Back to the Basics Part I
As we head toward the end of 2009, people throughout the world will begin thinking about resolutions and ways they can improve various aspects of their lives in the coming year. For some reason, it has always seemed to me that a frequent theme of resolutions involves getting ''back to the basics,'' whether it's in healthy living, such as diet and exercise, or in business activities.
In this month's Case In Point, I want to return to the basics of risk management. Each month we suggest that you be a proactive risk manager, but if we forget the basic concepts, risk management can get off-track or perhaps become something that is complex and confusing. At its heart, risk management is a very simple process and one we intuitively use regularly.
I believe we can break the risk management process down into 5 simple steps:
- What are we in business to do? (The Mission)
- What are the things we do to carry out this business? (The Activities)
- What are the bad things that could happen (or not happen) to keep us from being successful? (The Risks)
- Which of these bad things do we think are the biggest deal and the most likely to occur? (Risk Assessment)
- What can we proactively do to reduce the chances that these bad things will happen? (Risk Management)
Certainly there are a few bells and whistles that you can add to this process, but the bottom line is that risk assessment should be a fairly simple and routine part of how we manage and make decisions. Next month, we will discuss how these steps might look in a few diverse academic settings. Until then, consider these items happening across our industry and how you can proactively help manage here at Auburn University. I hope you have a wonderful holiday season.
M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing
Information Security Related Events
Dec. 18, 2009: The NC Community College System Office began notifying nearly 51,000 library users from 25 community colleges that a security breach occurred on a computer server containing their personal information, including Social Security or driver's license numbers. (link)
Dec. 16, 2009: Hackers may have had access to personal information for about 600 UCSF patients as a result of an Internet "phishing" scam, campus officials said Tuesday. (link)
Dec. 9, 2009: In an embarrassing security gaffe, personal data on more than 24,000 past and present employees at the University of Notre Dame was made publicly available on the Web for more than three years. The breach resulted when an employee inadvertently posted files containing the names, Social Security numbers and zip codes of the employees on a publicly accessible university Web site. (link)
Dec. 7, 2009: An Office of Admissions server containing personal information of current, prospective and former undergraduate students was infected with a number of viruses on Nov. 11. A security report on Nov. 16 showed "suspicious activity" on the computer, which was then put under investigation by members of Information Technology Services. (link)
Dec 7, 2009: A security breach involving a computer in the University of Nebraska College of Education and Human Sciences led to the disclosure of names, addresses and Social Security numbers of 1,400 former high school students. The university's investigation revealed the computer had not been adequately secured, allowing unauthorized external access to the computer and its information. (link)
Dec. 14, 2009: Alabama's long-running scandal in its two-year college system has taken down legislators, a community college system chancellor, businessmen, grandmothers, fathers and sons. The federal criminal case has resulted in charges, guilty pleas or convictions of 15 people. The scandal, which emerged in 2006, appears to be drawing to a close. A former legislator is scheduled to report to prison Dec. 30, and the last known defendant in the case is scheduled to go on trial Feb. 1. (link)
Dec. 2, 2009: A former Williams College visiting professor who pleaded guilty to charges of fraud in federal court last month has filed a $1.3 million lawsuit against the college. The college suspended Moore following his guilty plea on one count of student aid fraud, one count of bank fraud and one count of Social Security representative fraud on Nov. 9 in federal court in Washington, D.C. (link)
Compliance/Regulatory Failure Events
Dec. 17, 2009: A lawsuit filed this week in state district court in Houston challenges a state law that permits illegal immigrants to pay college tuition rates charged to Texas residents rather than the higher rates for out-of-state residents. The Associated Press and the Chronicle of Higher Education report that the lawsuit claims the state is violating federal law. (link)
Dec. 17, 2009: Eastfield College in Mesquite, Texas may face court action for refusing to allow a student to make crosses and crucifixes in a ceramics class. (link)
Dec. 16, 2009: A federal civil rights agency investigating possible gender discrimination in college admissions will subpoena data from more than a dozen mid-Atlantic universities -- including several Maryland schools, such as Goucher College, University of Maryland Eastern Shore and Loyola University -- officials said Thursday. (link)
Dec. 15, 2009: The University of Phoenix and former admissions recruiters at its San Jose campus have settled a years-long dispute over whether the school used high-pressure recruiting tactics to enroll unqualified students and violated federal law by paying salaries based on the number of students it enrolled. (link)
Dec. 10, 2009: A former University of Wisconsin-Parkside student has sued the college and a former resident adviser, claiming he sexually assaulted her in her dorm room last year. (link)
Dec. 4, 2009: It started with a paycheck stub left in a break room where co-workers could see it. A year later, the misplaced slip of paper has led to allegations that a group of black employees working in the Auburn University Student Center are paid less than their white co-workers. (link)
Nov. 30, 2009: Rutgers University has settled a racial discrimination lawsuit filed by four groundskeepers, who in 2006 accused the school of denying them promotions and ignoring a noose hung on a campus building. (link)
Nov. 22, 2009: Virginia Military Institute is defending itself against a lengthy investigation into accusations that the school's policies are sexist and hostile toward female cadets, a dozen years after women won the right to enroll. (link)
Nov. 18, 2009: An Ohio University fraternity and its members could be suspended or expelled following allegations that pledges were forced to drink large amounts of alcohol and were beaten. Two students' injuries required treatment at the Athens hospital while several others received minor injuries Thursday night at the Delta Tau Delta fraternity house, according to OU and Athens police. (link)
Dec. 17, 2009: Amanda Tatro was banned from campus because three instructors in the mortuary science program felt threatened after being made aware of her Facebook posts, prompting a police investigation. (link)
Dec. 17, 2009: In a sudden change of course, Pittsburgh’s mayor asked the City Council Wednesday to postpone a vote on the nation’s first tuition tax on college students, holding out hope that the city’s 10 colleges and universities will agree to provide economic help voluntarily. (link)
Dec. 10, 2009: A baby alligator, a diamondback rattlesnake, six pythons and three chameleons have been found in a University of Arkansas dorm room. Campus police Lt. Gary Crain said Monday the reptiles — and four white mice that were apparently intended as lunch — were found in Maple Hill West. (link)
Dec. 9, 2009: A 20-year-old student opened fire in a community college classroom, but did not hit anyone and was arrested in a hallway, police said Tuesday. (link)
Nov. 19, 2009: Economic reality and money problems may be cooling the enthusiasm of U.S. college students to study abroad, just two years after students' interest in foreign study was at an all-time high. (link)
Nov. 19, 2009: Students ejected from games at University of Minnesota are entered in the Check BAC program, which requires them to meet with a counselor. After that, those who fail a game-day breath analyzer, or enter the stadium without submitting to the test, lose their season tickets. (link)
If you have any suggestions, questions or feedback, please e-mail me at firstname.lastname@example.org. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to foward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/audit.
If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at email@example.com.