Higher education institutions: Are you ready for your audit?

educational building

The audit season is in full swing for higher education institutions with 2023 fiscal-year ends. As institutions prepare for audits, there are areas that should be evaluated including the institution’s financial condition and results, new accounting standards, and regulatory compliance requirements.  

Financial condition and results

During each year's audit, the auditor considers an array of factors and information to plan the audit and determine areas of audit emphasis including, among other things, key performance indicators and a consideration of conditions that, in the aggregate, could raise substantial doubt about an institution’s ability to continue as a going concern. The going concern assessment is performed by an institution's management. Although a starting point is an evaluation of the subsequent year’s operational and overall budget, this assessment should also include a more encompassing review of information demonstrating the institution’s financial sustainability, such as:    

  • Cash flow projections: Cash is the lifeblood of an institution’s operations and therefore, a cash flow problem is a leading indicator of other financial and business issues. Cash projections should reflect the use of endowment funds and the liquidity and availability of the institution’s financial assets. Management should also monitor financial covenants related to outstanding debt.
  • Financial trends: Trend analysis of your financial position and operations will help you predict what will happen or help you better understand what is currently happening. Trend analysis can provide information across many areas which may also identify areas for improvement.
  • Composite score: The Department of Education’s (the Department) financial responsibility composite score measures the relative financial health of an institution based on three financial indicators. The Department uses the score to determine which institutions require additional oversight or are not considered financially responsible. This score is calculated on historic year end audited results. Institutions should be projecting their score on a regular basis and consider any downward trends throughout the year.
  • Program Participation Agreements (PPA) and accreditations: Management should regularly assess the requirements for accreditation and PPA renewal. Early identification of noncompliance with financial or operational issues that may negatively impact accreditation or the PPA renewal process allows for early intervention and corrective action.      
  • Internal and external matters: Matters such as staffing and litigation may pose negative consequences on the future financial position of an institution.

Action: Management should be implementing and/or monitoring ongoing reviews of key performance indicators, including those identified above. For the annual audit, this information should be summarized and provided to your auditor to support your assertion that your institution is a going concern.

New accounting and auditing standards

Topic 842 – Lease Accounting

All institutions are now required to adopt the new lease accounting standards. Without going into the intricacies of these calculations, the overall requirements are that each institution document a list of lease agreements and evaluate whether they meet the requirements of Topic 842. If so, the finance department should have appropriate documentation to support the calculations related to the initial recognition of the right-of-use asset, liability, and the ongoing amortization of the asset and liability, including documentation of assumptions used in the calculations and support for the new lease disclosures. 

Action: Management should be prepared to provide this information to the auditor along with other audit support documentation.

Proprietary School Audit Guide

On March 10, 2023, the Department released the 2023 Guide for Financial Statement Audits of Proprietary Schools and For Compliance Attestation Examination Engagements of Proprietary Schools and Third-Party Servicers Administering Title IV Programs (the “Audit Guide”). This new audit guide is effective for fiscal years beginning on or after January 1, 2023, with early implementation allowed and encouraged. Key highlights of the changes include:

  • Changing the compliance engagement to an examination-level attestation
  • Adding a requirement to test the Financial Responsibility Supplemental Schedule
  • Changing and/or modifying various testing and sampling requirements
  • Removing the requirement to send out confirmations directly to students
  • Updating illustrative reports
  • Removing the requirement for Servicer Information Sheets in school report packages

Action: Management should review the new audit guide and work with the auditors to not only determine when to adopt it, but also to understand how the new guidance will impact the institution’s financial reporting.

Regulatory compliance requirements

Gramm-Leach-Bliley Act

On Dec. 9, 2021, the Federal Trade Commission issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguard Rule). The Final Rule established minimum standards that institutions must meet for protecting privacy and personal information under the Gramm-Leach-Bliley Act (GLBA). The objectives are to:

1. Ensure the security and confidentiality of student information

2. Protect against any anticipated threats or hazards to the security or integrity of such information

3. Protect against unauthorized access to, or use of, such information that could result in substantial harm or inconvenience to any student

These new regulations were effective as of June 9, 2023.

