Skip to statewide header Skip to site header Skip to main content Skip to site footer Skip to statewide footer
Brick building at a college campus with students walking

2024-032 Clery Act Requirements and Crime Reporting

Six California Colleges and Universities We Visited Struggled to Report Accurate Campus Safety Information

July 30, 2024
2024‑032

The Governor of California
President pro Tempore of the Senate
Speaker of the Assembly
State Capitol
Sacramento, California 95814

Dear Governor and Legislative Leaders:

As required by section 67382 of the Education Code, my office conducted an audit of six institutions of higher education (institutions) to determine their compliance with the federal Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act). We determined that in general the six institutions we reviewed did not fully comply with the Clery Act’s requirements for safety policies or the accurate reporting of crime statistics.

The six institutions we reviewed reported crime statistics in their 2023 annual security reports, but five of them did not do so accurately. We also found omissions in four of these institutions’ crime logs—public records that are intended to provide timely information about all criminal activity on campus. Because of these errors and omissions, current and prospective students, staff, and other stakeholders may have an inaccurate understanding of campus safety.

Finally, we found that none of the six institutions we reviewed had fully complied with the Clery Act, federal regulations, and certain state law provisions that require institutions to have in place specific security policies and disclose these policies in their annual security reports. If institutions do not disclose all required policies, students and other stakeholders may not have the information necessary to make informed decisions about their personal security, or they may not be aware of resources available to help ensure their safety.

Respectfully submitted,

GRANT PARKS
California State Auditor

Selected Abbreviations Used in This Report

ChicoCalifornia State University, Chico
Clery ActJeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act
CSUCalifornia State University
EDU.S. Department of Education
Imperial ValleyImperial Valley College
Mount Saint Mary’sMount Saint Mary’s University, Los Angeles
Orange CoastOrange Coast College
San DiegoUniversity of San Diego
Santa CruzUniversity of California, Santa Cruz
Title IVTitle IV of the Higher Education Act of 1965
UCUniversity of California
VAWAViolence Against Women Reauthorization Act of 2013

Summary

KEY FINDINGS AND RECOMMENDATIONS

To help inform students, employees, applicants, and their parents about campus safety, the federal Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act) requires all eligible institutions of higher education (institutions) to prepare, publish, and distribute annual security reports disclosing specified campus crime statistics and campus security policies. As required by California state law, we have reviewed the compliance with these requirements for a selection of six institutions—California State University, Chico (Chico); Imperial Valley College (Imperial Valley); Mount Saint Mary’s University, Los Angeles (Mount Saint Mary’s); Orange Coast College (Orange Coast); University of San Diego (San Diego); and University of California, Santa Cruz (Santa Cruz)—from across the State. Our review found the following:

  • Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz reported statistics that were inaccurate or incomplete to varying degrees. For example, Santa Cruz did not include in its 2022 Clery statistics seven of 60 crimes we reviewed, and Mount Saint Mary’s reported 16 more crimes than it was required to report in its 2022 Clery statistics. Additionally, despite the importance of daily crime logs in providing accurate, transparent reporting on campus safety, we found incomplete daily crime logs at Chico, Mount Saint Mary’s, Orange Coast, and Santa Cruz.
  • The six institutions we reviewed did not disclose to stakeholders all campus safety policies, procedures, and programs that the Clery Act requires. For example, none of the institutions fully disclosed campus emergency response and evacuation procedures. In some cases, institutions disclosed in their annual security reports information that is required to come from policies, but the institutions did not have the underlying campus policies that would have included that information. Moreover, five of the six institutions that are required to comply with specific state requirements, such as having campus‑specific safety plans and memorandums of understanding with local police departments, did not always fully comply with the requirements.
  • These institutions did not comply with the Clery Act and with state law requirements because they lack adequate procedures, such as desktop manuals, for staff to follow when preparing Clery Act reports and because staff have not received sufficient training on the Clery Act and its requirements.

To address these findings and the fact that over the past 21 years, the State Auditor has found noncompliance with Clery Act requirements at 41 institutions, we recommend that the Legislature consider requiring all institutions subject to the Clery Act to undergo regular, periodic reviews of their compliance with the Clery Act and to publish the results online. We also make numerous recommendations to the campuses, including that they establish procedures for staff to follow when compiling Clery Act statistics, develop guidance for staff preparing annual security reports, and provide training to these staff to ensure they are aware of all of the Clery Act’s requirements and of all campus policies and protocols for complying with the Clery Act.

Agency Perspective

All six institutions agreed with our conclusions and indicated that they will implement our recommendations to improve their practices and processes for complying with Clery Act requirements.

Introduction

Background

To ensure the availability of accurate information for students, employees, applicants, and parents making decisions about institutions of higher education (institutions), the federal government enacted the Student Right‑to‑Know and Campus Security Act—later renamed the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Clery Act)—to provide transparency around campus crime policy and statistics. The Clery Act requires institutions that participate in federal student aid programs under Title IV of the Higher Education Act of 1965 (Title IV) to prepare, publish, and distribute annual security reports disclosing specified campus crime statistics and campus security policies. These institutions include both public and private nonprofit educational institutions of higher education and postsecondary vocational institutions.

Among other activities, each institution must publish and distribute an annual security report each year by October 1 that contains specified crime statistics for the three previous calendar years and specific statements of existing campus safety policies and procedures. In addition to federal requirements, state law requires institutions in California to implement certain types of campus safety policies and protocols that are more extensive than the Clery Act requires. For example, state law requires institutions to prepare and prominently post campus safety plans and to provide educational and preventive information about sex offenses.

This audit focused on six institutions, some public and some private, from across the State: California State University, Chico (Chico); Imperial Valley College (Imperial Valley); Mount Saint Mary’s University, Los Angeles (Mount Saint Mary’s); Orange Coast College (Orange Coast); University of San Diego (San Diego); and University of California, Santa Cruz (Santa Cruz). We based our selection on a number of factors, including the number of crimes each institution reported to the U.S. Department of Education (ED), the institution’s geographic location, the type of institution, and whether we had previously audited the institution.

Clery Act Requirements

The Clery Act requires institutions to publish an annual security report containing statistics related to specific crimes, such as murders, robberies, and aggravated assaults. These offenses, which we refer to in this report as Clery reportable crimes, are listed in detail in Appendix A and are grouped into four categories: criminal offenses; offenses that violate the Violence Against Women Reauthorization Act of 2013 (VAWA), such as domestic violence, dating violence, and stalking; hate crimes; and arrests and referrals for disciplinary action.

Each institution must distribute its annual security report by October 1 to all enrolled students and current employees. The institution can fulfill that requirement by posting the report to its website and notifying students and employees of its availability. Each institution must also notify prospective students and employees of the report’s availability and may use methods that include direct mail, campus mail, or electronic mail; must provide a description of the report’s contents; and must establish a means of requesting a copy. Additionally, each institution is required to submit its campus crime statistics annually to ED, which then makes the crime statistics available on its website so that interested persons can review data for a specific institution or compare the data for multiple schools.

The Clery Act requires institutions to report statistics related to crimes that occurred within specific Clery reporting locations (Clery geography), described in the text box. The institutions must annually report these statistics for the most recent and two preceding calendar years for which data are available. Federal regulations also require institutions to make a reasonable, good‑faith effort to obtain and disclose reportable crime statistics from local law enforcement agencies about crimes that occur within Clery geography but that may not have been reported directly to campus security authorities.

Clery Reporting Locations

Institutions must report statistics related to crimes that occur in the following locations:

  • On campus, including residence halls.
  • In or on noncampus buildings or property that an institution owns or controls.
  • On public property that is within a campus or is immediately adjacent to and accessible from a campus.

Source: Federal law.

Additionally, the Clery Act requires institutions to maintain certain campus policies and procedures and to include statements of those policies and procedures in their annual security reports. Table 1 provides a summary of the types of policies, procedures, and information that institutions must maintain and disclose in their reports. For example, institutions must include their procedures for students and others to report criminal actions or other emergencies that occur on campus. Institutions that provide on‑campus student housing must also include statements describing certain policies and procedures that the institution will follow in the event of a missing student.

State Law Requirements

State law requires certain institutions in California to implement campus safety policies and protocols in addition to the federal requirements. State law identifies those institutions it requires to comply with each separate provision. For example, some requirements pertain only to California State University (CSU) and California Community College (community college) institutions, whereas other requirements also apply to private institutions. Further, although many of these provisions appear to require the University of California (UC) to comply with the requirements, a separate provision in state law exempts UC’s institutions from these requirements unless the Board of Regents of the University of California (Regents) adopts a resolution making each requirement applicable to its institutions. According to UC’s legal counsel, the Regents have not yet adopted such a resolution. In Appendix D, we identify each of the provisions in state law and specify whether the institutions we reviewed complied with each provision as required or as a matter of best practice.

Among these provisions, state law requires certain institutions to implement additional policies related to sexual assault and to provide additional educational and preventive information about sex offenses, as well as other requirements. State law also requires most California institutions that receive public funds for student financial assistance to implement and prominently post Campus Safety Plans and to enter into memorandums of understanding with their local law enforcement agencies to clarify each agency’s responsibilities. These institutions must adopt certain campus safety policies in order to receive state funds for student financial assistance. Moreover, to receive such state funds, these institutions are also required to enter into agreements or partnerships to the extent feasible with existing on‑campus and community‑based organizations or to otherwise make available to students a variety of assistance services, such as counseling, mental health services, and victim advocacy.

