As discussed in our previous posts, Title IV compliance audits for entities with fiscal years ending June 30, 2017 and later must be completed using the revised Audit Guide recently issued by the US Department of Education’s Office of Inspector General. The new Audit Guide establishes the requirements for compliance audits of for-profit schools and of third-party servicers that administer any aspect of the Title IV programs on behalf of any postsecondary institution.
ED’s new Audit Guide significantly expands the scope and detail of information that auditors are now required to review to evaluate a school’s compliance with the Clery Act as part of the annual Title IV compliance audit process. The Clery Act requires schools to compile and distribute an annual security report comprising relevant school security policies as well as detailed statistics on certain crimes that occurred on and adjacent to school property over the three prior calendar years. The Clery requirements have expanded over recent years and are notoriously intricate. ED has issued extensive guidance on required policy content and classification protocols under the Act in its nearly 300-page Handbook for Campus Safety and Security Reporting. Given the complexity and nuances of ED’s Clery regulations, even schools with established and sophisticated compliance programs are prone to occasional compliance errors.
The prior version of ED’s Audit Guide, published in 2000, contained a single, short “suggested procedure” that auditors “obtain and inspect the annual security report” and “ascertain the report contains all information required by 34 CFR 668.47 and was distributed as required.” In practice, this vague directive often resulted in limited reviews of institutional compliance with the requirements of the Clery Act and its corresponding regulations. As a result, auditors rarely have issued findings of Clery Act violations even though noncompliance with the Clery Act has been among the most frequent findings in ED program reviews for several years.
In contrast to the general suggested procedure in the 2000 Audit Guide, the new Audit Guide expressly requires that auditors review the institution’s annual security report and confirm the following:
- That the institution’s annual security report contains all crime statistics and policy statements required by ED’s regulations,
- That the institution’s emergency response and evacuation procedures meet all regulatory requirements,
- That the institution’s missing student policies and procedures satisfy applicable regulatory requirements,
- That the institution’s policies on programs to prevent dating violence, domestic violence, sexual assault and stalking, and its procedures for institutional disciplinary actions, satisfy the regulatory requirements under the Violence Against Women Act amendments,
- For institutions with on-campus housing, that the institution’s annual fire safety report contains all required information,
- That the method the school used to inform enrolled students and employees of the required reports is compliant (to be verified through the collection of student confirmations), and
- That the school submitted all required crime statistics to ED via the web.
Significantly, ED’s new Audit Guide also requires auditors to “trace and verify the compilation of crime statistics and fire safety information to source documents” on a test basis. That means that auditors will need to confirm a school’s reported crime statistics by reviewing a sample of the underlying reports and data. The Audit Guide does not prescribe how auditors must sample incident source documents, and we expect that auditors will employ a range of methods and approaches to satisfy this requirement. For institutions with large on-campus populations, this may require the review of a significant number of records, increasing the cost and time necessary to complete the Clery Act portion of the annual compliance audits.
The changes to the Audit Guide also significantly increase schools’ monetary risk for noncompliance with the Clery Act. Previously, ED reviewed schools’ compliance with the Clery Act rarely and in limited circumstances, such as during a program review or, more recently, during Clery compliance checks stemming from security incidents reported by local and national news outlets. An increase in Clery Act findings in schools’ annual compliance audits can be expected due to the additional testing requirements, resulting in ED referring more findings to its Clery Compliance Division for fines and enforcement actions. Now that ED has increased fines for each separate Clery Act violation to $55,000, it is critical that schools refocus on Clery Act compliance in preparation for their annual audits. We recommend that schools appoint a team and adopt a schedule to review their Clery Act compliance, recordkeeping, policies and procedures to help reduce the likelihood of adverse findings in their annual Title IV compliance audits and the possible resulting fines.
Please contact us with any questions you may have on complying with the Clery Act as well as best practices for establishing an effective compliance monitoring team at your institution.
We will be issuing additional blog posts in the coming weeks about other expanded compliance requirements of ED’s new Audit Guide. Please contact Cooley if you would like to discuss any issues related to your annual compliance audits.