Robert W Jenkins CHAIR

Vacant VICE CHAIR

David D Teuscher MD SECRETARY OF THE BOARD

Christina Delgado STUDENT REPRESENT A nvE

Dora G Alcala S Javaid Anwar Ambassador Sada Cumber Fred Farias Ill 0 0 Janelle Shepard John T Steen Jr

Raymund A Paredes COMMISSIONER OF HIGHER EDUCATION

512 427-6 101 Fax 512 427-6127

Web site http www thecbstate tx us

TEXAS HIGHER EDUCATION COORDINATING BOARD

PO Box 12788 Austin Texas 78711

March 9 2016

Dr Jeremy P McMillen President Grayson College 6101 Grayson Drive (Hwy 691) Denison Texas 75020

RE A Compliance Desk Review of Formula Funding at Grayson College

Dear Dr McMillen

I am attaching the final report of A Compliance Desk Review of Formula Funding at Grayson College Report No THECB-CM-FF-16-001

This Compliance Monitoring review report will be presented to the THECB Committee on Agency Operations a standing committee of the THECB Board on April 27 2016

If you have any questions or comments please let me know

Sincerely ~

JJMAIW Mark A Poehl CPA CIA CISA CFE Director Internal Audit and Compliance

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

EXECUTIVE SUMMARY

Processes were insufficient to ensure that data used for formula funding decision-making such as student enrollment information is accurate reliable and access is limited to those who have legitimate educational interests

Therefore our original review objectives including a determination of the accuracy of contact hours reported by Grayson College were unable to be met A follow up audit will be performed to evaluate Grayson Colleges information security controls as a basis for future base period assessment of the accuracy of contact hours reported for formula funding purposes

Review Scope Objective and Methodology

Our review included an examination of information security controls over enrollment data reported and certified by Grayson College

Our work included procedures to verify

bull Controls over access to data in the student information system were adequate

Due to weak information security controls we were unable to verify

bull Contact hoursenrollment met reporting requirements and bull Contact hours were eligible for formula funding

The review methodology included objectively reviewing and analyzing various forms of documentation of controls necessary to achieve the objectives of the review

Background

Fifty Public community college districts receive state appropriations based on their student enrollment data These institutions are governed by locally elected boards that have the authority to levy property taxes in their districts The state appropriations the colleges receive are used to fund administrative and instructional (education and general) services for post-secondary academic and vocationaltechnical education

State financing of higher education programs for public community colleges is provided from the States General Revenue Fund The THECB and the Comptroller of Public Accounts distributes these appropriations to colleges

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

based on allocations and performance measures Each college submits enrollment reports (CBM Reports) to the THECB to document the number of contact hours taught by the college in each semester The formula for state funding involves multiplying the base period contact hours submitted by colleges by the applicable funding rates

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Detailed Observation Recommendation and Managements Response

1 Improve information technology processes and controls over security access to the student information system to ensure compliance with 34 sectCFR 9931 (FERPA) and to follow the best practices in Texas Administrative Code sectsect 20270 - 20276 Information technology controls over security access to the student information system require improvement

Information technology controls over security access to the student information system require improvement Although Grayson College has some policies and procedures in place to limit access to information systems the policies and procedures do not provide reasonable assurance that Grayson College is in compliance with FERPA (34 CFR sect 9931) and with the information security best practices in TAC Chapter 202 Information security weaknesses over student information included

A The existing PoiseJenzabar student information system does not provide enough granularity in access limitations to provide reasonable control of user access The user access controls are limited to just 11 different security profiles This creates overly broad access For example all 27 users that have access to the registration module (REG) have the same read and write access to registration data Many of these users would only require read access or modify access limited to certain registration screens

B Active user names for 294 users could not be associated with current employee names Grayson College confirmed that at least 34 of these active usernames should have been removed Only active employees should have active usernames A current list of active users should be maintained and reviewed against a current list of employees on a periodic basis to confirm appropriate access

C Generic user names for 232 users were identified and could not be associated with any one individual Grayson College confirmed that at least 33 of these needed to be removed Generic usernames should not be used so that activity associated with a particular user name can be tracked back to one individual

