SaltyCloud is a Public Benefit Company
info@saltycloud.com

Conducting the GLBA Pre-Audit Assessment


During a Gramm-Leach-Bliley Act (GLBA) audit, auditors are looking to verify that the institution and its covered units meet the Standards for Safeguarding Customer Information (standards) set forth by the Federal Trade Commission (FTC). One of the best ways to prepare yourself and your institution for that audit is with a GLBA Pre-Audit Assessment. In this blog post, we will cover the why and how of the assessment. We’ve also created a spreadsheet template to guide you.

Interested in learning more about the GLBA in Higher Education? Check out our comprehensive blog post.


Why conduct a GLBA Pre-Audit Assessment?


For your auditors, it will serve as a powerful, evidential document of your compliance. For your institution, it will serve as a guide of current gaps that need to be addressed.


Process


Conducting the pre-audit assessment will look differently depending on the complexity of your institution. For example, you may have more than one GLBA covered unit (e.g., registrars office, student aid office, bookstore, etc.).  This also means that not every unit might be covered in the same way. Before you begin, ensure that you’ve:

  • Identified all units working with Federal Student Aid (FSA) systems.
  • Created a questionnaire specific to your covered units
  • Implemented a process for conducting the assessment

What questions should the pre-audit assessment include?


Your questionnaire should include yes-no questions that can measure compliance with each of the standards. Each question should also allow for units to provide clarification for their response.

It can be challenging to know what questions to ask, how many to include, or how to word them. You can leverage the GLBA Audit Spreadsheet inside of our Definitive Step-by-Step Guidebook to Ace your GLBA Audit to help you create your own questionnaire as well as better understand how an auditor might audit for the standards. The spreadsheet is a crosswalk between the FTC standards and the Office of the Comptroller of the Currency (OCC) Examination Procedures (OCC Bulletin 2001-35).


How do I conduct the assessment?


You can do it manually with spreadsheets and email, outsource the whole process to consultants, employ legacy Governance, Risk, and Compliance (GRC) tools, or leverage our streamlined surveying platform, Isora GRC. Ultimately, there is no “right” way to conduct any kind of compliance assessment. There are only more efficient, cost-effective ways. Whatever method you choose, ensure that:

  • Compliance gaps can easily be identified
  • All findings are accurate and organized
  • Followup assessments can easily be conducted
  • Data can be exported for auditors

What do I do with the findings?


Study the findings and document any gaps. Prioritize the more critical gaps and work with the individual covered units on mitigation. Compare the findings with any previous findings to measure improvements over time. Create formatted, digestible reports that you can share with both your stakeholders and auditors to prove compliance.


I still have questions, can SaltyCloud help?


We sure can. We work with dozens of top universities in the United States to help them ace their compliance audits and safeguard their organization. Learn more about our surveying platform, Isora GRC, or email us at info@saltycloud.com.

WRITTEN
for EDU

Ace your GLBA Audit

The Definitive Step-by-Step Guidebook

Learn how to build a process that keeps auditors happy and your institution secure. Plus get access to our GLBA Audit Spreadsheet.