program to ensure GLBA compliance.

Finding Text

Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act Student Financial Assistance Cluster Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007) Federal Work-Study Program (ALN 84.033) Federal Perkins Loan Program (ALN 84.038) Federal Pell Grant Program (ALN 84.063) Federal Direct Student Loans (ALN 84.268) Federal TEACH Grant (ALN 84.379) U.S. Department of Education – Award Number: None provided, Award Year 2022-2023 Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Condition: The University does not have the required written policies in place to comply with GLBA rules for higher education institutions. Questioned Costs: N/A Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place. Effect: The University could mishandle sensitive data. Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence from was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized. Identification as a repeat finding: N/A Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA. Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.

Other Findings in this Audit

5649 2023-001

Significant Deficiency

5650 2023-001

Significant Deficiency

5651 2023-001

Significant Deficiency

5652 2023-001

Significant Deficiency

5653 2023-001

Significant Deficiency

5654 2023-001

Significant Deficiency

582091 2023-001

Significant Deficiency

582092 2023-001

Significant Deficiency

582093 2023-001

Significant Deficiency

582094 2023-001

Significant Deficiency

582096 2023-001

Significant Deficiency

Programs in Audit

ALN	Program Name	Expenditures
84.268	Federal Direct Student Loans	$6.04M
84.063	Federal Pell Grant Program	$1.43M
84.038	Federal Perkins Loan Program	$1.04M
47.076	Education and Human Resources	$416,823
84.033	Federal Work-Study Program	$153,722
93.600	Head Start	$130,998
84.007	Federal Supplemental Educational Opportunity Grants	$114,512
10.310	Agriculture and Food Research Initiative (afri)	$41,308
47.070	Computer and Information Science and Engineering	$32,979
84.379	Teacher Education Assistance for College and Higher Education Grants (teach Grants)	$23,407

Finding 582095 (2023-001)

AI Summary

Finding Text

Categories

Other Findings in this Audit

Programs in Audit