FAC Explorer

Finding 964602 (2023-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-28
Audit: 299965
Organization: McKendree University (IL)
Auditor: Cliftonlarsonallen

AI Summary

  • Core Issue: The University’s Written Information Security Program (WISP) does not meet the new requirements of the Gramm-Leach-Bliley Act (GLBA).
  • Impacted Requirements: GLBA mandates that institutions have a qualified individual overseeing information security and a comprehensive WISP that includes specific safeguards and regular effectiveness testing.
  • Recommended Follow-Up: The University should review and update its WISP to include all necessary elements to comply with the updated GLBA requirements.

Finding Text

2023 – 002: Special Tests and Provisions: Gramm-Leach Bliley Act (GLBA) Federal agency: U.S. Department of Education Federal program title: Student Financial Assistance ALN Number: 84.007, 84.033, 84.063, 84.268, 84.379 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Period: July 1, 2022 through June 30, 2023 Type of Finding: • Significant Deficiency in Internal Control over Compliance • Other Matters Criteria or specific requirement: The Gramm-Leach Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The regulation states that the college must designate a qualified individual responsible for overseeing and implementing your information security program and enforcing your information security program.(16 CFR 314.4(a)). The entity shall have a Written Information Security Program (WISP) that outlines the design and implementation of the risk assessment procedures. (16 CFR 314.4(b)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8) including: Assess apps developed by the institution. In addition, the written security program provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). Per 2 CFR 200.303, nonfederal entities receiving federal awards are required to establish and maintain internal controls designed to reasonably ensure compliance with federal laws, regulations, and program compliance requirements. Condition: The University has a Written information Security Program; however, the University did not meet the minimum requirements stated in the Gramm-Leach-Bliley Act. Questioned costs: None. Context: These new GLBA requirements were applicable beginning on June 9, 2023, and there were multiple elements missing from their Written Information Security Program. Cause: There was not a formal process in place to review against all the new GLBA requirements to ensure compliance. Effect: The University was not in Gramm-Leach-Bliley compliance standards. Repeat finding: No. Recommendation: We recommend that the University review the updated GLBA requirements and ensure their WISP includes all required elements. Views of responsible officials: There is no disagreement with the audit finding.

Categories

Special Tests & Provisions Subrecipient Monitoring Significant Deficiency Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties

Other Findings in this Audit

  • 388155 2023-002
    Significant Deficiency
  • 388156 2023-002
    Significant Deficiency
  • 388157 2023-002
    Significant Deficiency
  • 388158 2023-002
    Significant Deficiency
  • 388159 2023-002
    Significant Deficiency
  • 388160 2023-002
    Significant Deficiency
  • 388161 2023-003
    Significant Deficiency
  • 388162 2023-003
    Significant Deficiency
  • 388163 2023-003
    Significant Deficiency
  • 388164 2023-003
    Significant Deficiency
  • 388165 2023-003
    Significant Deficiency
  • 388166 2023-003
    Significant Deficiency
  • 388167 2023-004
    Significant Deficiency
  • 388168 2023-004
    Significant Deficiency
  • 388169 2023-004
    Significant Deficiency
  • 388170 2023-004
    Significant Deficiency
  • 388171 2023-004
    Significant Deficiency
  • 388172 2023-004
    Significant Deficiency
  • 388173 2023-005
    Significant Deficiency
  • 388174 2023-005
    Significant Deficiency
  • 388175 2023-005
    Significant Deficiency
  • 388176 2023-005
    Significant Deficiency
  • 388177 2023-005
    Significant Deficiency
  • 388178 2023-005
    Significant Deficiency
  • 388179 2023-006
    Significant Deficiency
  • 388180 2023-006
    Significant Deficiency
  • 388181 2023-006
    Significant Deficiency
  • 388182 2023-006
    Significant Deficiency
  • 388183 2023-006
    Significant Deficiency
  • 388184 2023-006
    Significant Deficiency
  • 388185 2023-007
    Significant Deficiency
  • 388186 2023-007
    Significant Deficiency
  • 388187 2023-007
    Significant Deficiency
  • 388188 2023-007
    Significant Deficiency
  • 388189 2023-007
    Significant Deficiency
  • 388190 2023-007
    Significant Deficiency
  • 388191 2023-008
    Significant Deficiency
  • 388192 2023-008
    Significant Deficiency
  • 388193 2023-008
    Significant Deficiency
  • 388194 2023-008
    Significant Deficiency
  • 388195 2023-008
    Significant Deficiency
  • 388196 2023-008
    Significant Deficiency
  • 388197 2023-009
    Significant Deficiency
  • 388198 2023-009
    Significant Deficiency
  • 388199 2023-009
    Significant Deficiency
  • 388200 2023-009
    Significant Deficiency
  • 388201 2023-009
    Significant Deficiency
  • 388202 2023-009
    Significant Deficiency
  • 388203 2023-010
    Significant Deficiency
  • 388204 2023-010
    Significant Deficiency
  • 388205 2023-010
    Significant Deficiency
  • 388206 2023-010
    Significant Deficiency
  • 388207 2023-010
    Significant Deficiency
  • 388208 2023-010
    Significant Deficiency
  • 388209 2023-011
    Significant Deficiency
  • 388210 2023-011
    Significant Deficiency
  • 388211 2023-011
    Significant Deficiency
  • 388212 2023-011
    Significant Deficiency
  • 388213 2023-011
    Significant Deficiency
  • 388214 2023-011
    Significant Deficiency
  • 964597 2023-002
    Significant Deficiency
  • 964598 2023-002
    Significant Deficiency
  • 964599 2023-002
    Significant Deficiency
  • 964600 2023-002
    Significant Deficiency
  • 964601 2023-002
    Significant Deficiency
  • 964603 2023-003
    Significant Deficiency
  • 964604 2023-003
    Significant Deficiency
  • 964605 2023-003
    Significant Deficiency
  • 964606 2023-003
    Significant Deficiency
  • 964607 2023-003
    Significant Deficiency
  • 964608 2023-003
    Significant Deficiency
  • 964609 2023-004
    Significant Deficiency
  • 964610 2023-004
    Significant Deficiency
  • 964611 2023-004
    Significant Deficiency
  • 964612 2023-004
    Significant Deficiency
  • 964613 2023-004
    Significant Deficiency
  • 964614 2023-004
    Significant Deficiency
  • 964615 2023-005
    Significant Deficiency
  • 964616 2023-005
    Significant Deficiency
  • 964617 2023-005
    Significant Deficiency
  • 964618 2023-005
    Significant Deficiency
  • 964619 2023-005
    Significant Deficiency
  • 964620 2023-005
    Significant Deficiency
  • 964621 2023-006
    Significant Deficiency
  • 964622 2023-006
    Significant Deficiency
  • 964623 2023-006
    Significant Deficiency
  • 964624 2023-006
    Significant Deficiency
  • 964625 2023-006
    Significant Deficiency
  • 964626 2023-006
    Significant Deficiency
  • 964627 2023-007
    Significant Deficiency
  • 964628 2023-007
    Significant Deficiency
  • 964629 2023-007
    Significant Deficiency
  • 964630 2023-007
    Significant Deficiency
  • 964631 2023-007
    Significant Deficiency
  • 964632 2023-007
    Significant Deficiency
  • 964633 2023-008
    Significant Deficiency
  • 964634 2023-008
    Significant Deficiency
  • 964635 2023-008
    Significant Deficiency
  • 964636 2023-008
    Significant Deficiency
  • 964637 2023-008
    Significant Deficiency
  • 964638 2023-008
    Significant Deficiency
  • 964639 2023-009
    Significant Deficiency
  • 964640 2023-009
    Significant Deficiency
  • 964641 2023-009
    Significant Deficiency
  • 964642 2023-009
    Significant Deficiency
  • 964643 2023-009
    Significant Deficiency
  • 964644 2023-009
    Significant Deficiency
  • 964645 2023-010
    Significant Deficiency
  • 964646 2023-010
    Significant Deficiency
  • 964647 2023-010
    Significant Deficiency
  • 964648 2023-010
    Significant Deficiency
  • 964649 2023-010
    Significant Deficiency
  • 964650 2023-010
    Significant Deficiency
  • 964651 2023-011
    Significant Deficiency
  • 964652 2023-011
    Significant Deficiency
  • 964653 2023-011
    Significant Deficiency
  • 964654 2023-011
    Significant Deficiency
  • 964655 2023-011
    Significant Deficiency
  • 964656 2023-011
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $9.79M
84.063 Federal Pell Grant Program $2.29M
84.033 Federal Work-Study Program $99,527
84.007 Federal Supplemental Educational Opportunity Grants $90,109
84.038 Federal Perkins Loan Program $74,817
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $11,316