D Nine users were identified with overly broad access to multiple student information systems modules based on the users job function For example three users have access to eight or more of the eleven student information system modules six users have access to both the financial

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

aid module (AID) and the registration module (REG) and five users have access to both the registration module (REG) and the student business records module (SBR) Security access profiles and individual user access should be reviewed periodically Individual user access should be based on job position and only allow access as necessary

FERPA (34CFR sect 9931(a)(1)(ii)) requires that An educational agency or institution must use reasonable methods to ensure that school officials obtain access to only those education records in which they have a legitimate educational interests In addition as a best practice TAC sect 20271 (b)(8) requires developing and recommending policies and establishing procedures and practices necessary to ensure the security of information and information resources against unauthorized or accidental modification destruction or disclosure

Recommendation

Enhance security controls over student information to provide reasonable assurance that the user access permission controls are improved to comply with 34 CFR sect 9931 (FERPA) and align with the best practices of TAC sectsect 202 70 - 202 76 to better protect registration information and other student data from unauthorized use

Management Response

It is our belief that the Enterprise Resource Planning (ERP) system in use at the time of our visit was insufficient to address the concerns expressed in your audit I am pleased to report that Grayson College ceased using the POISE Enterprise Resource Planning (ERP) system on February 15 2016 We have migrated our student information to CAMS Enterprise our new ERP During this transition Grayson College has also migrated our network sign-on authentication system to Microsoft Active Directory Further our human resources system has been upgraded to Microsoft GP The combination of these systems allows for more control over our systems than was possible in our previous system We believe that this migration coupled with the judicious execution of smart procedures will address all of the concerns that emerged in the technology audit

Specific examples are listed as items A-D in the report We respectfully provide a response to each of those below

A System does not provide enough granularity in access limitations to provide reasonable control of user access

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Response The new ERP (CAMS Enterprise) provides considerably more granular control and gives us the opportunity to add different levels of security We have a record on file of the access rights given to all users These rights were assigned by the supervisors and approved by another layer of administration The PoiseJenzabar student information system is no longer in use

B Active user names association with current employees

Response The previous list of active users in POISE no longer exists and the college has created a new list of active employees with appropriate rights Going forward no active employee will be given any rights until we have record of those rights on file with administrative approval Rights management is much easier within our new ERP (CAMS Enterprise) Further the implementation of Microsoft Active Directory provides another layer of access control and has been implemented A periodic review of the current list ofactive users against current employees will be conducted to ensure the processes are working effectively

C Generic user names

Response Grayson College has discontinued the use of generic user names The systems administrator has been instructed to never assign generic user names A sample review of user names will take place annually to assure this practice

D Overly broad access

Response Grayson College has implemented individual user access based on job position only allowing employees access to the modules within the CAMS Enterprise system that are tied to their job The systems administrator has been instructed not to assign rights to multiple modules unless necessary and approved by administration We will conduct a sample annual review to verify this practice

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

based on allocations and performance measures Each college submits enrollment reports (CBM Reports) to the THECB to document the number of contact hours taught by the college in each semester The formula for state funding involves multiplying the base period contact hours submitted by colleges by the applicable funding rates

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Detailed Observation Recommendation and Managements Response

1 Improve information technology processes and controls over security access to the student information system to ensure compliance with 34 sectCFR 9931 (FERPA) and to follow the best practices in Texas Administrative Code sectsect 20270 - 20276 Information technology controls over security access to the student information system require improvement

Information technology controls over security access to the student information system require improvement Although Grayson College has some policies and procedures in place to limit access to information systems the policies and procedures do not provide reasonable assurance that Grayson College is in compliance with FERPA (34 CFR sect 9931) and with the information security best practices in TAC Chapter 202 Information security weaknesses over student information included

A The existing PoiseJenzabar student information system does not provide enough granularity in access limitations to provide reasonable control of user access The user access controls are limited to just 11 different security profiles This creates overly broad access For example all 27 users that have access to the registration module (REG) have the same read and write access to registration data Many of these users would only require read access or modify access limited to certain registration screens

