Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

December 2012
Vol. 3 No. 12
Quotable...

“I don’t expect anyone to be perfect. It’s not human nature. What I do expect is that they will take risks, correct mistakes, and learn from both.”

Mike Armstrong,
Former CEO AT&T


2011 YEAR IN REVIEW

As we come to the end of another year, it is a good time to look back at what has happened in our industry over the past year. Part of our rationale for publishing ''Case in Point'' (CIP) each month is to identify trends and emerging issues so that our institution can be pro-active in managing these risks. For this month's issue, we look back at the past year and make some observations.

INFORMATION TECHNOLOGY
The most frequent way we found data was exposed over the past year in CIP was through employees making a mistake, accidentally losing data, or having a laptop or data storage device stolen. The lesson for us is of course to be careful where we store data, and if we must store data on some portable device to use great caution and encryption if possible. Accidental data loss was followed closely by data breach/hack from outside entities. Security officers certainly have their hands full keeping up with those from the outside who wish to access our systems and do harm.

With respect to emerging trends and issues, we observed this quote recently from security guru Bruce Schneier, ''I believe that smart phones are going to become the primary platform of attack for cybercriminals in the coming years. As the phones become more integrated into people's lives -- smart phone banking, electronic wallets -- they're simply going to become the most valuable device for criminals to go after.'' This is an area we all need to pay close attention to in the coming year.

FRAUD/ETHICS
Occupational fraud continues to be a significant issue in our industry. An employee who commits such fraud typically find him or herself under some type of pressure be it financial pressure/debt or even addictions, and then uses the access their employment gives them to institutional resources to commit fraud. Normally, such employees rationalize their behavior as something like that they are ''only borrowing'' the resources to get through this difficult month. In my view, the best way to prevent occupational fraud is by paying attention to what is going on in your area and having strong controls. Perception of detection by having solid oversight of the financial processes can prevent an employee under pressure from making a life changing choice.

One emerging trend we expect to continue is close public scrutiny of how our resources are used. Multiple stories were observed that did not involve fraud per se, but did involve negative publicity about the wisdom of how institutions were using the resources entrusted to them. The old ''newspaper test'' is a good indicator for us in making financial decisions -- considering how it would read on the front page if written about by a local reporter.

OTHER ITEMS
Of course the biggest story of the year involves minors on campus and our responsibility to keep minors safe and to report suspected wrongdoing. While the Penn State case has been the most high profile, several other institutions have had cases with some similarity. Virtually all of higher education is evaluating how we manage this risk and it is something we should do as well. Protecting the most vulnerable among us is certainly a responsibility we all share. We can expect best practices to emerge in this area during the coming months and we should pay close attention to these and compare them to how we are currently operating.

We hope you have found this publication beneficial over the past year in helping you manage risk. We look forward to communicating with you in the coming year and hope you have a happy and safe holiday season. We welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing


Information Security Related Events

Dec. 5, 2011: More than 1,000 pages of campus crime reports, complete with the names, addresses and even photos of some victims, were dumped in a recycling bin at Red River College, a privacy breach the college calls "very serious." (link)

Dec. 2, 2011: People broke into a University of Kansas Department of Student Housing office Wednesday night and stole documents containing personal information of current and former student housing residents, according to a Department of Student Housing email distributed Friday afternoon to those affected. (link)


Misappropriation/Fraud/Ethics Events

Dec. 14, 2011: Abe Liu, a 27-year-old student at Harvard Extension School, has been pretending to be a freshman at Harvard University, according to both the Harvard Independent and the Harvard Crimson. (link)

Dec. 14, 2011: The former head of Mt. San Antonio College's fire training program has pleaded no contest to 16 felony charges of stealing more than $750,000 from students and the school, prosecutors said. (link)

Dec. 14, 2011: A former Antelope Valley College accounting assistant who embezzeled more than $500,000 from the school pleaded guilty Wednesday and was immediately sentenced to three years and four months in state prison. (link)

Dec. 10, 2011: The Naval Academy is artificially inflating its number of applicants to boost its status among other colleges, according to an academy professor who based his accusations on the school's own documents. (link)

Dec. 9, 2011: A Sullivan University employee was arrested Thursday at the school and charged with theft by unlawful taking. Police say Jazi Sokolow, 34, admitted to stealing $14,000 from the school's bank account. (link)

Dec. 6, 2011: A disturbing breakthrough has been made in the investigation into the theft of five Southern Arkansas University rodeo horses, including one that was found dead. SAU freshman Jaci Rae Jackson was arrested on six felony theft charges. She is also being held on felony charges of bringing stolen property into Oklahoma, concealing stolen property and cruelty to animals. Jackson was a member of the SAU rodeo team. (link)

Dec. 2, 2011: Former University of Louisville athletic ticket manager Kerry D Johnson has pleaded guilty to stealing more than $100,000 from university. (link)


Compliance/Regulatory Events

Dec. 15, 2011: Using chimpanzees in medical studies involving AIDS, malaria, much of neuroscience, and several other areas is unnecessary, a major scientific report said on Thursday. After hearing these conclusions, Francis S. Collins, director of the National Institutes of Health, announced that "effective immediately, the NIH will not issue new awards for chimpanzee research." (link)

Dec. 13, 2011: A survey that asked fraternity members at the University of Vermont about their preferred rape victim, allegedly circulated by members of Sigma Phi Epsilon, has resulted in the fraternity's suspension and a visit from its national headquarters, according to university officials. (link)

