FAC Explorer

Finding 8163 (2023-001)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-01-10
Audit: 10714
Organization: Johnson University (TN)
Auditor: Blackburn Childers & Steagall Plc

AI Summary

  • Core Issue: The University’s Gramm-Leach-Bliley Act Policy is incomplete and not effectively administered, failing to meet the requirements of 16 CFR 314.4.
  • Impacted Requirements: The policy lacks necessary administrative, technical, and physical safeguards for protecting customer information.
  • Recommended Follow-Up: Update the GLBA Policy to meet compliance standards and implement effective monitoring controls to ensure proper administration moving forward.

Finding Text

2023-001 Material Weakness: Gramm-Leach-Bliley Act (GLBA) (U.S. Department of Education, William D. Ford Direct Loan Program, ALN #84.268) Criteria: In accordance with 16 CFR 314.4, a University shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue and must contain all of the elements that are further described in 16 CFR 314.4. Statement of Condition: During the 2023 audit, it was noted that the University’s Gramm-Leach-Bliley Act Policy did not fully address all of the requirements as described by 16 CFR 314.4. In addition, the application of the comprehensive information security program was not effectively administered by the University for the 2023 year. Questioned Costs: Such information is not applicable for this finding since it is nonmonetary in nature. Perspective Information: The 2023 audit included testing of the University’s Gramm-Leach-Bliley Act Policy as outlined in Part 5 of the Compliance Supplement including the application of this program for the year. Cause and Effect: Due to oversight by the director of the program, the GLBA policy was not reviewed and updated for changes to the program as required by the Compliance Supplement. Recommendation: The University should update their Gramm-Leach-Bliley Act Policy to be in accordance with the requirements and put in place effective controls and practices to ensure the policy is monitored in a way to ensure it is administered effectively. View of Responsible Officials: Due to turnover within the IT Department, GLBA requirements were not communicated well to incoming staff or to the organization. Once GLBA requirements were discovered, a plan was developed to begin implementing GLBA controls and revise our security plan. The plan to bring the organization into GLBA compliance was developed for the 2023-2024 school year and was not in effect before this audit. The IT Department, and key stakeholders within the organization, are working to ensure GLBA compliance within the next year.

Corrective Action Plan

Finding Reference Number: 2023-001 Initial Fiscal Year: 2023 Summary of Finding: Material Weakness: Gramm-Leach-Bliley Act (GLBA) (U.S. Department of Education, William D. Ford Direct Loan Program, ALN #84.268) Entity’s Corrective Action Plan Due to turnover within the IT Department, GLBA requirements were not communicated well to incoming staff or to the organization. Once GLBA requirements were discovered, a plan was developed to begin implementing GLBA controls and revise our security plan. The plan to bring the organization into GLBA compliance was developed for the 2023-2024 school year and was not in effect before this audit. The IT Department, and key stakeholders within the organization, are working to ensure GLBA compliance within the next year.. Anticipated Completion Date: September 21, 2023 Name and Title of Responsible Person: Luke Edwards, Director of IT.

Categories

Student Financial Aid Material Weakness Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties

Other Findings in this Audit

  • 8155 2023-002
    Significant Deficiency
  • 8156 2023-003
    Significant Deficiency
  • 8157 2023-004
    Significant Deficiency
  • 8158 2023-002
    Significant Deficiency
  • 8159 2023-003
    Significant Deficiency
  • 8160 2023-004
    Significant Deficiency
  • 8161 2023-005
    Significant Deficiency
  • 8162 2023-006
    Significant Deficiency
  • 584597 2023-002
    Significant Deficiency
  • 584598 2023-003
    Significant Deficiency
  • 584599 2023-004
    Significant Deficiency
  • 584600 2023-002
    Significant Deficiency
  • 584601 2023-003
    Significant Deficiency
  • 584602 2023-004
    Significant Deficiency
  • 584603 2023-005
    Significant Deficiency
  • 584604 2023-006
    Significant Deficiency
  • 584605 2023-001
    Material Weakness

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $5.23M
84.063 Federal Pell Grant Program $1.70M
84.033 Federal Work-Study Program $138,519
84.425 Covid-19 Education Stabilization Fund $102,675
84.007 Federal Supplemental Educational Opportunity Grants $69,863
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $9,430