B Active user names for 294 users could not be associated with current employee names Grayson College confirmed that at least 34 of these active usernames should have been removed Only active employees should have active usernames A current list of active users should be maintained and reviewed against a current list of employees on a periodic basis to confirm appropriate access

C Generic user names for 232 users were identified and could not be associated with any one individual Grayson College confirmed that at least 33 of these needed to be removed Generic usernames should not be used so that activity associated with a particular user name can be tracked back to one individual

D Nine users were identified with overly broad access to multiple student information systems modules based on the users job function For example three users have access to eight or more of the eleven student information system modules six users have access to both the financial

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

aid module (AID) and the registration module (REG) and five users have access to both the registration module (REG) and the student business records module (SBR) Security access profiles and individual user access should be reviewed periodically Individual user access should be based on job position and only allow access as necessary

FERPA (34CFR sect 9931(a)(1)(ii)) requires that An educational agency or institution must use reasonable methods to ensure that school officials obtain access to only those education records in which they have a legitimate educational interests In addition as a best practice TAC sect 20271 (b)(8) requires developing and recommending policies and establishing procedures and practices necessary to ensure the security of information and information resources against unauthorized or accidental modification destruction or disclosure

Recommendation

Enhance security controls over student information to provide reasonable assurance that the user access permission controls are improved to comply with 34 CFR sect 9931 (FERPA) and align with the best practices of TAC sectsect 202 70 - 202 76 to better protect registration information and other student data from unauthorized use

Management Response

It is our belief that the Enterprise Resource Planning (ERP) system in use at the time of our visit was insufficient to address the concerns expressed in your audit I am pleased to report that Grayson College ceased using the POISE Enterprise Resource Planning (ERP) system on February 15 2016 We have migrated our student information to CAMS Enterprise our new ERP During this transition Grayson College has also migrated our network sign-on authentication system to Microsoft Active Directory Further our human resources system has been upgraded to Microsoft GP The combination of these systems allows for more control over our systems than was possible in our previous system We believe that this migration coupled with the judicious execution of smart procedures will address all of the concerns that emerged in the technology audit

Specific examples are listed as items A-D in the report We respectfully provide a response to each of those below

A System does not provide enough granularity in access limitations to provide reasonable control of user access

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Response The new ERP (CAMS Enterprise) provides considerably more granular control and gives us the opportunity to add different levels of security We have a record on file of the access rights given to all users These rights were assigned by the supervisors and approved by another layer of administration The PoiseJenzabar student information system is no longer in use

B Active user names association with current employees

Response The previous list of active users in POISE no longer exists and the college has created a new list of active employees with appropriate rights Going forward no active employee will be given any rights until we have record of those rights on file with administrative approval Rights management is much easier within our new ERP (CAMS Enterprise) Further the implementation of Microsoft Active Directory provides another layer of access control and has been implemented A periodic review of the current list ofactive users against current employees will be conducted to ensure the processes are working effectively

C Generic user names

Response Grayson College has discontinued the use of generic user names The systems administrator has been instructed to never assign generic user names A sample review of user names will take place annually to assure this practice

D Overly broad access

Response Grayson College has implemented individual user access based on job position only allowing employees access to the modules within the CAMS Enterprise system that are tied to their job The systems administrator has been instructed not to assign rights to multiple modules unless necessary and approved by administration We will conduct a sample annual review to verify this practice

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Detailed Observation Recommendation and Managements Response

1 Improve information technology processes and controls over security access to the student information system to ensure compliance with 34 sectCFR 9931 (FERPA) and to follow the best practices in Texas Administrative Code sectsect 20270 - 20276 Information technology controls over security access to the student information system require improvement

Information technology controls over security access to the student information system require improvement Although Grayson College has some policies and procedures in place to limit access to information systems the policies and procedures do not provide reasonable assurance that Grayson College is in compliance with FERPA (34 CFR sect 9931) and with the information security best practices in TAC Chapter 202 Information security weaknesses over student information included

A The existing PoiseJenzabar student information system does not provide enough granularity in access limitations to provide reasonable control of user access The user access controls are limited to just 11 different security profiles This creates overly broad access For example all 27 users that have access to the registration module (REG) have the same read and write access to registration data Many of these users would only require read access or modify access limited to certain registration screens

