COGR Submits Letter to OMB to Address 2017 Compliance Supplement and Securing Student Information

The letter, jointly submitted by NACUBO, EDUCAUSE, COGR, and NASFAA, expresses significant concerns regarding the U.S. Department of Education’s proposed audit objective related to securing student information, as outlined in Section 14 of the 2017 Compliance Supplement Vett Draft. The associations argue that the proposed objective is excessively broad and insufficiently specific, which would generate arbitrary compliance measures, increase operational and financial burdens for higher education institutions, and disrupt established auditing and information security processes. The letter highlights the higher education sector’s ongoing commitment to safeguarding student information through adherence to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, noting its success has stemmed from built-in flexibility that accommodates the diverse structures and risk profiles of different institutions.

Citing past collaboration with regulators and expert organizations, the associations express disappointment that such a impactful proposal has advanced without adequate industry consultation or discussion. They echo similar concerns raised by the National State Auditors Association and the AICPA, recommending that the Office of Management and Budget either remove the new objective or revise it to include clear, objective criteria, delaying implementation if necessary. The letter underscores the potentially significant and unplanned costs of the new audit requirement, which could divert resources from educational and research missions. The authors urge the OMB and ED to prioritize open dialogue and collaborative policy development, warning that premature or poorly structured oversight could undermine both audit effectiveness and institutional compliance while imposing unnecessary burdens on the higher education community.