FAC Explorer

Finding 59299 (2022-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2022
Accepted
2023-03-30
Audit: 51939
Organization: Hannibal-Lagrange University (MO)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The University is not fully compliant with the Gramm-Leach-Bliley Act (GLBA) requirements.
  • Impacted Requirements: Insufficient documentation of security risk assessments and safeguards as per 16 CFR 314.3 and 314.4.
  • Recommended Follow-Up: Allocate necessary resources to meet all GLBA compliance requirements.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033 and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2021-2022 Financial Aid Year Condition: The University did not sufficiently comply with all the requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $-0- Context: The University has not fully documented its security risk assessment and safeguards. Cause: The University experienced turnover of the IT personnel responsible over GLBA compliance as well as the impact on IT operations by COVID-19. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend that the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach -Bliley Act (GLBA) Compliance Planned Corrective Action: In regards to the Gramm-Leach-Bliley Act (GBLA), we concur that Hannibal- LaGrange University (HLGU) has not adequately addressed the requirements of the GBLA. In an effort to rectify this issue, the director of Computer Services, Dr. Michelle Todd, is in contact with the security team of the Missouri Research and Education Network (MORENet) and has begun to work through a security assessment, which provides a roadmap for making current and continual improvements in regards to the security of the network. MOREN et is a membership consortium that operates as a department within the University of Missouri System, assisting members with network and security support. This process with MORENet will provide HLGU with guidance to develop a program that would protect the exposure of student information security risks. Person Responsible for Corrective Action Plan: Dr. Michelle Todd, Director of Computer Services Anticipated Date of Completion: Fall 2023

Categories

Subrecipient Monitoring Significant Deficiency

Other Findings in this Audit

  • 59300 2022-002
    Significant Deficiency
  • 59301 2022-002
    Significant Deficiency
  • 59302 2022-002
    Significant Deficiency
  • 59303 2022-002
    Significant Deficiency
  • 635741 2022-002
    Significant Deficiency
  • 635742 2022-002
    Significant Deficiency
  • 635743 2022-002
    Significant Deficiency
  • 635744 2022-002
    Significant Deficiency
  • 635745 2022-002
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $2.81M
84.425 Covid-19 Education Stabilization Fund Heerf-Student Aid Portion $988,950
84.063 Federal Pell Grant Program $986,530
84.038 Federal Perkins Loan Program $188,132
84.007 Federal Supplemental Educational Opportunity Grants $48,291
84.033 Federal Work-Study Program $43,068