As discussed in our previous posts, the Department of Education’s new Audit Guide establishes new audit requirements applicable to for-profit schools and to compliance audits of third-party servicers that administer “any aspect” of the Title IV programs on behalf of any postsecondary institution, including nonprofit and public institutions. Therefore, institutions of all types that use any third-party servicers should become familiar with these new Audit Guide requirements.
ED employs an increasingly expansive view of the types of functions and services that constitute Title IV third-party servicer functions under the ED regulations. While the exact reach of those regulations is still somewhat imprecise for many types of activities performed for institutions by outside companies, institutions of all types should carefully assess whether vendors they use are going to be considered by ED to be Title IV third-party servicers and whether each of those vendors is required to undergo and submit its own compliance audit, separate from the institution’s audit. Even if the new Audit Guide does not apply to the institution’s own compliance audit because the institution is a nonprofit or public institution, the Audit Guide will apply to the third-party servicer’s functions performed on behalf of such institutions.
Nonprofit and public institutions whose institutional audits are subject to the A-133 audit requirements (as well as for-profit institutions whose institutional audits are subject to the ED Audit Guide) that use a third-party servicer for any covered Title IV administrative process may have their institutional records included in the audit of the third-party servicer. This is because the audit sample in the servicer’s audit will be drawn from the students at the institutions that are serviced by the servicer, and the audit of the servicer must be conducted in accordance with the ED Audit Guide. The servicer section of the new Audit Guide generally reflects the testing requirements that are found in the institutional section of the Audit Guide, as they apply to the servicer’s functions. In instances where the servicer’s functions are covered by the Audit Guide’s requirements applicable to institutions, the servicer’s records are subject to the same new and additional testing, increased sample size and more in-depth auditing requirements as are institutions subject to the Audit Guide requirements.
Please note that ED has clarified, in a Dear Colleague Letter, that a servicer that carries out functions that are not covered by the specific audit requirements of the ED Audit Guide, but that is still classified by ED as a third-party servicer, must submit to ED (in lieu of a full audit) an audit letter providing management’s assertion that it complied with all requirements applicable to the services and functions it performed on behalf of eligible institutions. The requirements for this letter are spelled out in the Audit Guide. This letter from the servicer should be obtained by the institution and retained in its files.
An institution that uses a third-party servicer should obtain a copy of the servicer’s annual compliance audit report every year to monitor the servicer’s compliance and to provide to the institution’s own compliance auditor. Note that the servicer may have a different audit period than the institution due to differences in the institution’s and the servicer’s fiscal years. The servicer may not have its own audit report if the servicer contracts with only one institution and that institution’s audit covers every aspect of the servicer’s administration of the Title IV programs for that institution.
For institutional audits, the new Audit Guide contains new testing requirements if the institution uses a servicer to disburse Title IV credit balances to students. The auditor is required to test the manner in which the credit balances are administered under a Tier One or Tier Two Arrangement. For institutions not subject to the new Audit Guide, these tests are performed as part of the servicer’s audit. For institutions subject to the Audit Guide, these tests and the audit testing in all other applicable areas will be performed as part of both the institution’s and the servicer’s audits, if the institution’s records are included in the servicer’s audit sample.
In light of these heightened audit requirements for institutions and third-party servicers, we recommend that institutions and servicers carefully review their contracts, as well as ED’s Dear Colleague Letter and other guidance, to evaluate the extent to which vendor relationships will be considered third-party servicer contracts that will be impacted by the new Audit Guide. In addition, institutions should be mindful of and be prepared for the servicer’s audit and how it may involve institutional records and otherwise affect the institution.