SIS Audit Coverage vs. Industry Data Models

Purpose

Every Student Information System stores the same fundamental data: students, courses, enrollments, grades, financial aid, and compliance records. The specific table names differ between platforms, but the entities and audit concerns are universal.

This document maps common SIS audit checks against the Microsoft Education Accelerator Common Data Model (open-source, MIT-licensed, archived Jan 2024) — not because any institution runs that exact schema, but because it provides a vendor-neutral reference point for the entities every SIS must support.

The goal: define what to audit independent of which platform you run.

Microsoft Education Accelerator CDM — Entity Reference

The Higher Education component of Microsoft's Common Data Model defines 31 entities across five domains.

Academic Structure (15 entities)

CDM Entity	Purpose
AcademicPeriod	Terms, semesters, sessions
AcademicPeriodDetail	Student ↔ term status
Course	Master course catalog
CourseHistory	Student transcript records
CourseSection	Instructor ↔ course assignments
RegistrationStatus	Enrollment status codes
Program	Degree programs
ProgramLevel	Degree levels (AA, BA, MA, PhD)
ProgramVersion	Program catalog versions
ProgramVersionDetail	Version effective dates
StudentProgramType	Major, minor, concentration
StudentStatus	Active, withdrawn, graduated, etc.
EducationLevel	Credential levels
AreaOfInterest	Subject groupings (broad)
AreaOfStudy	Specific program offerings

People & Accounts (3 entities)

CDM Entity	Purpose
Account	Institutions, employers, partners
Contact	Students, faculty, staff, parents
Address	Additional address records

Financial Awards (6 entities)

CDM Entity	Purpose
Grant / GrantApplicant	Grant offerings and student applications
Scholarship / ScholarshipApplicant	Scholarship offerings and student applications
GrantApplicationBusinessProcessFlow	Grant workflow tracking
ScholarshipApplicationBusinessProcessFlow	Scholarship workflow tracking

Student Experience (7 entities)

CDM Entity	Purpose
Internship / InternshipApplicant	Internship offerings and applications
InternshipApplicationFlow	Internship workflow tracking
ExtraCurricularActivity / Participant	Activities and student enrollment
Accomplishments	Student achievements
PreviousEducation	Prior education history
TestScore / TestType	Standardized test records

Audit Check Mapping: CDM Entities → Audit Categories

Each row maps an audit concern to the CDM entities it would touch, and flags whether the CDM actually models the data needed for that audit.

Enrollment Validation

Audit Check	CDM Entities	Coverage
Active enrollments with no course registrations	AcademicPeriodDetail, CourseHistory, StudentStatus	⚠️ Partial
Students enrolled in future terms with past-term status	AcademicPeriodDetail, AcademicPeriod, StudentStatus	⚠️ Partial
Enrollment status mismatches between systems	RegistrationStatus, StudentStatus	⚠️ Partial

Academic Standing & SAP

Audit Check	CDM Entities	Coverage
GPA calculations vs. posted standing	CourseHistory, StudentStatus	⚠️ Partial
Credit hour thresholds for standing changes	CourseHistory, ProgramLevel	⚠️ Partial
Satisfactory Academic Progress compliance	CourseHistory, Program, FinancialAid*	❌ Not modeled

Course Enrollment

Audit Check	CDM Entities	Coverage
Duplicate course registrations	CourseHistory, CourseSection	⚠️ Partial
Capacity vs. actual enrollment	CourseSection	❌ No capacity field
Prerequisite enforcement	Course, CourseHistory	❌ No prerequisite model

Grading

Audit Check	CDM Entities	Coverage
Missing final grades for completed terms	CourseHistory, AcademicPeriod	⚠️ Partial
Grade changes after term close	CourseHistory	❌ No audit trail
Grade distribution anomalies	CourseHistory, CourseSection	❌ No statistical layer

FERPA Compliance

Audit Check	CDM Entities	Coverage
Directory hold flags	Contact	❌ No FERPA fields
Consent records for information release	Contact	❌ No consent tracking
Access log audit trails	(system-level)	❌ Not in scope

1098-T Tax Compliance

Audit Check	CDM Entities	Coverage
Qualified tuition and fees	(Billing*)	❌ No billing entities
Student SSN/TIN validation	Contact	❌ No SSN/TIN fields
Box amounts reconciliation	(Billing, FinancialAid)	❌ Not modeled

IPEDS Readiness

Audit Check	CDM Entities	Coverage
Race/ethnicity completeness	Contact	⚠️ Partial
First-time, full-time cohort ID	AcademicPeriodDetail, CourseHistory	⚠️ Requires derived logic
Graduation rate cohort tracking	StudentStatus, AcademicPeriod	⚠️ Partial
Completions by CIP code	Program, AreaOfStudy	⚠️ No CIP field
Financial aid recipient counts	(FinancialAid*)	❌ Not modeled

What the CDM Doesn't Model

The Microsoft Education Accelerator CDM is a CRM-flavored student lifecycle model. It covers the "happy path" of student engagement — enrollment, courses, grades, scholarships, internships, graduation. It does not model the operational and compliance infrastructure that auditors actually examine.