Institutions We Reviewed and the Processes They Used to Compile and Report Clery Act Statistics

Institutions we reviewed use different processes for compiling and reporting their Clery crime statistics. Crimes are generally reported by campus security authorities, which can include campus police; by individuals who are responsible for campus security, such as monitors at entrances to institutional property; by officials who have significant responsibility for student and campus activities, including student housing and student discipline; by individuals or organizations that campus security policies have identified as campus security authorities to which students and employees should report criminal offenses; and by victims. The Clery coordinator at each institution compiles the Clery statistics and reports the data to ED and in the annual security report. Figure 1 shows examples of processes that institutions use to compile their Clery statistics.

Figure 1
Institutions Use Different Processes for Compiling and Reporting Clery Statistics

The flow chart shows the different processes a selection of institutions use to compile and report to ED their Clery crime statistics.

Source: Analysis of institutions’ practices of compiling Clery statistics.

For example, four different entities at Santa Cruz contribute to reporting Clery statistics: Risk and Safety Services, the Title IX office, the student conduct office, and the university police department. Santa Cruz’s Clery coordinator, who is housed within Risk and Safety Services, obtains Clery‑reportable statistics from each of the other three departments, prepares the institution’s annual security report, and sends the institution’s Clery statistics to ED. Chico and Mount Saint Mary’s also compile their Clery statistics using multiple data sources.

Three different entities at San Diego—the Department of Public Safety, the Title IX office, and the student conduct office—also separately record and store their incident reports, but San Diego’s Clery coordinator, housed within the Department of Public Safety, keeps a master spreadsheet of all incidents. She uses that master spreadsheet to compile the Clery statistics. Imperial Valley has a more streamlined process—its Campus Public Safety office uses a single database to record all incidents that occur on campus. Then the office uses that database to generate the institution’s Clery statistics. Finally, although Orange Coast’s different departments use their own incident‑recording databases, Orange Coast used a new database to track its Clery‑reportable crimes for 2022 by pulling data from incident reports located in its other internal databases.

Government Oversight and Guidance

Both the state and federal governments conduct oversight activities that evaluate institutions’ compliance with the Clery Act. State law requires the California State Auditor (State Auditor) to report to the Legislature the results of an audit every three years of not fewer than six institutions that receive federal student aid to determine those institutions’ compliance with the requirements of the Clery Act and related state laws. As part of these audits, the law requires the State Auditor to evaluate the accuracy of the crime statistics the institutions report and the effectiveness of the procedures the institutions use to identify, gather, and disseminate these data, as well as the institutions’ compliance with state law governing crime reporting and the institutions’ development and implementation of related policies and procedures.

The State Auditor has previously issued seven audit reports related to the Clery Act, as the text box shows. These reports have consistently found that the institutions reviewed were not fully complying with Clery Act requirements. For instance, the 2021 report found that of the six institutions we reviewed, the four institutions that reported crimes had errors in their reported crime statistics, and five institutions did not provide complete information about important campus safety policies to current and prospective students and employees.

The State Auditor issued seven previous audit reports on the Clery Act on the following dates:

  • December 2003
  • January 2007
  • January 2010
  • October 2012
  • July 2015
  • May 2018
  • May 2021

Source: State Auditor’s Clery Act audit report numbers 2002‑032, 2006‑032, 2009‑032, 2012‑032, 2015‑032, 2017‑032, and 2020‑032.

At the federal level, ED also conducts reviews to evaluate institutions’ compliance with Clery Act requirements. These reviews can be initiated in a variety of ways, including through complaints ED receives from students, employees, or the public. The findings from its reviews can lead ED to issue fines of up to approximately $70,000 for each violation, an amount that ED adjusts annually for inflation. In March 2024, ED fined Liberty University of Virginia $14 million for serious and persistent violations of the Clery Act, such as inaccurate crime statistics and an inability to conduct competent investigations and to ensure that the needs of sexual assault survivors were met.

In 2020 ED fined the University of California, Berkeley (Berkeley) $2.35 million for Clery Act violations and for a lack of sufficient administrative capability to oversee its Clery Act reporting. According to ED’s published review, Berkeley did not develop and implement an adequate system of policies, procedures, programs, training, and internal controls to reasonably assure compliance with the requirements of the Clery Act. ED’s review found that among other violations, Berkeley did not report hate crimes in two annual security reports and did not disclose security policies in multiple annual security reports.

To assist institutions in meeting Clery Act requirements, ED published guidance in 2016 in a 265‑page document called The Handbook for Campus Safety and Security Reporting. However, ED rescinded that guidance in October 2020 because it was outside of the scope of the relevant statutory and regulatory authority, although it is still archived on the department’s website. Instead, institutions may find information in federal student aid handbooks about Clery Act requirements. For example, one of the now‑rescinded changes was ED’s 2016 guidance about which buildings and properties institutions must report as part of their Clery geography. Specifically, the 2016 handbook recommended that institutions include any public property that is within a one‑mile radius from a campus property in their Clery‑reportable geography. However, the Clery Act and federal law and regulations do not prescribe a specific distance from campus when defining Clery‑reportable public property, instead describing such public properties as thoroughfares, streets, sidewalks, and parking facilities that are within, immediately adjacent to, or accessible from the campus. According to ED, the 2016 handbook improperly defined public property in a way that was not compliant with federal law.

Issues

Most of the Institutions We Reviewed Reported Erroneous Crime Statistics and Had Incomplete Crime Logs

Institutions Did Not Disclose All Required Campus Safety Information to Stakeholders and Lacked Some Required Policies

Most of the Institutions We Reviewed Reported Erroneous Crime Statistics and Had Incomplete Crime Logs

Key Points

  • Chico, Santa Cruz, and Mount Saint Mary’s did not track their Clery‑reportable incidents in a central location, which has led to Santa Cruz underreporting 33 crimes and Mount Saint Mary’s overreporting 15 crimes in their 2022 Clery statistics compared to what each institution marked as Clery-reportable. Further, although San Diego maintained a central database, it also overreported one incident. These reporting errors can mislead interested parties, such as prospective students, about campus safety.
  • Five of the six institutions we reviewed—Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz—reported statistics that were inaccurate or incomplete to varying degrees, which may be misleading students, staff, and faculty about safety risks on or around the campus. For example, Santa Cruz underreported seven of 60 crimes we reviewed in its Clery statistics, with an overall error rate of 15 percent, whereas Mount Saint Mary’s overreported 16 of 57 crimes we reviewed, with an overall error rate of 30 percent.
  • Four of the six institutions—Chico, Mount Saint Mary’s, Orange Coast, and Santa Cruz—had incomplete daily crime logs, which could obscure stakeholders’ ability to understand campus safety on an incremental, day‑to‑day basis. These four institutions were missing between 17 and 25 crimes from their daily crime logs out of about 60 crimes we reviewed for each institution.

The Lack of Written Procedures or the Absence of a Central Clery Database Led Five Institutions to Report Erroneous Crime Statistics

As we describe in the Introduction, the institutions we reviewed use different processes for compiling their Clery statistics. However, none of the six institutions we reviewed had documented procedures for their staff to follow for compiling Clery statistics. In addition, when compiling the 2022 Clery statistics, Chico, Mount Saint Mary’s, and Santa Cruz did not track Clery crimes in a central database. As Table 2 shows, institutions that maintained Clery data centrally were less likely to make significant systemic reporting errors.

We reviewed the total number of Clery crimes that institutions reported to ED to determine whether those numbers aligned with the total number of crimes each institution marked as Clery‑reportable in their internal documents. We observed that the number of Clery crimes that Mount Saint Mary’s and Santa Cruz reported to ED for calendar year 2022 were significantly different from the number these institutions had identified as Clery‑reportable in their internal databases. Specifically, Santa Cruz reported 672 crimes to ED, but we identified 705 Clery‑reportable incidents in the institution’s internal databases—a difference of 33 cases. Mount Saint Mary’s reported 27 incidents, but we identified only 12 Clery incidents in its internal databases—a difference of 15 cases.

The reason these two institutions reported inaccurate crime statistics involves the way they tracked the Clery‑reportable crimes. Although Santa Cruz stated that its previous Clery coordinator generally tracked in a central location all Clery‑reportable crimes, that Clery coordinator left her position before compiling the 2022 Clery statistics, and Santa Cruz relied on other staff in its Risk and Safety Services office to compile those statistics. In the absence of written guidance, the staff in the Risk and Safety Services office did not use the files that the previous Clery coordinator used, and they did not have access to the databases that the university police department, the Title IX office, or the Student Conduct office use. As a result, the staff at the Risk and Safety Services office compiled the statistics that each of the departments gave them but did not check the accuracy of those numbers. The university explained that the Risk and Safety Services office mistakenly thought the data had been cross‑checked by the former Clery coordinator.

Similarly, Mount Saint Mary’s did not use a central Clery repository to track incidents for calendar year 2022, which led to its overreporting a significant number of crimes in its 2022 Clery statistics. The institution generally uses two different databases to record incidents—the Campus Safety and Emergency Management office maintains incident records in a shared drive, and the Division of Student Affairs maintains incident records in a different database to which the Clery coordinator does not have access. The former Clery coordinator explained that to compile the 2022 Clery statistics she identified the Clery‑reportable crimes from the records that the Public Safety office maintained and she requested the number of Clery crimes that the Division of Student Affairs maintained in its database. The Division of Student Affairs provided her with aggregate Clery numbers that did not allow the former Clery coordinator to readily check the accuracy of those data. The staff at the Division of Student Affairs explained that they mistakenly provided her with Clery‑reportable crimes for the 2022 academic year instead of the calendar year, as Clery Act requires. As a result, the institution reported more Clery crimes than it should have. The institution became aware of these errors after we started this audit, and it plans to correct the reporting for 2022 with ED and to issue a revised annual security report for 2023.

In its 2022 annual Clery statistics, Chico also reported one more crime than we identified to be Clery‑reportable. We highlight this single error because it resulted from Chico’s not maintaining in a central location the data related to all 2022 Clery crimes. Instead, the institution relied on the university police department to provide the Clery coordinator with the police department’s Clery‑reportable statistics in an aggregate format, which did not include case numbers and therefore made it difficult for the Clery coordinator to check the accuracy of the statistics. However, the university police department has since changed this process, and currently the Clery coordinator receives additional details on cases that come from the university police department’s database, allowing her to check the accuracy of the statistics.

In contrast, the other three institutions—Imperial Valley, Orange Coast, and San Diego—tracked Clery‑reportable crimes in a central location, which allowed the institutions to cross‑check incidents reported by different departments and thereby reduce the risk of including duplicate crime reports or of not including Clery‑reportable crimes. For example, San Diego’s Department of Public Safety collected all crime data across the institution’s departments, including the Title IX office and the Division of Student Affairs, and cross‑checked it all within its internal tracking system before generating the annual security report. San Diego’s Clery coordinator maintained a master spreadsheet in which she documented all incidents that met the criteria for Clery reporting. She then identified and documented the origin of each incident and cross‑checked all databases to ensure that duplicates were not included. This process ensured accurate reporting of San Diego’s Clery statistics. We found that San Diego also reported to ED one more Clery incident than we found in its database, as we discuss later. However, our review of a sample of 69 crimes did not identify any reporting errors for San Diego.

In addition to verifying the total number of Clery crimes each institution reported to ED, we also reviewed a selection of crimes at each institution to evaluate the accuracy and completeness of their reported Clery statistics. To determine whether the institutions reported their Clery crimes in the appropriate categories, we reviewed a selection of up to 30 incidents that each of the six institutions reported as Clery crimes for calendar year 2022.1 We also reviewed a separate selection of at least 30 crimes at each institution—those identified by the institution as both Clery‑reportable and as non‑Clery‑reportable—to assess whether the institutions appropriately included or excluded incidents from their Clery statistics. Our review revealed three types of errors: overreporting, underreporting, and misreporting, as the text box describes. We found that Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz reported erroneous Clery crime statistics, as Table 3 shows.

Types of Reporting Errors

Underreported: A Clery-reportable crime was not reported as required.

Misreported: A Clery-reportable crime was reported in the wrong category.

Overreported: An incident was erroneously reported as a Clery crime or was erroneously counted in more than one category.

Source: California State Auditor’s interpretation of federal regulations and review of crime reports.

Underreporting

Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz underreported crimes to varying degrees, as Table 3 shows. Underreporting may occur when an institution improperly records a crime as not Clery‑reportable or when a department does not disclose a Clery‑reportable crime to the university’s Clery coordinator. When an institution does not accurately report crimes occurring on or near its campus, interested parties—such as current and prospective employees and students—may be unaware of serious incidents that have taken place on campus.

Santa Cruz did not report in its 2022 Clery statistics multiple instances of serious crimes, including dating violence, domestic battery, and rape. Our review of 60 crimes at Santa Cruz for that year found that the institution did not include seven reportable crimes in its Clery statistics. These included five reports from the Title IX office that involved stalking, sexual violence and sexual harassment, rape, and dating violence; one alcohol‑related disciplinary referral from the Student Conduct office; and one case from the local police department, involving burglary.

Santa Cruz did not report these seven crimes because it lacked written procedures for compiling Clery statistics. The significance of this deficiency became more evident when the person who normally compiled Clery statistics left the institution. Santa Cruz’s previous Clery coordinator had sent requests to individual departments within the institution, including the university police department, the Title IX office, and the Student Conduct office, and to outside local law enforcement agencies when she was compiling Clery statistics, asking them to provide her with Clery‑reportable crimes. However, she left her position in June 2023, and the Risk and Safety Services office assigned an interim project coordinator to compile the 2022 Clery statistics. Santa Cruz explained that it did not report any Title IX incidents or incidents from local law enforcement agencies in 2022 because the interim coordinator was not aware of the need to request Clery statistics from the Title IX office nor aware of the need to separately request statistics from the local law enforcement agencies; she thought they were already included in statistics provided by the university police department.

By not including these serious crimes in its Clery statistics as required, Santa Cruz presented its campus as safer than it was. The institution became aware of its underreporting after we began our audit, and it agreed that it should implement procedures, such as written guidance for its staff to follow when compiling the Clery statistics, to ensure that it reports all Clery crimes. Additionally, Santa Cruz staff indicated that they are working on revising their 2022 Clery statistics to resubmit them to ED.

Similarly, other campuses underreported serious crimes in their Clery statistics because, as we noted, they lacked written procedures that would ensure accurate reporting, such as guidance for staff to follow when making determinations about whether a crime is Clery‑reportable. Chico did not report an arrest for illegal weapon possession related to an aggravated assault case. In this case, Chico should have reported the incident as two separate crimes—one for the act of aggravated assault and another for the act of possessing an illegal weapon—as the Clery Act requires. Imperial Valley improperly determined that it should not report an intimidation hate crime because the case was under investigation by local law enforcement. However, law enforcement had not determined that this case was unfounded; therefore, it was inappropriate for Imperial Valley to omit this reported crime from its statistics. Mount Saint Mary’s did not report one case of a drug law violation in its Clery statistics although the institution had correctly categorized it as such in its internal database. Orange Coast did not report a referral for disciplinary action for a drug law violation that occurred at student housing because the institution ultimately did not initiate a disciplinary action against the student, and staff erroneously determined that the referral was therefore not reportable. However, federal law requires institutions to report all referrals for disciplinary actions, regardless of whether disciplinary actions were taken.

Misreporting

We found that Orange Coast misreported crimes in its Clery statistics. Misreporting occurs when an institution correctly identifies a crime as Clery‑reportable but does not report the crime under the correct Clery category or does not correctly document the location of the crime. Reporting crimes in the wrong category or location deprives interested parties of accurate information about the nature of those crimes.

Our review of 60 Clery crimes at Orange Coast revealed that the institution reported two crimes in the wrong Clery category, including an incident of hate crime intimidation that the institution reported as domestic violence.2 In that incident, a student physically intimidated another student and used derogatory language aimed at the victim’s sexuality while the two were living together in student housing. Orange Coast reported the incident to ED as domestic violence. However, our review of the case narrative suggests that the institution should have reported the incident as a hate crime of intimidation based on sexual orientation.

Like the other institutions we reviewed, Orange Coast did not have written procedures to guide its compilation of Clery statistics. The institution had hired an outside consulting firm to compile the 2022 crime statistics for its 2023 annual security report. The consultant categorized as domestic violence certain incidents that occurred in the institution’s student housing and that involved violence between roommates. When asked why, the consultant claimed that she used the state definition of domestic violence, as directed in the Clery law. She further explained that California law defines acts of violence between roommates, even those not in a romantic relationship, as domestic violence.

However, we disagree with Orange Coast’s consultant’s interpretation of state law. Domestic violence was added as a reportable category to the Clery Act as a result of VAWA. Federal law defines domestic violence for purposes of the Clery Act as violence committed by a spouse, an intimate partner, a person with whom the victim shares a child, and other similar relationships. Federal law further extends the definition of domestic violence to include violence against an adult or youth victim protected under the domestic or family violence laws of the jurisdiction in which the crime of violence occurred. In this regard, although state law defines domestic violence for certain purposes to include abuse perpetrated against a cohabitant, state case law limits the definition of cohabitants for these purposes to individuals who live together as a group with a common goal or a social unit living together with some permanency in their living arrangement. Therefore, in California, violence that occurred between student roommates who neither live together with a common goal nor in a permanent arrangement should not be classified as domestic violence for Clery purposes.

Overreporting

Finally, we found that Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz overreported their Clery statistics, potentially leading interested parties to conclude that campuses were more dangerous than they actually were. As we noted earlier, all five institutions also underreported crimes, which potentially presents conditions as safer than they are. Underreporting is therefore a more egregious error than overreporting. However, overreporting also presents inaccurate data and could lead people to erroneously avoid a campus that may be a good fit.

Overreporting also results from institutions’ lacking procedures, such as guidance with clear definitions of crimes that are Clery‑reportable, that would help ensure accurate reporting. An institution overreports when it reports more crimes in its annual security report than the number of crimes that actually qualify as Clery‑reportable. This may occur when an institution reports an incident that does not fall under the definition of a Clery‑reportable crime or when an institution improperly reports multiple crimes during a single incident.

An institution can also overreport when it mistakenly reports crimes that took place outside its Clery‑reporting geography, as Chico did when it reported multiple such crimes. The patrol jurisdiction of Chico’s university police department extends beyond the campus and beyond its Clery geography. As a result, Chico reported crimes that occurred within the university police department’s patrol jurisdiction but not within the institution’s Clery geography. We found that of the 65 crimes that we reviewed for Chico, the institution overreported eight. Of these eight crimes, seven occurred inside Chico’s patrol jurisdiction but not in the institution’s Clery geography and should therefore not have been included in Chico’s 2022 Clery statistics.

Another reason institutions overreport Clery crimes is that staff at institutions do not always know how to classify incidents and sometimes mark incidents as Clery‑reportable when they are not sure of the correct classification. A lieutenant at Chico’s university police department explained that when university police officers are not sure whether an incident is Clery‑reportable, they mark it as such to avoid the risk of underreporting. Chico’s Clery coordinator said that she does not have access to the university police department’s electronic records and that she relies on the statistics that the department provides to her. As a result, she reported all crimes that the university police department provided and did not verify whether they were within the institution’s Clery geography.

For similar reasons, Imperial Valley, Orange Coast, and Santa Cruz overreported certain crimes in their Clery statistics. Both Imperial Valley and Santa Cruz overreported incidents of liquor law violations. The Clery act requires that institutions report arrests or referrals for disciplinary actions for liquor law violations. For the purposes of Clery Act reporting, liquor law violations include underage alcohol possession but do not include cases of intoxication or violations of campus drinking policies. Imperial Valley inappropriately reported an incident of intoxication as a liquor law violation, and Santa Cruz inappropriately reported a disciplinary action for campus policy violation as a liquor law violation.

Orange Coast overreported seven incidents, including incidents that it mischaracterized as domestic violence, stalking, and aggravated assault. For example, Orange Coast inappropriately marked an incident of simple assault as aggravated assault. Except for incidents involving hate crimes, simple assault is not reportable under the Clery Act, but aggravated assault is. By improperly reporting a simple assault as an aggravated assault, Orange Coast may be portraying that its campus is more dangerous than it may be.

Four of the Six Institutions Did Not Maintain Complete, Up‑to‑Date Daily Crime Logs and May Misinform Interested Parties About Campus Safety

The Clery Act requires that institutions report in their annual Clery statistics some of the most serious crimes occurring during the prior three calendar years. To provide more immediate information, the Clery Act also requires institutions with campus police or security departments to maintain daily logs of all crimes reported to them, including crimes that are not reportable in the annual Clery statistics, such as simple assault and theft when not related to a hate crime and driving under the influence. Daily crime logs provide current information and contain crimes and incidents not covered by the reporting requirements of the annual Clery statistics, providing a potentially more comprehensive overview of campus safety when paired with the annual Clery reports.

Institutions must enter all reported crimes into their crime logs within two business days of the report being made to campus police or security departments, unless disclosure of such information is prohibited by law or would jeopardize the confidentiality of the victims. Federal law requires institutions to make these daily crime logs available to the public for the most recent 60‑day period. State law requires institutions to compile and provide to current and prospective students and staff within two business days of their request all reported incidents that happened on campus.

Despite the importance of daily crime logs in providing accurate information about campus safety, we found incomplete daily crime logs at four of the six institutions we reviewed. All six institutions reported Clery crimes in 2022 and maintained daily crime logs. As part of our review for the accuracy and completeness of crimes the institutions reported to ED, we determined whether each institution had recorded those crimes in its daily crime log by reviewing the underlying support, such as incident reports. As Figure 2 shows, four institutions—Chico, Mount Saint Mary’s, Orange Coast, and Santa Cruz—were missing a significant number of crimes from their daily crime logs, ranging from 17 to 25 crimes out of about 60 crimes we reviewed for each institution. We did not identify any missing crimes from Imperial Valley’s or San Diego’s daily crime logs.

Figure 2
Four of the Six Institutions We Reviewed Did Not Include All Crimes in Their Daily Crime Logs

Figure 2 summarizes the amount of crimes missing from four institution’s public daily crime logs.

Source: 2022 crime reports and daily crime logs from Chico, Mount Saint Mary’s, Orange Coast, and Santa Cruz.

Note: We reviewed the same crimes we reviewed for determining the accuracy and completeness of institutions’ Clery statistics.

Students, staff, and faculty may report to institutions’ Title IX or Student Affairs offices incidents of serious crimes, such as rape, aggravated assault, or domestic violence. In many instances, the victims of crimes decide not to pursue further investigation, and therefore these incidents do not get reported to the campus police or campus security departments. Although federal law requires institutions to maintain daily crime logs on only crimes reported to campus police and security departments, institutions may mislead interested parties about the safety of their campuses when they do not include in their crime logs serious crimes that were reported to their other departments.

We found that the primary reason institutions did not include certain types of incidents in the daily crime logs is that different departments, such as the Title IX and student conduct offices, did not report to the campus security office the incidents that were reported to them. The campus security office or the campus police department at each institution maintains the daily crime logs according to the incidents reported to it. For example, Orange Coast’s campus Public Safety office generates its daily crime log from incidents that populate its reporting software system. Other departments, such as the housing department, the Title IX office, and the Student Conduct office, use different reporting software to record incidents that occurred on campus; these departments did not report those incidents to the Public Safety office. As a result, Orange Coast did not include in its daily crime log 25 crimes—about 42 percent of crimes we reviewed—that it could have included. Some of the most serious of the crimes that Orange Coast did not include in the daily crime log were robbery, stalking, domestic violence, and dating violence. Orange Coast’s campus safety office staff agreed with our conclusions that certain crimes were missing from its 2022 daily crime logs. The staff explained that they changed their process in 2023 for maintaining daily crime logs to ensure that the institution includes all crimes in the daily crime logs by directing its different departments to forward to the campus safety office all the crimes reported to them.

Similarly, Chico’s university police department generates the institution’s daily crime log using its internal system, but the rest of the campus uses a separate system to log incidents and therefore must forward the incidents to the university police department for the campus police to include the incidents in the daily crime logs. When victims or campus security authorities do not directly report incidents to the university police department, Chico’s Clery director communicates those incidents to the university police department to ensure they are recorded in the daily crime log. However, we observed that Chico’s daily crime log did not include cases of liquor and drug law violations in which an arrest did not occur. These incidents involved cases in which the institution responded to the incident and the university police department was not involved. Chico’s Clery director did not communicate these crimes to the university police department, and as a result, the university police department did not include in its daily crime logs the drug and liquor law violations related to referrals for such violations. Chico explained that it has since implemented additional administrative controls to ensure that the university police department evaluates reports of crimes originating outside the department for inclusion in its daily crime log.

Similar to Chico, staff at the Title IX and Student Conduct offices at Mount Saint Mary’s and Santa Cruz also did not communicate the crimes that were recorded in their other databases to the staff in charge of producing the institutions’ daily crime logs. Consequently, the campus public safety or campus police departments that maintain the daily crime logs did not include those incidents in the logs. As a result, incidents of theft were missing from Mount Saint Mary’s log and incidents of sexual harassment and attempted rape were missing from Santa Cruz’s daily crime log.

Institutions Did Not Disclose All Required Campus Safety Information to Stakeholders and Lacked Some Required Policies

Key Points

  • The six institutions we reviewed did not have or did not disclose all policies, procedures, or programs required by the federal Clery Act to inform the public of how these institutions ensure campus safety.
  • None of the six institutions we reviewed fully complied with additional state requirements and best practices to maintain certain crime reporting, tracking, and safety policies and protocols.

The Six Institutions Did Not Fully Disclose Policies, Procedures, or Programs That the Clery Act Requires

None of the institutions fully disclosed all statements of policies involving campus emergency response and evacuation procedures, and none of the institutions fully complied with specific reporting requirements pertaining to alleged sex offenses. All six institutions also disclosed in their annual security reports statements of policies for which no such policies exist.

We identified and consolidated the numerous requirements of federal law into 59 policies, procedures, and programs that the law requires institutions to have and, in most instances, to disclose in their annual security reports. We organized these requirements into nine categories, as the text box shows. Our review consisted of a two‑part test. First, we determined whether each institution had the necessary policies, procedures, or programs that fully complied, partially complied, or did not comply with the Clery Act requirements. For example, if an institution had a policy, procedure, or program that did not include some or all of the specific information the Clery Act requires, we assessed the institution’s documentation as partially compliant or noncompliant, respectively. Second, we determined whether each institution disclosed the specified information in its annual security report and whether the disclosure was consistent with its policies, procedures, and programs. If a disclosure did not fully match the institution’s policies or did not exist in policy, we assessed the disclosure as partial or unsupported, respectively.

Nine Categories of Policies, Procedures, and Programs Institutions Must Develop or Disclose

  • Annual reports and general campus safety
  • Daily crime log and crime reporting
  • Campus law enforcement and crime prevention
  • Illegal drugs and alcohol
  • Campus sex offense mitigation programs
  • Campus sex offense response procedures
  • Disciplinary action processes in the event of an alleged sex offense
  • Emergency response and evacuation procedures
  • Processes in the event of a missing student report

Source: Review of federal laws related to Clery Act requirements.

