Finding 947692 — 2023-003

AI Summary

Core Issue: The University failed to comply with the GLBA Safeguards Rule, lacking necessary policies for protecting student financial aid information.
Impacted Requirements: Compliance with the Gramm-Leach-Bliley Act, specifically regarding access controls and data encryption.
Recommended Follow-Up: Enhance policies to include access controls, data encryption, and secure disposal of sensitive information.

Finding Text

2023-003 Federal Agency: Department of Education Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: 84.038, 84.268, 84.033, 84.007, 84.063, 84.268, 93.264 Award Period: July 1, 2022 to June 30, 2023 Type of Finding: Significant Deficiency in Internal Control over Compliance, and Other matter Criteria or Specific Requirement: The Gramm-Leach-Bliley Act (Public Law 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. (16 CFR 314) The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as financial institutions and subject to the Gramm-Leach-Bliley Act (16 CFR 313.3(k)(2)(vi). Condition: Under an institutions Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, schools must protect student financial aid information, with particular attention to information provided to institutions by the Department or otherwise obtained in support of the administration of the federal student financial aid programs. Questioned Costs: None reported Context: We noted that the Organization did not meet the Single Audit compliance requirements over the GLBA Safeguards Rule. Audit procedures required the new Safeguards Rule components to be outlined within the Written Information Security Program and associated policies and procedures. We noted the following areas were not covered in existing, current policies at the University: - Access Controls, - Data Encryption Cause: The University has not created appropriate policies that address all GLBA Safeguards Rules. Effect: The University was not in compliance with the GLBA Safeguards Rule regulations. Repeat Finding: No Recommendation: We recommend that the Organization enhance its policies and procedures to meet GLBA compliance pertaining to the following control areas: - Implement and periodically review access controls, - Encrypt sensitive information at rest and in transit, and - Dispose of customer information securely and follow appropriate data retention requirements Views of Responsible Officials: There is no disagreement with the audit finding.

Other Findings in this Audit

371248 2023-001

Significant Deficiency

371249 2023-002

Significant Deficiency

371250 2023-003

Significant Deficiency

371251 2023-004

Significant Deficiency

371252 2023-005

Significant Deficiency

371253 2023-006

Significant Deficiency Repeat

371254 2023-001

Significant Deficiency

371255 2023-002

Significant Deficiency

371256 2023-003

Significant Deficiency

371257 2023-004

Significant Deficiency

371258 2023-005

Significant Deficiency

371259 2023-006

Significant Deficiency Repeat

371260 2023-001

Significant Deficiency

371261 2023-002

Significant Deficiency

371262 2023-003

Significant Deficiency

371263 2023-004

Significant Deficiency

371264 2023-005

Significant Deficiency

371265 2023-006

Significant Deficiency Repeat

371266 2023-001

Significant Deficiency

371267 2023-002

Significant Deficiency

371268 2023-003

Significant Deficiency

371269 2023-004

Significant Deficiency

371270 2023-005

Significant Deficiency

371271 2023-006

Significant Deficiency Repeat

371272 2023-001

Significant Deficiency

371273 2023-002

Significant Deficiency

371274 2023-003

Significant Deficiency

371275 2023-004

Significant Deficiency

371276 2023-005

Significant Deficiency

371277 2023-006

Significant Deficiency Repeat

371278 2023-001

Significant Deficiency

371279 2023-002

Significant Deficiency

371280 2023-003

Significant Deficiency

371281 2023-004

Significant Deficiency

371282 2023-005

Significant Deficiency

371283 2023-006

Significant Deficiency Repeat

371284 2023-001

Significant Deficiency

371285 2023-002

Significant Deficiency

371286 2023-003

Significant Deficiency

371287 2023-004

Significant Deficiency

371288 2023-005

Significant Deficiency

371289 2023-006

Significant Deficiency Repeat

371290 2023-001

Significant Deficiency

371291 2023-002

Significant Deficiency

371292 2023-003

Significant Deficiency

371293 2023-004

Significant Deficiency

371294 2023-005

Significant Deficiency

371295 2023-006

Significant Deficiency Repeat

371296 2023-001

Significant Deficiency

371297 2023-002

Significant Deficiency

371298 2023-003

Significant Deficiency

371299 2023-004

Significant Deficiency

371300 2023-005

Significant Deficiency

371301 2023-006

Significant Deficiency Repeat

947690 2023-001

Significant Deficiency

947691 2023-002

Significant Deficiency

947693 2023-004

Significant Deficiency

947694 2023-005

Significant Deficiency

947695 2023-006

Significant Deficiency Repeat

947696 2023-001

Significant Deficiency

947697 2023-002

Significant Deficiency

947698 2023-003

Significant Deficiency

947699 2023-004

Significant Deficiency

947700 2023-005

Significant Deficiency

947701 2023-006

Significant Deficiency Repeat

947702 2023-001

Significant Deficiency

947703 2023-002

Significant Deficiency

947704 2023-003

Significant Deficiency

947705 2023-004

Significant Deficiency

947706 2023-005

Significant Deficiency

947707 2023-006

Significant Deficiency Repeat

947708 2023-001

Significant Deficiency

947709 2023-002

Significant Deficiency

947710 2023-003

Significant Deficiency

947711 2023-004

Significant Deficiency

947712 2023-005

Significant Deficiency

947713 2023-006

Significant Deficiency Repeat

947714 2023-001

Significant Deficiency

947715 2023-002

Significant Deficiency

947716 2023-003

Significant Deficiency

947717 2023-004

Significant Deficiency

947718 2023-005

Significant Deficiency

947719 2023-006

Significant Deficiency Repeat

947720 2023-001

Significant Deficiency

947721 2023-002

Significant Deficiency

947722 2023-003

Significant Deficiency

947723 2023-004

Significant Deficiency

947724 2023-005

Significant Deficiency

947725 2023-006

Significant Deficiency Repeat

947726 2023-001

Significant Deficiency

947727 2023-002

Significant Deficiency

947728 2023-003

Significant Deficiency

947729 2023-004

Significant Deficiency

947730 2023-005

Significant Deficiency

947731 2023-006

Significant Deficiency Repeat

947732 2023-001

Significant Deficiency

947733 2023-002

Significant Deficiency

947734 2023-003

Significant Deficiency

947735 2023-004

Significant Deficiency

947736 2023-005

Significant Deficiency

947737 2023-006

Significant Deficiency Repeat

947738 2023-001

Significant Deficiency

947739 2023-002

Significant Deficiency

947740 2023-003

Significant Deficiency

947741 2023-004

Significant Deficiency

947742 2023-005

Significant Deficiency

947743 2023-006

Significant Deficiency Repeat

Programs in Audit

ALN	Program Name	Expenditures
84.063	Federal Pell Grant Program	$1.63M
84.268	Federal Direct Student Loans	$1.49M
84.038	Federal Perkins Loan Program	$449,316
84.033	Federal Work-Study Program	$171,603
84.007	Federal Supplemental Educational Opportunity Grants	$137,990
84.379	Teacher Education Assistance for College and Higher Education Grants (teach Grants)	$55,637
93.264	Nurse Faculty Loan Program (nflp)	$0

Finding 947692 (2023-003)

AI Summary

Finding Text

Categories

Other Findings in this Audit

Programs in Audit