Clery Compliance from 80,000 Feet
Publication Date: February 19, 2021
In September 2020, UC Berkeley agreed to pay a $2.35 million fine to the U.S. Department of Education (“ED”) and will be monitored for two years as a result of violating the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (“Clery Act”). According to an article in The Daily Californian, ED found that more than 1,100 out of approximately 32,000 records reviewed over a five-year period were misclassified. “Many of the violations were for technical errors,” said campus spokesperson, Janet Gilmore, in an email. “Compliance with Clery requirements is highly technical and differs from other types of crime reporting conducted by law enforcement agencies and others.”
Compliance with Clery requirements is highly technical and differs from other types of crime reporting.
As of October 2020, ED rescinded the 265-page 2016 Clery Handbook (“2016 Handbook”), which served as a guide to institutional administrators about what to do to be compliant with the Clery Act. The 2016 Handbook was replaced with a 13-page Appendix in the Federal Student Aid Handbook; however, as of the date of this article’s submission, the Appendix does not yet have the force and effect of the law. This new guidance is effective for the 2021 reporting year and gives institutions more discretion on defining certain matters, such as which campus administrators must report campus crime statistics to ED and what area is considered the campus for data compilation purposes.[1]
Complying with the requirements in the Clery Act are indeed very technical and an internal auditor can spend hundreds of hours auditing all of the requirements. As of January 7, 2021, institutions may be fined up to $58,328[2] for each infraction and ED has the authority to suspend institutions from participating in federal financial aid programs, at their discretion. Therefore, testing controls to ensure that Clery processes are designed and operating as required is important!
Clery Compliance Controls
There are a few things that an internal auditor can review to get a sense of their institution’s Clery compliance controls. Focusing on a few key areas can help provide an indication of an institution’s compliance with Clery and will not consume hundreds of hours of auditor effort:
Check the police department’s daily crime log.
One of the easiest things to check is the daily crime log. Daily crime logs are required to be readily available to the public. The next time a member of your department is near the police department, just stop in and ask to see the daily crime log to verify it is readily available. The log should be up-to-date and easily accessible to anyone who asks to see it.
Compare the Annual Security Report (ASR) to ED’s Campus Safety and Security database.
Generally, ASR must be published and made available to the public by October 1st; however, due to an unprecedented year, the submission deadline for 2020 was extended to December 31, 2020.[3] In addition, the crime statistics must be uploaded to ED’s Campus Safety and Security system. Data entry into ED’s system is not foolproof and errors in data entry can easily occur. Comparing an institution’s ASR crime statistics to the crime statistics in the ED’s system is a quick process.
Reviewing Campus Security Authority (CSA) documentation.
A strong indicator for CSA compliance is the accuracy and completeness of an institution’s list of CSAs.Campus Security Authorities must understand their roles and responsibilities related to campus safety and security. A strong indicator for CSA compliance is the accuracy and completeness of an institution’s list of CSAs, as well as evidence that the CSAs understand their roles and responsibilities. While ED does not require that CSAs be trained, a university can prove compliance by providing both a current list of CSAs and evidence of a robust communication/training program. A simple review of the most current list of CSAs and associated training records will provide insight on an institution’s Clery compliance efforts.
Perform a desk review of the ASR.
Performing a desk review of the ASR is another way to get a read on an institution’s culture of compliance with the Clery Act. The Clery Act mandates certain policy statements describing the various components of the campus Clery Act program be included in the ASR. There are 74 required policy statement elements, ten of which are only required for locations with on-campus housing facilities.
In addition, institutions are required to publish certain crime statistics for the previous three years in the ASR and those with on-campus housing facilities are also required to publish fire statistics. These statistics can be traced back to supporting documentation, such as university police reports, daily crime logs, and other source information for accuracy. It is important to gain an understanding of the process for gathering and assembling crime statistics to ensure the statistics are accurate and complete. This primarily includes statistics received from the university police department, student affairs on campus, and local law enforcement off campus.
Multiple campus locations can also be a problem area in the ASR. Institutions with multiple campus locations face challenges in making sure crime statistics and policy statements are included for each campus location.
Check timely warnings.
Institutions should have written procedures to address the use, content, and documentation of timely warnings. An easy check is to make note of any crimes on the daily crime log that would likely compel a timely warning (e.g., assault, theft of a vehicle, burglary of a building) and see if any were issued for those crimes. Ask to see the documented procedures for timely warnings and compare those procedures to the Clery Act guidelines.
The checklist in the appendix of the 2016 Handbook was a great resource for Clery compliance; it will be archived on the Department of Education’s website for future use. At the time of this article’s publication, a new presidential administration will be in office and there is a possibility that the Handbook could be brought back.
References
- Information obtained from Inside Higher Ed: https://www.insidehighered.com/news/2020/10/19/education-department-pulls-handbook-clery-act-requirements
- https://clerycenter.org/policy-resources/#:~:text=With%20fines%20of%20up%20to,environments%20for%20staff%20and%20students
- Despite the extended deadline for submission, the 2020 reporting year should still follow the 2016 Handbook for Campus Safety and Security Reporting.
About the Author
From This Issue
- Are Agency Funds Driving up Your Costs?
- Letter from the President
- Letter from the Editor
- Preliminary Information Gathering (PING)
- Data Privacy Primer: Regulations & Risks
- Auditor as an Investigator?
- Emerging Technologies’ Impact on Construction Audits
- Distributed Information Systems Management Auditing
- ACUA and EDUCAUSE Intersect to Assist Campuses: An Interview with John O’Brien
- Collective Learning Communities for Internal Auditors
- Letter from the President