Appendix C lists all 59 federal requirements we reviewed, and it identifies whether the institutions fully disclosed required information. Although Chico and Santa Cruz largely complied with the federal requirements and disclosed a vast majority of the required policy statements or descriptions of processes and programs in their annual security report, none of the six institutions we reviewed fully disclosed all required policies, procedures, and programs, as Figure 3 shows.

Figure 3
The Six Institutions Did Not Fully Comply With or Disclose All 59 Clery Act Campus Safety Requirements

Figure 3 summarizes the compliance of each of the six institutions we reviewed with the 59 federal requirements of the Clery Act.

Source: Analysis of federal law and institutional policies, procedures, and programs and each institution’s annual security report.

Note: Refer to Appendix C in this report for additional detail on each institution’s results for each of the 59 requirements.

* An institution only partially satisfied the Clery Act when the requirement included multiple components and the institution did not disclose each required component or when the institution’s policy, procedure, or program did not address each component.

Missing Disclosures

According to ED, the Clery Act is first and foremost a consumer information initiative based on the premise that students and employees should have the information they need to take steps for their own safety and security. Accurate and complete disclosure of policies and a clear articulation of the institution’s programs are essential to that goal and allow the members of the campus community to be more fully informed and actively provide for their own safety. Any failure in this area deprives the campus community of vital campus safety information and effectively negates the intent of the Clery Act.

In one of the nine categories—emergency response and evacuation procedures—none of the institutions fully disclosed all statements of policies, as Table C.2 in Appendix C shows. Specifically, for one to 10 of the 11 requirements in this category, each of the six institutions did not comply with or only partially complied with the requirement or it disclosed information that was not supported by its policies. Chico fully disclosed all required procedures in this category except one. Mount Saint Mary’s did not fully comply with or disclose nine of the 11 requirements. Similarly, San Diego did not fully comply with or disclose 10 of the 11 required procedures in this category. For example, neither institution disclosed in its annual security report a policy stating that emergency response and evacuation tests may be announced or unannounced and that the testing procedures include documenting specific information related to each test. As ED noted in a recent review of an institution in another state, by not including this information and other disclosures, institutions do not allow the campus community to be more fully informed and actively provide for their own safety.

None of the institutions we reviewed fully complied with all requirements in the three categories related to alleged sex offenses. Federal law requires institutions to disclose 16 policy statements or other disclosures; we compiled these into the three categories.3 However, the six institutions individually did not fully disclose from one to 13 of these 16 requirements. Imperial Valley, Mount Saint Mary’s, and Orange Coast fully disclosed five or fewer of the 16 requirements. For example, federal law requires each institution to disclose in its annual security report a statement of policy asserting that it will provide written notification and assistance to victims about options for reasonable accommodations, regardless of whether the victim chooses to report the crime to campus police or to law enforcement. However, Imperial Valley did not have such a disclosure in its report. Although Mount Saint Mary’s included a statement of the related policy in its annual security report, the statement indicates only that a staff member from the institution will discuss the availability of such accommodations with students who are victims. The statement did not assert that the institution will provide victims with written notification of their options for such measures, as the Clery Act requires. We provide in Appendix C the complete results of our review of all six institutions’ compliance with each of the 59 federal requirements.

Lacking Policies

We found that the six institutions also did not have all underlying policies for the required statements, as Table 4 shows. Further, each institution disclosed in its annual security report statements for which it did not actually have policies. For example, although Chico disclosed eight of the nine required statements in the category related to missing students, the institution did not have underlying policies or procedures for any of the nine required statements, including a policy that requires any report of a missing student be referred immediately to its campus police or campus security department. Similarly, Santa Cruz disclosed eight of the nine required statements in the same category, but we found that, in addition to the requirement it did not disclose, the institution did not actually have underlying policies to support three of these statements. For example, Santa Cruz did not have policies that included the requirement that it notify local law enforcement within 24 hours of a missing student report. By not having these policies, institutions might delay law enforcement’s ability to locate a missing person.

ED has also found such instances to be concerning. In a recent compliance review of an institution in another state, ED expressed concerns about the institution’s missing certain policies and procedures completely or not accurately or fully developing them. However, of even greater concern to ED was the fact that the institution included statements of policy and procedure that did not accurately describe actual institutional practices. ED reported that in most of these cases, the institution published disclosures that appeared to meet federal requirements but simply did not align with the institutional operations. Without having the underlying documented, written policies that align with the disclosures they make in their annual security reports, institutions increase the risk that they may not follow the statements they disclose to the campus community and to prospective students and staff.

Staff at four of the six institutions generally explained that staff turnover and overall inexperience and a lack of understanding of the Clery Act’s requirements may have resulted in their not including certain statements in their annual security reports and in the institutions’ not having all required policies. For example, Imperial Valley’s associate vice president of human resources said she believes that management turnover is the primary cause of Imperial Valley’s difficulties complying with the Clery Act because that turnover has led to a loss of institutional knowledge, disruption in trainings, and delays in policy updates. She also explained that prior to our audit, she was not familiar with all Clery Act requirements.

San Diego’s Clery Act compliance manager said she strongly believes that additional specialized Clery‑specific training would be useful for staff campus wide, particularly for staff involved in preparing crime reports and serving on the institution’s Clery committee. The compliance manager indicated that she shares some training opportunities, such as webinars, with other Clery committee members and relevant campus partners, but the university does not require its staff to take any specific Clery Act training. Officials at the other four institutions also agreed that regular training on Clery Act requirements and updates would help ensure that staff in campus safety and student affairs departments—which generally are involved with Clery Act reporting—would be able to better meet Clery Act requirements.

Given the lack of compliance we identified, institutions can likely benefit by developing written procedures and tools to guide staff in preparing annual security reports that include all required disclosures. Five of the six institutions generally attributed the omissions in their annual security reports to a lack of clear and centralized procedures for complying with the Clery Act. A set of procedures or a desk manual for complying with the Clery Act might include a checklist that describes each requirement, lists which of the institution’s policies apply, specifies which campus departments need to be consulted, and identifies the language that must be disclosed. Figure 4 shows an example of such a checklist that institutions could develop to improve their compliance with the Clery Act.

Figure 4
Sample Portion of a Checklist That Institutions Could Develop to Improve Their Compliance With Clery Act Requirements

Figure 4 describes a hypothetical checklist developed by the audit team that would assist institutions to fully comply with Clery Act requirements.

Source: Auditor generated from review of federal law.

Five of the six institutions we reviewed agreed that having a set of procedures, such as a desktop manual and a checklist, would help them to accurately compile Clery crime data needed to prepare their annual security reports. After we shared our findings with officials at Mount Saint Mary’s and showed them the type of detailed information that such procedures might contain, the university updated a number of its policies to address the deficiencies we identified and better comply with the Clery Act.

Regular periodic reviews by either an internal or external auditor also would provide institutions with feedback on the quality of their Clery Act compliance over time. The majority of the institutions in California have never had a state or federal Clery Act compliance audit to provide independent feedback on the quality of their performance over time. The six institutions we reviewed also currently do not perform formal internal audits of their compliance with the Clery Act but generally agreed that having regular periodic audits or other similar reviews of their Clery Act processes would improve their compliance with the Clery Act. In fact, Santa Cruz’s associate chancellor stated that the university plans to audit its Clery Act processes, including crime reporting and preparation of the annual security report, during the next year.

Institutions Lacked Additional Campus Safety Policies, Protocols, and Information That State Law Requires

In addition to not fully complying with federal Clery Act requirements, institutions we reviewed did not fully comply with additional state requirements. State law requires certain institutions to implement in specific areas additional campus safety policies and protocols that are more extensive than Clery Act requirements. The Legislature found in 2005 that women on U.S. college campuses are at greater risk of becoming victims of sexual assault, domestic violence, and stalking than women in the general population. The Legislature further recognized that men; individuals with disabilities; members of cultural and religious minority groups; and lesbian, gay, and transgender individuals also experience sexual assault. Therefore, the Legislature enacted a law requiring community college and CSU campuses and requesting UC campuses to establish policies to encourage the reporting of sex offenses, and to include in their student orientations and on their websites education and preventive information about sex offenses. We identified 42 state requirements that expand upon the federal requirements.

Although some institutions are exempt from all or some of these requirements, we determined whether they had implemented these requirements as best practices. As we discussed in the Introduction, UC institutions are specifically exempt from the state law requirements unless the Regents adopt a resolution to make each requirement applicable. Further, some requirements do not apply to private institutions. In other cases, state law only requests that certain institutions comply with a specific requirement. However, we believe that these requirements represent best practices. Therefore, we determined whether Santa Cruz had implemented all requirements as a matter of best practice. We also determined whether institutions that are only requested to comply with certain requirements had implemented those requirements as a matter of best practice. As Table 5 shows, the six institutions did not always comply with these requirements or best practices.

For example, we found that Imperial Valley did not prepare, post, or distribute a campus safety plan as state law requires and that Santa Cruz did not implement this provision as a matter of best practice. To promote overall campus safety, state law requires officials from each community college and the CSU to prepare and prominently post a campus safety plan each year. This plan must include the availability and location of security personnel, methods for summoning security personnel, and any actions the institution took in the preceding 18 months or anticipates making during the next 24 months to increase safety.