B Active user names for 294 users could not be associated with current employee names Grayson College confirmed that at least 34 of these active usernames should have been removed Only active employees should have active usernames A current list of active users should be maintained and reviewed against a current list of employees on a periodic basis to confirm appropriate access

C Generic user names for 232 users were identified and could not be associated with any one individual Grayson College confirmed that at least 33 of these needed to be removed Generic usernames should not be used so that activity associated with a particular user name can be tracked back to one individual

D Nine users were identified with overly broad access to multiple student information systems modules based on the users job function For example three users have access to eight or more of the eleven student information system modules six users have access to both the financial

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

aid module (AID) and the registration module (REG) and five users have access to both the registration module (REG) and the student business records module (SBR) Security access profiles and individual user access should be reviewed periodically Individual user access should be based on job position and only allow access as necessary

FERPA (34CFR sect 9931(a)(1)(ii)) requires that An educational agency or institution must use reasonable methods to ensure that school officials obtain access to only those education records in which they have a legitimate educational interests In addition as a best practice TAC sect 20271 (b)(8) requires developing and recommending policies and establishing procedures and practices necessary to ensure the security of information and information resources against unauthorized or accidental modification destruction or disclosure

Recommendation

Enhance security controls over student information to provide reasonable assurance that the user access permission controls are improved to comply with 34 CFR sect 9931 (FERPA) and align with the best practices of TAC sectsect 202 70 - 202 76 to better protect registration information and other student data from unauthorized use

Management Response

It is our belief that the Enterprise Resource Planning (ERP) system in use at the time of our visit was insufficient to address the concerns expressed in your audit I am pleased to report that Grayson College ceased using the POISE Enterprise Resource Planning (ERP) system on February 15 2016 We have migrated our student information to CAMS Enterprise our new ERP During this transition Grayson College has also migrated our network sign-on authentication system to Microsoft Active Directory Further our human resources system has been upgraded to Microsoft GP The combination of these systems allows for more control over our systems than was possible in our previous system We believe that this migration coupled with the judicious execution of smart procedures will address all of the concerns that emerged in the technology audit

Specific examples are listed as items A-D in the report We respectfully provide a response to each of those below

A System does not provide enough granularity in access limitations to provide reasonable control of user access

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Response The new ERP (CAMS Enterprise) provides considerably more granular control and gives us the opportunity to add different levels of security We have a record on file of the access rights given to all users These rights were assigned by the supervisors and approved by another layer of administration The PoiseJenzabar student information system is no longer in use

B Active user names association with current employees

Response The previous list of active users in POISE no longer exists and the college has created a new list of active employees with appropriate rights Going forward no active employee will be given any rights until we have record of those rights on file with administrative approval Rights management is much easier within our new ERP (CAMS Enterprise) Further the implementation of Microsoft Active Directory provides another layer of access control and has been implemented A periodic review of the current list ofactive users against current employees will be conducted to ensure the processes are working effectively

C Generic user names

Response Grayson College has discontinued the use of generic user names The systems administrator has been instructed to never assign generic user names A sample review of user names will take place annually to assure this practice

D Overly broad access

Response Grayson College has implemented individual user access based on job position only allowing employees access to the modules within the CAMS Enterprise system that are tied to their job The systems administrator has been instructed not to assign rights to multiple modules unless necessary and approved by administration We will conduct a sample annual review to verify this practice

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

aid module (AID) and the registration module (REG) and five users have access to both the registration module (REG) and the student business records module (SBR) Security access profiles and individual user access should be reviewed periodically Individual user access should be based on job position and only allow access as necessary

FERPA (34CFR sect 9931(a)(1)(ii)) requires that An educational agency or institution must use reasonable methods to ensure that school officials obtain access to only those education records in which they have a legitimate educational interests In addition as a best practice TAC sect 20271 (b)(8) requires developing and recommending policies and establishing procedures and practices necessary to ensure the security of information and information resources against unauthorized or accidental modification destruction or disclosure

Recommendation

Enhance security controls over student information to provide reasonable assurance that the user access permission controls are improved to comply with 34 CFR sect 9931 (FERPA) and align with the best practices of TAC sectsect 202 70 - 202 76 to better protect registration information and other student data from unauthorized use

