In a recent Electronic Announcement, Federal Student Aid (FSA) has issued guidance aimed at institutions and auditors who are tasked with evaluating institutional compliance concerning the delivery of credit balances to a student’s card or other access device under the Department of Education’s regulations at 34 C.F.R. 668.164(e) and (f).
FSA has identified specific circumstances where auditors may face challenges in conducting one of the suggested audit procedures provided in the 2023 Compliance Supplement for Special Test and Provision 3. This test relates to the use of servicers or financial institutions to deliver Title IV credit balances to student access devices. The information necessary to perform this audit procedure may not be readily available to institutions or auditors, primarily because there is no current requirement for servicers or financial institutions to provide this information.
The specific audit procedure in question, procedure b.(2), involves determining whether a school informed students of the terms and conditions of a financial account and obtained their consent to open the account. However, FSA acknowledges that in some cases, the required data may not be accessible.
According to regulatory requirements, institutions must obtain a student’s consent before sending them an access device, such as a bank card, for electronic fund transfers. There is an exception when the device is provided for institutional purposes other than electronic fund transfers, like a student ID card, but consent must still be obtained before enabling access to the financial account.
Auditors are expected to perform all suggested audit procedures when an access device is used solely for electronic fund transfers. In such cases, it’s crucial for institutions to maintain adequate internal controls to ensure compliance and documentation sufficiency. Failure to do so could result in audit findings related to insufficient internal controls.
However, in situations where an access device serves an institutional purpose beyond electronic fund transfers (e.g., student ID cards) and students provide consent after receiving the device, only the financial institution may have the necessary information. In some cases, financial institutions have declined to provide auditable information for conducting the suggested audit procedure.
Given these challenges, auditors are not obligated to perform suggested audit procedure b.(2) from the 2023 Compliance Supplement when:
- An access device is provided to a student for non-fund transfer institutional purposes (e.g., a student ID card).
- The student provides consent to the financial institution to validate the access device after receiving it.
This guidance is effective for Single Audits performed using the 2023 Compliance Supplement. FSA intends to provide further clarification on this suggested audit procedure in the 2024 Compliance Supplement.