According to Imperial Valley’s vice president of administrative services, the institution identified the need for a campus safety plan in April 2023. It subsequently developed a plan, but finalization and approval of the plan has been delayed because of a vacancy in the campus safety manager position since December 2023. Santa Cruz stated that the individual responsible for posting its safety plan left the university and that after Santa Cruz updated its website, staff neglected to post the plan. By not preparing and posting a campus safety plan to inform faculty and students about how to respond or seek assistance in the event of an emergency or crime, these institutions have increased the risks to campus communities. Santa Cruz’s associate vice chancellor explained that Santa Cruz intends to complete its safety plan regardless of whether the Regents have adopted a resolution requiring it to do so.

State law also requires certain institutions to have written agreements with local law enforcement agencies that clarify operational responsibilities for investigating certain crimes, and it requires those institutions to review and update those agreements every five years. Four of the six institutions that we reviewed do not have sworn police officers with full authority to arrest and investigate crimes, so such agreements are critical to maintaining the safety of the campus community. However, we found that two of the six institutions we reviewed—Santa Cruz and Chico—had not updated their written agreements with local law enforcement agencies within the past five years.

Chico’s executive director explained that although the institution’s written agreement with local law enforcement was not signed or dated by all parties, Chico has operated with the understanding that the agreement was valid and enforceable. However, he recognized the need to update the agreement and said that the institution is currently working with the city of Chico to correct the deficiency.

As a matter of best practice, Santa Cruz campus police department’s records and communication manager explained that its written agreement was due to be renewed in 2020. However, because the institution was dealing with several crises, including the pandemic, the institution was not able to renew the agreement before its former police chief retired. The manager also stated that Santa Cruz’s current campus police chief plans to enter into a newly signed agreement during the summer of 2024. Without having valid and binding legal agreements with local law enforcement agencies, institutions may be unable to obtain full cooperation from local law enforcement to compile, report, and respond promptly to crimes that occur on or near the campus.

The lack of comprehensive policies and procedures to meet state requirements or best practices, in addition to the gaps related to federal Clery Act disclosures and a lack of underlying policies, is particularly concerning because these policies and procedures are necessary to help institutions respond consistently and adequately to campus emergencies and crimes. Given the risks of the crimes that the Legislature identified in enacting these requirements, and the unpredictable nature of emergencies, it is imperative that each institution conduct a comprehensive review and revision of its policies, procedures, programs, and website in order to comply with the Clery Act, state law, and best practices.

Recommendations

Legislature

Over the past 21 years, the State Auditor has found noncompliance with federal Clery Act requirements at 41 institutions. If the Legislature desires greater campus focus on and awareness of Clery Act requirements, it could consider requiring all institutions that are subject to the Clery Act to conduct periodic reviews of their compliance with the Clery Act and with state law requirements. The Legislature should require these institutions to post the results of their campus safety reviews publicly and conspicuously on their websites, near the institutions’ annual security reports. At a minimum, the reviews should include the following:

  • A review of all campus crimes, to ensure the accuracy and completeness of the institution’s disclosure of all relevant crimes.
  • A review of all institutional policies, procedures, and programs, to ensure that they include all required components set forth in the Clery Act and in state law.
  • A review of the institution’s annual security reports, to ensure that the institution disclosed all required items in a manner consistent with the institution’s underlying policies, procedures, and programs.

Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, and Santa Cruz

To ensure the accuracy and completeness of campus crime statistics that each institution reports to ED and includes in its annual security report, these institutions should establish procedures by January 2025 for compiling the Clery Act statistics. These procedures should include the following:

  • Listing all campus departments that maintain crime and incident data and protocols for obtaining data from those departments. Identifying all law enforcement agencies and obtaining all crime and incident data from those agencies.
  • Procedures for the specific tests that certain staff should use to determine whether to include a crime or incident in the Clery Act statistics.

Chico, Mount Saint Mary’s, Orange Coast, and Santa Cruz

To ensure that all crimes are recorded in the institution’s daily crime log, these institutions should develop procedures by January 2025 for their campus security office or campus police department staff to follow. These procedures should include the list of all institutional departments and law enforcement agencies from which the campus security office or campus police department obtain crime data to include in the institution’s daily crime logs. These procedures should also define who is responsible for obtaining data for inclusion in the daily crime log.

Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, San Diego, and Santa Cruz

To ensure that they fully and adequately disclose all required policies in their annual security reports, these institutions should develop guidance by January 2025 for staff preparing the annual security reports. This guidance should identify all required disclosures for the reports and should include a comprehensive checklist that lists each of the required disclosures and their necessary supporting policies, as we illustrate in Figure 4.

To ensure that the disclosures in their annual security reports accurately represent campus policies and institutional practices and that they are reporting reliable information to the public and to ED, these institutions should develop, adopt, or update by October 1, 2024, campus policies, procedures, and programs to ensure that the institution meets all requirements of the Clery Act.

To ensure that staff responsible for compiling Clery crime statistics and preparing the annual security reports—as well as staff who provide crime data and policy information to those individuals—are aware of all the Clery Act’s requirements and are aware of all campus policies and protocols for complying with the Clery Act, these institutions should provide to their staff regular trainings by January 2025 on Clery Act requirements and on specific campus procedures for complying with the Clery Act. The institutions should then require and ensure that all staff responsible for compiling the crime data and the annual security reports regularly participate in those trainings.

To ensure that they fully comply with state law and best practices related to campus safety, these institutions should develop, adopt, or update by January 2025 their campus policies, procedures, and programs to ensure that they comply with all requirements of state law shown in Appendix D. Institutions should comply with these requirements as a matter of best practice even if the law does not explicitly require them to do so.

We conducted this performance audit in accordance with generally accepted government auditing standards and under the authority vested in the California State Auditor by Government Code section 8543 et seq. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on the audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Respectfully submitted,

GRANT PARKS
California State Auditor
July 30, 2024

Staff:
Kris Patel, Principal Auditor
Ani Apyan, MPP, Senior Auditor
David DeNuzzo, CIA, CFE, Senior Auditor
Salma Healy
Rachel Hibbard
Arseniy A. Sotnikov
Karen Wells

Legal Counsel:
JudyAnne Alanis

Appendices

Appendix A — Crimes and Violations That Institutions Must Report Under Federal Crime Disclosure Requirements

Appendix B — Crime Statistics in the 2023 Annual Security Reports of Six Institutions

Appendix C—Six Institutions’ Compliance With Federal Law Regarding the Disclosure of Security Policies

Appendix D—Six Institutions’ Compliance With State Law and Best Practices Regarding Campus Safety Policies, Procedures, and Programs

Appendix E—Scope and Methodology

Appendix A

Crimes and Violations That Institutions Must Report Under Federal Crime Disclosure Requirements

The Clery Act and its implementing regulations require all institutions that participate in federal student aid programs under Title IV to report statistics for the categories of criminal offenses and violations shown in Table A.

Appendix B

Crime Statistics in the 2023 Annual Security Reports of Six Institutions

The Clery Act and its implementing regulations require all institutions that participate in federal student aid programs under Title IV to report statistics for the categories of criminal offenses and violations described in Appendix A. Tables B.1 through B.6 summarize the criminal offenses, Violence Against Women Reauthorization Act of 2013 offenses, hate crimes, arrests, disciplinary actions, and unfounded crimes that the six institutions we reviewed reported for 2020, 2021, and 2022.

Appendix C

Six Institutions’ Compliance With Federal Law Regarding the Disclosure of Security Policies

The Clery Act and its implementing regulations require all institutions that participate in federal student aid programs under Title IV to prepare annual security reports that disclose certain campus security policies, procedures, and programs. These policies include procedures for students and others to report criminal actions, programs pertaining to domestic violence, dating violence, sexual assault, and stalking, as well as the procedures the institutions will follow if such conduct occurs. We identified numerous policies, procedures, and programs, which we compiled into 59 items, that federal law requires institutions to have and, in most instances, to disclose in their annual security reports. Table C.2 shows whether the six institutions we reviewed fully disclosed each of the required policies in their most recent annual security reports.

As shown in Table C.1, which summarizes Table C.2, we found noncompliance with the largest number of requirements in the following categories: campus sex offense response procedures, disciplinary action processes in the event of an alleged sex offense, emergency response and evacuation procedures, and processes in the event of a missing student report. We discuss the institutions’ noncompliance in these three areas in our report.

Appendix D

Six Institutions’ Compliance With State Law and Best Practices Regarding Campus Safety Policies, Procedures, and Programs

State law generally requires institutions that receive public funds for student financial assistance to implement campus safety measures, including policies, procedures, and programs, that are in addition to the Clery Act’s requirements. These additional measures include crime tracking and reporting, agreements with local law enforcement, education and prevention information, and specific policies, procedures, and services related to sexual harassment and sexual violence incidents. We compiled these requirements under state law into 42 items, which we list in Table D. Each provision of state law identifies the specific types of institutions that must comply, such as community colleges, private institutions, and those in the CSU system. Although these provisions of state law require or request that UC comply, another provision of state law provides that none of these provisions apply to UC except to the extent that the Regents, by appropriate resolution, make that provision applicable. Although the six institutions we reviewed were not required to comply with every provision, we generally assessed the extent to which they complied with the requirements as a matter of best practice. Table D summarizes the state requirements and whether the six institutions we reviewed complied as required or as a matter of best practice. In our report, we discuss some of the institutions’ noncompliance with the state law requirements.