Management Response

It is our belief that the Enterprise Resource Planning (ERP) system in use at the time of our visit was insufficient to address the concerns expressed in your audit I am pleased to report that Grayson College ceased using the POISE Enterprise Resource Planning (ERP) system on February 15 2016 We have migrated our student information to CAMS Enterprise our new ERP During this transition Grayson College has also migrated our network sign-on authentication system to Microsoft Active Directory Further our human resources system has been upgraded to Microsoft GP The combination of these systems allows for more control over our systems than was possible in our previous system We believe that this migration coupled with the judicious execution of smart procedures will address all of the concerns that emerged in the technology audit

Specific examples are listed as items A-D in the report We respectfully provide a response to each of those below

A System does not provide enough granularity in access limitations to provide reasonable control of user access

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Response The new ERP (CAMS Enterprise) provides considerably more granular control and gives us the opportunity to add different levels of security We have a record on file of the access rights given to all users These rights were assigned by the supervisors and approved by another layer of administration The PoiseJenzabar student information system is no longer in use

B Active user names association with current employees

Response The previous list of active users in POISE no longer exists and the college has created a new list of active employees with appropriate rights Going forward no active employee will be given any rights until we have record of those rights on file with administrative approval Rights management is much easier within our new ERP (CAMS Enterprise) Further the implementation of Microsoft Active Directory provides another layer of access control and has been implemented A periodic review of the current list ofactive users against current employees will be conducted to ensure the processes are working effectively

C Generic user names

Response Grayson College has discontinued the use of generic user names The systems administrator has been instructed to never assign generic user names A sample review of user names will take place annually to assure this practice

D Overly broad access

Response Grayson College has implemented individual user access based on job position only allowing employees access to the modules within the CAMS Enterprise system that are tied to their job The systems administrator has been instructed not to assign rights to multiple modules unless necessary and approved by administration We will conduct a sample annual review to verify this practice

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

Response The new ERP (CAMS Enterprise) provides considerably more granular control and gives us the opportunity to add different levels of security We have a record on file of the access rights given to all users These rights were assigned by the supervisors and approved by another layer of administration The PoiseJenzabar student information system is no longer in use

B Active user names association with current employees

Response The previous list of active users in POISE no longer exists and the college has created a new list of active employees with appropriate rights Going forward no active employee will be given any rights until we have record of those rights on file with administrative approval Rights management is much easier within our new ERP (CAMS Enterprise) Further the implementation of Microsoft Active Directory provides another layer of access control and has been implemented A periodic review of the current list ofactive users against current employees will be conducted to ensure the processes are working effectively

C Generic user names

Response Grayson College has discontinued the use of generic user names The systems administrator has been instructed to never assign generic user names A sample review of user names will take place annually to assure this practice

D Overly broad access

Response Grayson College has implemented individual user access based on job position only allowing employees access to the modules within the CAMS Enterprise system that are tied to their job The systems administrator has been instructed not to assign rights to multiple modules unless necessary and approved by administration We will conduct a sample annual review to verify this practice

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016

PERFORMED BY Mr Paul Maeyaert JD MBA Compliance Specialist

cc

THECB Board Members

Commissioners Office Dr Raymund A Paredes Commissioner of Higher Education Ms Linda Battles Deputy Commissioner for Agency Operations and

CommunicationCOO Dr David Gardner Deputy Commissioner for Academic Planning and Policy Mr William Franz General Counsel

Strategic Planning and Funding Dr Julie Eklund Assistant Commissioner Strategic Planning and Funding

Grayson College Mr Ronnie Cole Chair Board of Trustees Ms Christy Klemiuk Director of Admissions and Registrar Mr Gary Paikowski Vice President of Informational Technology

Texas Association of Community Colleges Mr Jacob Fraire President and CEO

STATUTORY DISTRIBUTION REQUIREMENT State Auditors Office Internal Audit Coordinator

Sunset Advisory Commission Mr Ken Levine Director

A Compliance Desk Review of Formula Funding at Grayson College Report No THECB CM-FF-16-001

March 2016