FAC Explorer

Finding 966320 (2023-002)

Material Weakness
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-03-29
Audit: 300763
Organization: Tusculum University (TN)
Auditor: Blackburn Childers & Steagall Plc

AI Summary

  • Core Issue: The University’s Gramm-Leach-Bliley Act Policy does not meet all requirements outlined in 16 CFR 314.4, leading to a material weakness in their information security program.
  • Impacted Requirements: The University failed to implement necessary administrative, technical, and physical safeguards for customer information as mandated by the GLBA.
  • Recommended Follow-Up: Update the GLBA Policy to comply with regulations and establish effective monitoring controls to ensure proper administration moving forward.

Finding Text

2023-002 Material Weakness: Gramm-Leach-Bliley Act (GLBA) (U.S. Department of Education, William D. Ford Direct Loan Program, ALN #84.268) Criteria: In accordance with 16 CFR 314.4, a University shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue and must contain all of the elements that are further described in 16 CFR 314.4. Statement of Condition: During the 2023 audit, it was noted that the University’s Gramm-Leach-Bliley Act Policy did not fully address all of the requirements as described by 16 CFR 314.4. In addition, the application of the comprehensive information security program was not effectively administered by the University for the 2023 year. Questioned Costs: Such information is not applicable for this finding since it is nonmonetary in nature. Perspective Information: The 2023 audit included testing of the University’s Gramm-Leach-Bliley Act Policy as outlined in Part 5 of the Compliance Supplement including the application of this program for the year. Cause and Effect: Due to oversight by the director of the program, the GLBA policy was not reviewed and updated for changes to the program as required by the Compliance Supplement. Recommendation: The University should update their Gramm-Leach-Bliley Act Policy to be in accordance with the requirements and put in place effective controls and practices to ensure the policy is monitored in a way to ensure it is administered effectively. View of Responsible Officials: The University concurs with this finding. The University has begun the process of updating policies and procedures to comply with all of the latest GLBA policies. The university is currently in the process of finishing the risk assessment and will update all applicable policies and procedures to align with the GLBA requirements.

Categories

Student Financial Aid Subrecipient Monitoring Material Weakness Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties

Other Findings in this Audit

  • 389878 2023-002
    Material Weakness
  • 389879 2023-003
    Significant Deficiency Repeat
  • 389880 2023-003
    Significant Deficiency Repeat
  • 966321 2023-003
    Significant Deficiency Repeat
  • 966322 2023-003
    Significant Deficiency Repeat

Programs in Audit

ALN Program Name Expenditures
10.766 Community Facilities Loans and Grants $47.55M
84.268 Federal Direct Student Loans $7.57M
84.063 Federal Pell Grant Program $2.57M
84.047 Trio_upward Bound $1.15M
84.044 Trio_talent Search $614,399
84.042 Trio_student Support Services $589,780
84.007 Federal Supplemental Educational Opportunity Grants $112,250
84.033 Federal Work-Study Program $82,044
84.379 Teacher Education Assistance for College and Higher Education Grants (teach Grants) $18,860
84.038 Federal Perkins Loan Program $184