Dec. 13, 2011: Three members of Florida A&M University's marching band have been charged with hazing a fellow member of the famous Marching 100 who took her complaints to police. The victim, Bria Hunter, went to the hospital on November 7 -- a week after her beating and nearly two weeks before the suspected hazing-related death of Robert Champion, a 26-year-old drum major for the legendary marching band. (link)

Dec. 12, 2011: The warning signs were there for more than a decade, disturbing indicators that Penn State assistant football coach Jerry Sandusky was breaching boundaries with young boys -- or maybe worse. (link)

Dec. 11, 2011: At The Citadel, a storied bastion of Southern heritage, a barracks plaque enshrines a quote from Confederate Gen. Robert E. Lee: ''Duty is the sublimest word in the English language.'' Now the state military college is doing some very public soul searching over whether the school indeed did its duty by nine young boys in the Charleston area who say they were abused by a man who once was a counselor at the school's summer camp. (link)

Dec. 9, 2011: The alerts came quickly and efficiently. And as state police officers, SWAT teams, and canine units swarmed the campus, Virginia Tech officials confronted an unfathomable situation: They had tested their new emergency-notification system before, but not with a threat quite like this. (link)

Dec. 9, 2011: At least three people, and as many as six or more, will be arraigned Monday on felony riot charges related to the overturning of a WTAJ news truck during the Nov. 9 riot. That brings to 39 the number of people who have either been charged in connection with the riot, or against whom charges are pending, police said. Another three people, two of whom are Penn State students, have been identified as persons of interest, police said. (link)

Dec. 8, 2011: St. Petersburg College's head baseball coach logged into a chat room on Tuesday, authorities said, and started a conversation with someone he thought was a 14-year-old Orlando girl. (link)

Dec. 7, 2011: A disturbing video that surfaced Monday shows a group of students bullying and attacking another student in broad daylight, apparently over his sneakers, in front of Dean College's administration building. And while the video is drawing plenty of unwanted press for the college, it's also making for quick disciplinary turnaround. Nine students have been expelled so far, and no other students are under investigation at this point.(link)

Dec. 7, 2011: Although the NCAA has not opened a formal investigation into allegations of child sex abuse and a possible cover-up at Pennsylvania State University, the case could lead the association to consider changes in its bylaws that would give it more power to punish athletics programs for violations that may not currently fall within its jurisdiction, NCAA president Mark Emmert told reporters this morning. (link)

Dec. 7, 2011: Attorney General Greg Abbott filed a brief today urging the U.S. Supreme Court to reject a case challenging the University of Texas at Austin's practice of considering applicants' race in the admissions process. (link)

Dec. 6, 2011: The Education Department's Office for Civil Rights is investigating Rutgers University based on a complaint by the Zionist Organization of America that Rutgers administrators have done little to respond to anti-Semitism on campus (link)

Dec. 4, 2011: Before Connecticut, the defending N.C.A.A. men's basketball champion, began its game against Arkansas on Saturday at XL Center, a rare and polarizing request preceded the national anthem: the 14,333 fans, coaches and players were asked to join in reciting the Pledge of Allegiance. (link)

Dec. 4, 2011: A college professor who has taught mathematics for more than two decades at two Boston universities will be arraigned later this month on the same drug charges her 29-year-old son recently faced for running a methamphetamine lab out of their Somerville home, according to the Middlesex District Attorney's office. (link)

Dec. 2, 2011: The Obama administration on Friday released its first guidelines on affirmative action in higher education. In doing so, it showed that it takes an expansive view of the educational benefits of diversity and intends to give colleges and universities considerable leeway in determining whether they can achieve desired levels of diversity without explicitly considering applicants' ethnicity or race. (link)

Dec. 1, 2011: When Bobby Davis sent an anonymous e-mail to Syracuse University in 2005, saying that the associate men's basketball coach Bernie Fine had molested him, the university asked its legal counsel to start an investigation. The subsequent decision by the university and its counsel -- Bond, Schoeneck & King -- not to contact the Onondaga County district attorney's office and the Syracuse police department during its four-month investigation has drawn criticism from experts who handle sexual abuse cases. (link)

Dec. 1, 2011: Savannah State University's ex-football coach received a $240,000 settlement to dismiss a federal discrimination lawsuit he filed last year claiming the historically black college fired him because he's white. (link)

Dec. 1, 2011: The U.S. Department of Justice has opened a probe into the $4.5 billion college licensing business, according to the industry's biggest player. IMG's College Licensing Company (CLC) division said Wednesday it is "cooperating" with the DOJ inquiry. The DOJ declined to comment Wednesday night. (link)

Nov. 29, 2011: By October of this year, the University of Alaska had received 638 complaints of copyright violations from recording industries, and still rising. The number of complaints in 2010 reached as high as 878. (link)


Other News & Events

Dec. 9, 2011: The Virginia Tech police officer who was gunned down in a campus attack joined the force six months after the university was the scene of the deadliest shooting rampage in modern U.S. history. He was a proud policeman who recently invited a friend to ride along with him, which made his death during a traffic stop even more puzzling. (link)

Dec. 6, 2011: Ohio State University police say they're beefing up patrols, after a university employee was robbed at gunpoint inside a campus building this afternoon. (link)


If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/audit.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director
robinmk@auburn.edu
334.844.4389

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.