Missing Entity Domains

Domain	What's Missing	Audit Impact
Student Billing	Charges, payments, refunds, payment plans, 1098-T	Cannot audit financial transactions
Financial Aid	Awards, disbursements, SAP, R2T4, Pell, COD	Cannot audit Title IV compliance
FERPA	Consent records, directory holds, access logs	Cannot audit privacy compliance
Attendance	Daily/session attendance records	Cannot audit unofficial withdrawals
Security	User access logs, permission history, change tracking	Cannot audit system security
Admissions	Applications, decisions, recruitment pipeline	Cannot audit admissions integrity
Scheduling	Room assignments, time slots, instructor loads	Cannot audit resource utilization
Advising	Degree audits, advising notes, holds	Cannot audit student success

Compliance Domains Not Represented

Compliance Area	What Would Be Needed	CDM Status
Accreditation (HLC, SACSCOC, etc.)	Program review dates, assessment outcomes, faculty credentials	❌ Not modeled
Office of Civil Rights / Title IX	Disability accommodations, Title IX complaints, ADA, Clery Act	❌ Not modeled
State Audits	Residency verification, state authorization, state aid	❌ Not modeled
Private Foundations	Fund restrictions, donor compliance, endowment spending	❌ Not modeled
Title IV (Federal Aid)	R2T4, COD reporting, Pell recalculations, verification	❌ Not modeled
Gainful Employment	Debt-to-earnings ratios, program-level outcomes	❌ Not modeled
Clery Act	Campus crime reporting, geography definitions	❌ Not modeled

A Generic SIS Audit Schema

Based on the CDM reference, industry standards (PESC, SIF, Ed-Fi), and practical audit requirements, a comprehensive SIS audit framework needs entities across four tiers:

Tier 1: Core Academic

CDM covers ~70%

Terms / Academic Periods
Courses / Sections / Catalog
Enrollment / Registration
Grades / Transcript
Programs / Degrees
Student Status / Standing

Tier 2: Operational

CDM covers ~10%

Student Billing & Charges
Financial Aid & Disbursements
Admissions & Recruitment
Scheduling & Rooms
Advising & Degree Audit
Attendance & Participation

Tier 3: Compliance

CDM covers 0%

FERPA Consent & Access Logs
1098-T Tax Reporting
Title IV / SAP / R2T4
IPEDS Reporting Dimensions
Accreditation Review Cycles
State Authorization

Tier 4: Infrastructure

CDM covers 0%

User Security & Permissions
Audit Trail / Change History
System Integration Logs
Data Quality / Dedup
Referential Integrity
Backup & Recovery

Implications for Audit Design

1. The CDM is a starting point, not a finish line. It establishes the vocabulary — Academic Period, Course, Program, Contact — but doesn't model the operational depth that auditors need.

2. Audit checks should be entity-aware but platform-agnostic. The check "students with active enrollment but no course registrations" exists regardless of whether the underlying tables are called StudentTermRecord, STUDENT_ENROLLMENT, or mshied_AcademicPeriodDetail. The audit logic is the same; only the column names change.

3. Compliance audits require entities the CDM never intended to model. FERPA, Title IV, accreditation, and state compliance involve data elements outside the student lifecycle CRM model. These need their own audit sections.

4. A 57-check baseline covers Tiers 1–2 well. Expanding to 80–100+ checks would add accreditation readiness, OCR/Title IX data completeness, state-specific validations, and foundation/advancement compliance.

Other Industry Data Standards

Standard	Organization	Scope
PESC	Postsecondary Electronic Standards Council	Transcript, enrollment, financial aid XML schemas
Ed-Fi	Ed-Fi Alliance	K-12 data model (some higher ed overlap)
SIF	Access 4 Learning	K-12/Higher Ed interoperability
1EdTech	1EdTech Consortium	LTI, Caliper, CLR, Open Badges
CEDS	US Dept of Education	Common Education Data Standards
Microsoft CDM	Microsoft	Dataverse-based higher ed + K-12 schema

Summary

The Microsoft Education Accelerator CDM provides a useful vendor-neutral vocabulary for discussing higher education entities. By mapping audit checks against these entities rather than platform-specific table names, institutions can evaluate audit coverage independent of which SIS they run, identify gaps in compliance monitoring, and communicate audit scope to non-technical stakeholders using standard terminology.

The audit checks themselves are universal. The table names are implementation details.

This document references the Microsoft Education Accelerator Common Data Model, available under MIT license at github.com/microsoft/Industry-Accelerator-Education. Microsoft, Dynamics 365, and Dataverse are trademarks of Microsoft Corporation. This publication is not affiliated with or endorsed by Microsoft.