Institutions are required to implement a written information security program that includes nine elements for institutions with more than 5,000 students. For institutions with less than 5,000 students, there are seven elements required. In general, these elements require the identification of a qualified individual to oversee the program, performance of a risk assessment, design and implementation of safeguards to control the risks, regular testing and monitoring, implementation of policies and procedures, oversight of information system(s) providers, evaluation of program based on required testing and monitoring, establishing an incident response plan, and regular reporting to those with control over the institution’s information security program.

Action: Under the 2023 OMB Compliance Supplement for Student Financial Aid testing, auditors are required to evaluate whether an institution has designated a qualified individual responsible for implementing and monitoring the institution's information security program and that the institution's written information security program addresses the additional required minimum elements. Management should be prepared to provide this information to the auditors.

During the last six months, there has been significant activity affecting the operations of higher education institutions, not the least of which were the two Supreme Court decisions handed down in June related to admissions and student loans which have received significant media coverage. A few of the more significant other issues that may also impact the future operations of your institution as follows:

  • Gainful Employment: On May 17, 2023, the Department issued proposed rules intended to establish safeguards to protect students from unaffordable debt. The proposal is intended to create rules that would allow the Department to terminate access to federal financial aid to programs that routinely leave graduates with unaffordable debt burdens or with insufficient earnings. 
  • The proposed regulations set specific performance standards to access federal financial aid and proposes a publicly available website run by the Department. The proposed regulations would also create a watch list of the least financially valuable post-secondary education programs. The proposed regulations also impact other regulatory areas including:
    • Financial responsibility: Allows the Department to secure upfront financial protection when risky colleges start to exhibit signs of financial issues
    • Administrative capability: Requires colleges to provide adequate career services, clearer financial aid information, and limits the employment of individuals with a history of risky behavior or misconduct related to federal financial aid programs
    • Certification procedures: Allows the Department to incorporate stronger safeguards into its written agreements with institutions for participating in federal financial aid programs
  • After reviewing public comments, the Department expects to finalize the rules later this year and have them go into effect on July 1, 2024.
  • Action: If these proposed regulations are issued, each institution will be required to gather a significant amount of data to support the requirements. Management should continue to monitor the Department’s progress and be prepared to implement policies, procedures, and systems to gather the information that will be needed.
  • Third-Party Servicers: The Department issued a Dear Colleague letter (DCL ID: GEN-23-03) (the Letter) on Feb. 15, 2023, addressing third-party servicers, which was subsequently updated on February 28, 2023. The Letter states that entities performing the functions of student recruiting and retention, providing software products and services involving Title IV administration activities, and providing educational content and instruction are defined as third-party servicers and subject to reporting requirements. They are also subject to annual non-federal audits of the Title IV-relevant functions they perform, if those functions are covered by the Audit Guide. The Letter provides a table that includes a list of functions that would render the entity a third-party servicer subject to these requirements. This guidance and the reporting requirements will become effective on Sept. 1, 2023. 
  • Action: Each institution should begin reviewing its third-party agreements to ascertain which would be subject to the new guidelines.
  • System upgrades: According to the Electronic Announcement GENERAL-23-59 issued July 19, 2023, the Department is working to build a new and modernized grants and financial management system known as G6; replacing the current G5 system. On Aug. 7, 2023, the first three system upgrades will begin for G6. Changes to system functionality are not expected until late 2023. 
  • Action: We suggest that management follow the Department’s reminder to monitor the current website for communications and additional information about the transition.
  • Enrollment reporting: In January of 2023 the Department identified system issues that began on July 19, 2022, and lasted through Feb. 28, 2023. These system issues impacted institutions’ ability to comply with enrollment reporting requirements.  When performing the audit for an institution affected by this issue, the Office of Management and Budget has approved alternative procedures to the Student Financial Assistance Clusters Special Test for Enrollment Reporting, which are included in the 2023 Compliance Supplement.

Action: An institution’s financial aid office should review the electronic announcement posted on April 17, 2023, and be prepared to provide the auditor with the information necessary to perform these alternative procedures.


Patricia McGowan, Partner, Assurance



Get in touch with our specialists

View All Specialists
pat mcgowan

Patricia McGowan

CPA, Partner & Higher Education Sector Leader

Looking for the full list of our dedicated professionals here at CohnReznick?



Let’s start a conversation about your company’s strategic goals and vision for the future.

Please fill all required fields*

Please verify your information and check to see if all require fields have been filled in.

Please select job function
Please select job level
Please select country
Please select state
Please select industry
Please select topic
This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and CohnReznick LLP, its partners, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.