Submitting OIG:
Report Description:
The purpose of the audit was to (1) assess the adequacy of the Institute of Education Sciences’ (IES) Statewide Longitudinal Data System (SLDS) grant requirements and monitoring of States to ensure internal controls are in place to prevent, detect, and report unauthorized access and disclosure of personally identifiable information in SLDSs; and (2) determine whether selected States have internal controls in place to prevent, detect, report, and respond to unauthorized access and disclosure of personally identifiable information in their SLDSs.
We found that IES’s grant requirements were adequate to ensure the protection of personally identifiable information. We also found that the grantees that we audited addressed these requirements in the approved grant applications by identifying and noting that they would comply with specific State requirements pertaining to data and system security. However, we found that IES had inadequate controls for monitoring its grantees’ adherence to State system security requirements. Specifically, IES did not ensure that its grantees met the minimum State system security requirements. We identified internal control weakness at all three grantees audited that increased the risk that these grantees would be unable to prevent or detect unauthorized access and disclosure of personally identifiable information in their SLDSs.
Date Issued:
Thursday, March 15, 2018
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A02O0008
Component, if applicable:
Institute of Education Sciences
Location(s):
Agency-Wide
Type of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
3
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
FY18A02O0008031224v100SECURED.pdf | 960.21 KB |
Additional Details Link: