OIG guide for audits

Possible Clery Act Compliance “Game Changer”

Christine L. Peterson, CPP, ISPCompliance, News

OIG guide for auditsClery Act Compliance “Game Changer”– What Is It? Why Does It Matter?

Security professionals inherently know the steps to make a case – one thing leads to another and then connect the dots. At colleges and universities, security leadership is acutely aware that they play a large role in Clery Act compliance. They also understand that an investigation by ED can originate from a multitude of places. For example, these could include complaints, media coverage, ancillary audits, lawsuits and more.

This is not new information. The roles and responsibilities that colleges and universities leaders have delegated to their security professionals is not new, either.

In the past, institutions and Clery Act professionals have viewed financial audits as a non-Clery Act compliance review trigger. For example, in some cases, ED stated that the review originated from the annual financial audit requirement. This audit requirement applies to all institutions participating in the Federal Student Financial Assistance Programs (SFA). In addition, if an institution outsources administration of the SFA programs, the audit should include the servicer organization as well.

The audit guide developed by the ED/OIG in January 2000 supported this viewpoint. (Audits of Federal Student Financial Assistance Programs at Participating Institutions and Institution Servicers.) There is a single reference to the annual security report (ASR) buried in an obscure section of the guide on Page II-38. Under the headline “Suggested Procedures (h.)”, it states: Obtain and inspect the annual security report. Ascertain the report contains all information required by 34 CFR 668.47 and was distributed as required.

In 2016 ED/OIG published an updated audit guide, Guide for Audits of Proprietary Schools and for Compliance Attestation Engagements of Third-Party Servicers Administering Title IV Programs. The new guide simplified the compliance statement by stating “A school that participates in any Title IV program must at least annually have a compliance audit of its administration of that program and an audit of its general purpose financial statements unless an allowable Waiver has been granted (section 487 (c) of the HEA (20 U.S.C. 1094 (c)))”. The updated guide also provides auditors with an expanded list of requirements that they must review to determine an institutions compliance with the Clery Act.

The expanded requirements begin at the Table of Contents with a page reference to the Clery Act C.8.7. Annual Security and Fire Safety Reports on page 140.

No longer is the reference to Clery Act compliance a footnote under the suggested procedure section. In contrast, it is now a section that includes an audit objective. To complete the Audit Objective, an institution must, “Determine if the school is accurately completing the Annual Security and Fire Safety (if applicable) Reports and distributing them to currently enrolled students and staff via publications and mailings (including direct mail, campus mail, or electronic mail), background, criteria, guidance”. The overall audit and review includes ten specific required procedures.

This is a game changer for institutions who have not historically made a comprehensive Clery Act compliance program a priority. The guide now compels auditors to look at the ASR and specific elements of the program at a granular level. This, therefore, requires them to make a compliance determination.

Elements of the Clery Act program specifically called out are:

  • crime statistics,
  • policy statements,
  • emergency response and evacuation procedures,
  • missing student policies and procedures,
  • policies on programs to prevent dating violence, domestic violence, sexual assault, and stalking,
  • procedures for institutional disciplinary action in cases of alleged dating violence, domestic violence, sexual assault, or stalking,
  • annual fire safety report,
  • trace and verify the compilation of crime statistics and fire safety information,
  • methods used to inform enrolled students and employees of the reports,
  • if reports are made available through the internet or intranet are all the requirements being met, and
  • documentation to determine if crime statistics were submitted to ED appropriately

Compliance is going to require additional resources at every level of the institution. This begins with the personnel assigned Clery Act compliance duties. For many, this new guidance is completely off their radar even though it became effective for fiscal years beginning after June 30, 2016. In short, compliance audits going on right now are subject to the new audit requirements.

In addition, ED has adjusted the department’s civil fines for noncompliance to take into account for inflation. Effective April 20, 2017, Ed can fine institutions $54,789 per violation whereas previously the fine was $35,000. The new amount will only apply to civil penalties assessed after April 20, 2017, for associated violations occurring after November 2, 2015. Any penalties assessed prior to April 20, 2017, associated with violations that occurred before November 2, 2015, will not be subjected to the new fine limits.

ED has made it abundantly clear that compliance under the Clery Act is not optional. Consequently, the depth of detail in the 2016 audit guidance shows their unwillingness to accept a facade of compliance. Protus3 expects these new requirements will compel colleges and universities to devote more internal and external resources and also become much engaged in the development of a comprehensive Clery Act compliance program.

Plan. Protect. Prosper.

Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.

919-834-8584 or 800-775-8584