Appendix E

Scope and Methodology

Section 67382 of the Education Code requires the State Auditor to report to the Legislature every three years the results of an audit of not fewer than six institutions that receive federal student aid. This law requires the State Auditor to determine the institutions’ compliance with the requirements of the Clery Act by evaluating the accuracy of the crime statistics they report and the procedures they use to identify, gather, and track these data for publishing, disseminating, and reporting. The State Auditor previously issued audit reports on this subject in 2003, 2007, 2010, 2012, 2015, 2018, and 2021. Table E lists the audit objectives the State Auditor developed and the methods we used to address them. Unless otherwise stated in the table or elsewhere in the report, statements and conclusions about items selected for review should not be projected to the population.

Assessment of Data Reliability

In performing this audit, we relied on electronic files from Chico, Imperial Valley, Mount Saint Mary’s, Orange Coast, San Diego, and Santa Cruz that these institutions use to track and report on campus crimes. The U.S. Government Accountability Office, whose standards we are statutorily required to follow, requires us to assess the sufficiency and appropriateness of computer‑processed information that we use to support our findings and conclusions. We assessed the institutions’ data by comparing them to corroborating documentation from actual incident reports created by the campus and local law enforcement. We determined the data to be sufficiently reliable for the purpose of determining the accuracy and completeness of each institution’s Clery‑reportable crime statistics.

Responses to the Audit

California State University, Chico

Imperial Valley College

Mount Saint Mary’s University, Los Angeles

Orange Coast College

University of San Diego

University of California, Santa Cruz

California State University, Chico

July 11, 2024

Grant Parks
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814

Dear Mr. Parks:

This letter is in response to your draft audit report, 2024-032- Clery Act. We thank you and your staff for their hard work in completing this important audit report.

We have received and reviewed the draft audit report and appreciate the opportunity to review the recommendations and respond. Upon review, the university concurs with the listed recommendations and looks forward to sharing our implementation progress in the upcoming review.  

Chico State recognizes the importance of complying with the Clery Act and other laws relating to campus safety and crime reporting covered in this audit, and in ensuring a safe and supportive environment for our campus community.

Thank you again for the opportunity to respond to this audit.

Sincerely,

Steve Perez
President

Imperial Valley College

July 12, 2024

Grant Parks
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814

Dear Mr. Grant Parks,

The Imperial Community College District (“District”) is in receipt of you letter dated July 8, 2024, and has reviewed a redacted draft copy of the report prepared by your office following audits of certain California Colleges and Universities regarding their compliance with the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (“Clery Act”).

The District appreciates your office’s analysis of the District’s compliance with the Clery Act and related state laws at its Imperial Valley College. Moreover, the District has reviewed the recommendations provided by your office in the redacted draft report and provides the below responses to each recommendation.

Recommendation #1

To ensure the accuracy and completeness of campus crimes statistics that it reports to the U.S. Department of Education, Imperial Valley College should establish procedures by January 2025 for compiling Clery Act crime statistics.

District Response #1

Imperial Valley College will establish procedures by January 2025 to more accurately and completely compile the Clery Act crime statistics that it reports to the U.S. Department of Education. These procedures will include lists of relevant campus departments and law enforcement agencies with details regarding the crime and incident data that they maintain and the protocol for obtaining that data from each department or agency. Additionally, these procedures will provide specific tests that staff will use to determine whether to include certain crimes or incidents when compiling Clery Act crime statistics. Imperial Valley College will integrate such procedures with its current practice of collecting and recording all crimes and incidents on a single database in order to most effectively reduce the likelihood of overreporting and underreporting of Clery Act crimes.

Recommendation #2

To ensure that it fully and adequately discloses all required policies in its annual security report, Imperial Valley College should develop guidance by January 2025 for staff preparing the annual security report.

District Response #2

Imperial Valley College will develop guidance by January 2025 for staff preparing the annual security report to fully and adequately disclose all required policies in its annual security report. This guidance will include a comprehensive checklist identifying all required disclosures and their necessary supporting policies.

Recommendation #3

To ensure that the disclosures in its annual security report accurately represent campus policies and institutional practices and that it is reporting reliable information to the public and the U.S. Department of Education, Imperial Valley College should develop, adopt, or update by October 1, 2024, campus policies, procedures, and programs to ensure that Imperial Valley College meets all the requirements of the Clery Act.

District Response #3

Imperial Valley College will develop, adopt, and update by October 1, 2024, its policies, procedures, and programs to ensure that it meets all the requirements of the Clery Act. Specifically, Imperial Valley College will revise any existing policies, procedures, and programs to ensure that they fully comply with the Clery Act. Imperial Valley College will also implement any policies, procedures, and programs that the Clery Act requires but that Imperial Valley College does not already have in place. Furthermore, these changes will ensure that required disclosures in Imperial Valley College’s annual security report accurately represent campus policies and institutional practices and that reliable information is reported to the public and the U.S. Department of Education.

Recommendation #4

To ensure that staff responsible for compiling Clery Act crime statistics and preparing the annual security reports—as well as staff who provide crime data and policy information to those individuals—are aware of all the Clery Act’s requirements and are aware of all campus policies and protocols for complying with the Clery Act, Imperial Valley College should provide these staff regular trainings by January 2025 on Clery Act requirements, and on specific campus procedures to complying with the Clery Act.

District Response #4

Imperial Valley College will provide by January 2025 regular trainings on Clery Act requirements, and on specific campus procedures to comply with the Clery Act for staff responsible for compiling Clery Act crime statistics and preparing the annual security reports, as well as for staff who provide crime data and policy information to those individuals. The trainings will highlight the Clery Act’s requirements and Imperial Valley College policies and protocols for complying with the Clery Act.

Recommendation #5

To ensure that it fully complies with state law and best practices related to campus safety, Imperial Valley College should develop, adopt, or update by January 2025, its campus policies, procedures, and programs to ensure that it meets all the requirements of state law.

District Response #5

Imperial Valley College will develop, adopt, and update January 2025, its policies, procedures, and programs to ensure that it meets all the requirements of state law. Specifically, Imperial Valley College will revise any existing policies, procedures, and programs to ensure that they fully comply with state law. Imperial Valley College will also implement any policies, procedures, and programs that state law requires but that Imperial Valley College does not already have in place. These changes will ensure that Imperial Valley College prepares, posts, and distributes a campus safety plan each year, pursuant to state law.

The District and its Imperial Valley College strive to always support its students and provide an excellent education. Moreover, the safety and wellbeing of its students at Imperial Valley College is paramount for the District. As a result, the District is eager to implement your office’s recommendations in order to further ensure that its students at Imperial Valley College have a safe, welcoming, and effective educational environment. The District thanks your office for its diligent work and professionalism in its performance of the audit and appreciates the level of detail regarding the results of the audits provided in this report.

Sincerely,

Lennor M. Johnson, Ed.D
Superintendent/President
Imperial Community College District

CC:      Cesar L. Vega, Vice President of Administrative Services

Mount Saint Mary’s University, Los Angeles

July 12, 2024

Grant Parks
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814

Dear Mr. Parks,

Thank you for your letter dated July 8, 2024, and for the opportunity to respond to the draft Clery Audit report.

Mount Saint Mary’s University (MSMU) is committed to providing a safe environment for all our students and community. Using the recommendations from the report, as well as reporting and policy changes we have already started to enact, MSMU will continue to fulfill this commitment.

The good news is that MSMU is a safer campus than reported in its 2023 ASR. Also, even if the precise language of the regulation was not used in its policies which informed its Annual Security Report (ASR), MSMU complied with the spirit and intent of the regulation. Some inaccuracies were due to a time of staff transition.

In response to the recommendations made on pages 50-52 of the redacted report, MSMU will improve and develop centralized policies and procedures to ensure the accuracy of its process for reporting Clery statistics and completing its ASR and associated disclosures. Regular training will be provided for staff across various departments who contribute to the process. MSMU is committed to improving its tracking and reporting to comply with the requirements of the Clery regulation as well as state law and best practices. We have already changed our incident reporting tool and will adopt a standardized checklist to improve consistency. A focused Clery Committee will be created to monitor these improvements.

MSMU’s mission is to offer a dynamic learning experience in the liberal arts and sciences to a diverse student body. As a Catholic university primarily for women, we are dedicated to providing a superior education enhanced by an emphasis on building leadership skills and fostering a spirit to serve others. Our measure of success is graduates who are committed to using their knowledge and skills to better themselves, their environments, and the world.

We appreciate your team’s responsiveness to inquiries and the guidance they provided. The audit provided meaningful feedback that will help us as continue to make our campuses a safe environment for our students’ success. If you have any questions, please contact me at jbrathwaite@msmu.edu, or 213.477. 2905.

Sincerely,

Joy E. Brathwaite, MBA MSA
Vice President for Administration and Finance

cc Ann McElaney-Johnson, PhD, President of Mount Saint Mary’s University

Orange Coast College

July 11, 2024

Grant Parks
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814

Reference: Orange Coast College – Response to the Draft Clery Audit Report

Dear Mr. Parks:

Please accept this letter as the Orange Coast College’s official response to the redacted draft of the Clery Audit Report dated July 8, 2024.  First, we would like to express our appreciation to the State Audit Team who participated in the process.  Their thorough review and collaborative approach contributed to the valuable experience we had going through this audit.

Orange Coast College is fully committed to ensuring that we not only meet the Clery Act requirements, but also continue to review and incorporate best practices and protocols that support a safe college community for all constituencies.

We have reviewed the redacted Draft Report and appreciate the opportunity to respond to the findings.  The College agrees with the findings and the recommendations provided.  The outlined recommendations are reasonable and beneficial to the College and provide us with an opportunity for continuous improvement.  To that end, appropriate team members have already begun to meet, discuss, and create a roadmap to address the recommendations noted in the Draft Audit Report. 

The College, therefore, will work towards meeting all the recommendations by the timeline specified in the Draft Audit Report.  However, we would like to note that while the College will make every effort in meeting the recommendation which has a timeline of October 1, 2024 (To ensure that the disclosures in their annual security reports accurately represent campus policies and institutional practices and that they are reporting reliable information to the public and ED, Orange Coast should develop, adopt, or update by October 1, 2024, campus policies, procedures, and programs to ensure that the institution meets all requirements of the Clery Act), due to our internal governance structures, the College may require additional time to accomplish this task.  We will provide you with an update in our status report document.   Please know that Orange Coast College is fully committed to promoting and maintaining a safe campus community and has established policies, procedures, practices, and protocols that support that commitment. We appreciate the critical recommendations provided through this audit process as we continue to enhance our efforts towards that commitment.

Sincerely,

Angelica L. Suarez, Ph.D.
President

University of San Diego

July 11, 2024

Grant Parks
California State Auditor
621 Capitol Mall, Suite 1200
Sacramento, CA 95814

Dear Auditor Parks:

The University of San Diego is committed to providing a safe environment for all students, faculty, staff, and campus community members. Thank you for the opportunity to review and respond to the 2024-032 Clery Act audit report findings and recommendations. USD, as described below, will comply with the findings outlined in the auditor’s report. Below you will find our response to all four recommendations.

Recommendation 1: To ensure that they fully and adequately disclose all required policies in their annual security report, San Diego should, by January 2025, develop guidance for staff preparing the annual security report.  This guidance should identify all required disclosures for the reports and should include a comprehensive checklist that lists each of the required disclosures and their necessary supporting policies.
USD will comply with the recommendation made by the State Audit Team. While the Clery Act Compliance Manager does utilize a checklist provided by ED in the 2016 handbook to fully and adequately disclose all required information in the annual security report, this checklist can be improved to include information about necessary supporting policies and state disclosures. By January 2025, USD will implement a checklist that includes the additional information illustrated in Figure 4 of this report.

Recommendation 2: To ensure that the disclosures in their annual security report accurately represent campus policies and institutional practices and that they are reporting reliable information to the public and to ED, San Diego should, by October 1, 2024, develop, adopt, or update campus policies, procedures, and programs to ensure that the institution meets all requirements of the Clery Act.
USD will comply with the recommendation made by the State Audit Team and will identify, develop, adopt or update policies, procedures, and/or programs that were identified as inadequate by the Audit Team. The university has already begun the process of reviewing and updating missing or inadequate policies, including finalizing the Department of Public Safety Timely Warning, Emergency Notifications, and Other Alerts policy which was in draft form during the audit process. We have also made updates to the Missing Student Notification Policy and Access to University Buildings, Facilities and Grounds policy based on recommendations identified by the State Audit Team. USD will update or implement the remaining policies that were identified by the State Audit Team by October 1, 2024.

Recommendation 3: To ensure that staff responsible for compiling Clery crime statistics and preparing the annual security report—as well as staff who provide crime data and policy information to those individuals—are aware of all the Clery Act’s requirements and are aware of all campus policies and protocols for complying with the Clery Act, San Diego should, by January 2025, provide to these staff regular trainings on Clery Act requirements, and on specific campus procedures for complying with the Clery Act. The institution should then require and ensure that all staff responsible for compiling the crime data and the annual security report regularly participate in those trainings.
USD will comply with the recommendation made by the State Audit Team. Prior to our participation in this review, members of our Clery Act Compliance Committee, which includes relevant stakeholders across the university, have participated in Clery Act training and had opportunities to join relevant webinars focused on Clery Act compliance. The Clery Act Compliance Manager will develop a training schedule for the committee and other staff involved in providing crime data and policy information. We will also work to identify more training opportunities for other Campus Security Authorities across campus.  

Recommendation 4: To ensure that they fully comply with state law and best practices related to campus safety, San Diego should, by January 2025, develop, adopt, or update their campus policies, procedures, and programs to ensure that they comply with all requirements of state law. Institutions should comply with these requirements as a matter of best practice, even if the law does not explicitly require them to do so.
USD has reviewed and understands the recommendation made by the State Audit Team. USD is committed to complying with all applicable laws and best practices and will identify, develop, adopt or update policies, procedures, and/or programs wherever possible and necessary.

Thank you and your staff for your thorough and professional efforts in conducting this audit.

Sincerely,

Ky Snyder
Vice President Operations/COO

University of California, Santa Cruz

Grant Parks, State Auditor
State of California
621 Capitol Mall, Suite 1200
Sacramento, CA  95814

Dear Mr. Parks:

The University of California, Santa Cruz (UCSC) would like to thank the audit team and the Auditor of the State of California for their work and engagement throughout the process of conducting this audit. We are always working to improve safety in our community and appreciate the opportunity to review our policies and processes and implement positive change.

UCSC takes compliance responsibilities seriously and agrees with each of the recommendations outlined in the draft audit report.

Recommendation 1:

Establish procedures by January 2025 for compiling the Clery Act statistics. These procedures should include the following:

  • Listing all campus departments that maintain crime and incident data and protocols for obtaining data from those departments. Identifying all law enforcement agencies and obtaining all crime and incident data from those agencies.
  • Procedures for the specific tests certain staff should use to determine whether to include a crime or incident in the Clery Act statistics.

UCSC response:
UCSC will establish, by January 2025, procedures for compiling the Clery Act statistics including a list of all campus departments that maintain crime and incident data and protocols for obtaining data from those departments, identification of law enforcement agencies and protocols for obtaining data from those agencies, and procedures for the specific test UCSC staff should use to determine whether to include a crime or incident in the Clery Act statistics.

Recommendation 2:

Develop procedures by January 2025 for their Campus Police Department to follow to ensure that all crimes are recorded in the institution’s daily crime log. These procedures should include the list of all institutional departments and law enforcement agencies from which the Campus Police Department obtains crime data to include in the institution’s daily crime logs. These procedures should also define who is responsible for obtaining data for inclusion in the daily crime log.

UCSC response:
UCSC will develop, by January 2025, procedures for the UC Santa Cruz Campus Police to ensure that all crimes are recorded in the daily crime log. These procedures will include a list of all institutional departments from which the UC Santa Cruz Campus Police obtain crime data to include in the daily crime logs, a list of all law enforcement agencies from which the UC Santa Cruz Campus Police obtain crime data to include in the daily crime logs, and clear definitions of responsibility for obtaining data for inclusion in the daily crime log.

Recommendation 3:

Develop guidance by January 2025 for staff preparing the annual security reports. This guidance should identify all required disclosures for the reports and should include a comprehensive checklist that lists each of the required disclosures and their necessary supporting policies.

UCSC response:
UCSC will develop, by January 2025, guidance for staff preparing the annual security reports to ensure that we fully and adequately disclose all required policies. This guidance will include all required disclosures for the reports and a comprehensive checklist that lists each required disclosure and their supporting policy.

Recommendation 4:

Develop, adopt or update by October 1, 2024 campus policies, procedures, and programs to ensure that the institution meets all requirements of the Clery Act.

UCSC response:
UCSC will develop, adopt, or update, by October 1, 2024, the campus policies, procedures and programs identified as insufficient in this report to ensure compliance with the Clery Act.

Recommendation 5:

Provide staff regular trainings by January 2025 on Clery Act requirements, and on specific campus procedures for complying with the Clery Act. Require and ensure that all staff responsible for compiling the crime data and the annual security reports regularly participate in these trainings.

UCSC response:
UCSC will provide, by January 2025, regular training on Clery Act requirements and specific campus procedures for complying with the Clery Act. All staff responsible for compiling the crime data and annual security report will regularly participate in these trainings.

Recommendation 6:

Develop, adopt, or update by January 2025 campus policies, procedures, and programs to ensure that they comply with all requirements of state law.

UCSC response:
UCSC will develop, adopt, or update, by January 2025, the campus policies, procedures and programs identified as insufficient in this report to ensure compliance with the requirements of state law.

UCSC is eager to implement these recommendations and is already working to improve the transparency of our public safety information and compliance with the Clery Act based on the productive engagement we have had with your team. We are committed to continuous improvement and creating a campus environment that promotes safety for all.

Sincerely,

Cynthia K. Larive
Chancellor
University of California, Santa Cruz
200 Kerr Hall | 831.459.4291

Footnotes

  1. If an institution reported fewer than 30 Clery‑reportable crimes, we reviewed all crimes. ↩︎
  2. Clery categories are defined in Appendix A. ↩︎
  3. The three categories are Campus Sex Offense Mitigation Programs, Campus Sex Offense Response Procedures, and Disciplinary Action Processes in the Event of an Alleged Sex Offense. ↩︎
Opens in new window