OIG guide for audits

Possible Clery Act Compliance “Game Changer”


OIG guide for auditsClery Act “Game Changer”– What Is It? Why Does It Matter?

Security professionals inherently know the steps to make a case – one thing leads to another and then connect the dots. At colleges and universities, security leadership is acutely, and sometimes painfully, aware that they play a large role in the institution’s Clery Act compliance and its VAWA amendments. They’ve also been trained to understand that an investigation by ED can originate from a multitude of places: complaints, media coverage, ancillary audits, lawsuits and more.

This is not new information. The disconnect between the roles and responsibilities that colleges and universities leaders have delegated to their security professionals and their role in the overall strategy of the institution is not new, either.

In the past, institutions and Clery Act professionals have viewed financial audits as a non-Clery Act compliance review trigger. Though, in some cases, they have been told a review or audit by ED originated from the annual financial and compliance audit requirement. This audit requirement applies to all institutions participating in the Federal Student Financial Assistance Programs (SFA). If an institution outsources any function relating to the administration of the SFA programs, the servicer organization must be included in the audit as well.

The audit guide developed by the ED/OIG in January 2000, Audits of Federal Student Financial Assistance Programs at Participating Institutions and Institution Servicers, supported this viewpoint with a single reference to the annual security report (ASR) buried in an obscure section of the guide on Page II-38. Under the headline “Suggested Procedures (h.)”, it states: Obtain and inspect the annual security report. Ascertain the report contains all information required by 34 CFR 668.47 and was distributed as required.

In 2016 ED/OIG published an updated audit guide, Guide for Audits of Proprietary Schools and for Compliance Attestation Engagements of Third-Party Servicers Administering Title IV Programs. The new guide simplified the compliance statement by stating “A school that participates in any Title IV program must at least annually have a compliance audit of its administration of that program and an audit of its general purpose financial statements unless an allowable Waiver has been granted (section 487 (c) of the HEA (20 U.S.C. 1094 (c)))”. The updated guide also provides auditors with an expanded list of requirements that they must review to determine an institutions compliance with the Clery Act.

The expanded requirements begin at the Table of Contents with a page reference to the Clery Act C.8.7. Annual Security and Fire Safety Reports on page 140.

No longer is the reference to Clery Act compliance a footnote under the suggested procedure section; it is now a section that includes an audit objective. To complete the Audit Objective, an institution must, “Determine if the school is accurately completing the Annual Security and Fire Safety (if applicable) Reports and distributing them to currently enrolled students and staff via publications and mailings (including direct mail, campus mail, or electronic mail), background, criteria, guidance” and ten specific required procedures that should be included as a part of the overall audit and review.

This is a game changer for institutions who have not historically made a comprehensive Clery Act compliance program a priority. Auditors are now compelled to look at not only the ASR but specific elements of the program at a granular level and requires they make a compliance determination.

Elements of the Clery Act program that are specifically called out are:

  • crime statistics,
  • policy statements,
  • emergency response and evacuation procedures,
  • missing student policies and procedures,
  • policies on programs to prevent dating violence, domestic violence, sexual assault, and stalking,
  • procedures for institutional disciplinary action in cases of alleged dating violence, domestic violence, sexual assault, or stalking,
  • annual fire safety report,
  • trace and verify the compilation of crime statistics and fire safety information,
  • methods used to inform enrolled students and employees of the reports,
  • if reports are made available through the internet or intranet are all the requirements being met, and
  • documentation to determine if crime statistics were submitted to ED appropriately

Compliance is going to require additional resources at every level of the institution – beginning with the personnel who have been assigned Clery Act compliance duties. For many, this new guidance is completely off their radar even though it was made effective for fiscal years beginning after June 30, 2016. That means that compliance audits going on right now are subject to the new audit requirements.

In addition, ED has adjusted the department’s civil fines for noncompliance to take into account for inflation. Effective April 20, 2017, institutions can now be fined $54,789 per violation whereas previously they would have only been fined $35,000. The new amount will only apply to civil penalties assessed after April 20, 2017, for associated violations occurring after November 2, 2015. Any penalties assessed prior to April 20, 2017, associated with violations that occurred before November 2, 2015, will not be subjected to the new fine limits.

ED has made it abundantly clear that compliance under the Clery Act is not optional, and the depth of detail in the 2016 audit guidance shows their unwillingness to accept a facade of compliance. Protus3 expects these new requirements will compel colleges and universities to devote more internal and external resources and become much engaged in the development of a comprehensive Clery Act compliance program.

If you’re concerned your university or college is not meeting Clery Act compliance or have questions about security programs, please contact Protus3 by calling (919) 834-8584 or visiting our contact us page.