GLBA Safeguards Rule Auditing Delayed to FY18 Audits

min read

(April 20, 2017 – Jarret Cummings) The following information was first sent to the EDUCAUSE CIO listserv earlier on April 20th.

I emailed the EDUCAUSE CIO listserv [on April 14, 2017] to highlight the possibility that a GLBA Safeguards Rule audit objective might be added to the ongoing FY17 federal single audit process most member institutions face. (For more details, including key aspects of what the proposed requirement would cover, please see: "UPDATE: Pending FSA Audit Requirement on Safeguards Rule.")

I am happy to announce that the U.S. Dept. of Education (ED) and the Office of Management and Budget (OMB) agreed to the request EDUCAUSE submitted in concert with NACUBO, COGR, and NASFAA to delay implementation of the requirement until the FY18 audit process.

This step will relieve member institutions of the burden associated with documenting Safeguards Rule compliance in the federal audit process for the first time at a point when audit activities are already well underway. EDUCAUSE and its partners commend ED and OMB for their flexibility in adjusting course.

Members should still work with their business offices, however, to gain a better understanding of the single audit process and timetable. Audit preparations begin months before the close of the fiscal year, and institutions that have not previously documented Safeguards Rule compliance may want to start early.

The final text of the audit objective is not yet public, although my review provides a good indication of what to expect. EDUCAUSE will continue to engage with federal representatives so we can share the official FY18 audit requirement with you as soon as it is available.

Jarret Cummings is the Director of Policy and Government Relations for EDUCAUSE.