2023 OMB Compliance Supplement Now Available; Includes GLBA Changes
The May 2023 Compliance Supplement is effective for single audits of fiscal years beginning after June 30, 2022, and supersedes the 2022 Compliance Supplement (dated May 11, 2022).
The 2023 Compliance Supplement also contains notable changes in the Student Financial Assistance Cluster related to the Gramm-Leach-Bliley Act (GLBA). Previously, auditors had to confirm that an institution had appointed someone responsible for the coordination of the information security program in addition to performing a risk assessment and documenting mitigating safeguards. With the 2023 update, auditors must now also confirm that a written information security program has been established and verify that the program addresses the required critical elements.
The required elements include:
- Addressing the eight minimum safeguards as defined in 16 CFR 314.4(c)(1) through (8)
- Establishing processes to test and monitor the effectiveness of the program and implemented safeguards
- Implementing policies and procedures to ensure staff can enact the program
- Addressing oversight of service providers
- Evaluating and adjusting the program as a result of testing and monitoring, material changes to the environment, risk assessments, or other circumstances that could materially impact the program
Please contact us if you have questions about the new Compliance Supplement or would like to discuss a consultation.