Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

December 2013
Vol. 5 No. 12
Quotable. . .
''Start by doing what’s necessary; then do what’s possible; and suddenly you are doing the impossible. ''

-- St. Francis of Assisi

We have yet again arrived at the end of another year of Case-in-Point. Including this month's newsletter, we have linked 655 stories from across the world of higher education during 2013. While it is often difficult to categorize these stories since they often cross multiple categories, if you look at our publication the breakdown is as follows: Information Technology Related 17%; Fraud/Ethics 15%; Compliance/Legal 31%; Campus Life 26%; and lastly, those hard to classify stories we call Other 12%. Over the next couple issues we will analyze in more detail what we see happening in these categories and possibly identify trends or emerging threats that may be useful for you to consider.

We frequently discuss information technology issues here as historically higher education has struggled with data protection. However, higher education isn't the only industry with data risk, and if you have followed the news closely the past few days you've probably seen reports about a major card data breach at the retailer Target. Early reports state that more than 40 million cards may have been compromised. So far we don't know how the breach occurred, but certainly this major event will be studied and analyzed for years by data security experts, and there will be things we all can learn from this event. We also don't know what the cost will be for Target in remediating this breach, but comparatively in 2007, TJX Cos, the parent company of T.J. Maxx, had a breach of 45 million cards and the total cost of remediation was $256 million dollars. The cost will certainly be substantial in this case and is yet another reminder that we all need to use best practices and be ever vigilant in protecting data.

We again invite you to review the events occurring in higher education and consider how you may help reduce risks and improve the odds of achieving our objectives. We welcome your comments and feedback and wish you all a happy holiday season.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing


Information Security & Technology Events

Dec. 19, 2013: The Kansas Board of Regents unanimously approved new policy language on Wednesday that gives state university leaders the authority ''to suspend, dismiss, or terminate from employment any faculty or staff member who makes improper use of social media. '' (link)

Dec. 13, 2013: More than 2,000 college-bound students applying to Fordham University received an e-mail Wednesday night informing them they had been accepted to the school, when in fact their status was still unresolved, Fordham University says. (link)

Dec. 13, 2013: Bosung Shim was sentenced today to three months in prison, followed by seven months in community confinement and three years of supervised release, for unauthorized access of a protected computer. In addition, Shim was required to pay $31,653.24 in restitution to the victim and forfeit the computer equipment used in the crime. Shim pleaded guilty on October 4, 2013 to one count of computer intrusion. In a statement of facts submitted with the plea agreement, Shim admitted that from approximately June 2011 through December 2012, Shim repeatedly attempted to gain unauthorized access to multiple victims' computers, specifically the University of Michigan and the Association of American Medical Colleges (''AAMC''). (link)

Dec. 13, 2013: Maario Coleman and Angela Russell have been arraigned for operating a scheme to obtain thousands of dollars by stealing the identities of Emory University law and medical students and using them to apply for loans. (link)

Dec. 10, 2013: North Carolina officials are investigating a data breach that risked unauthorized online access to personal information concerning some current and former employees, vendors and students. It is believed that more than 6,000 people are affected. (link)

Dec. 6, 2013: A massive data breach at Maricopa Community Colleges was a result of staff errors in the information technology department, and the estimated cost of fixing the problem and aiding victims could rise as high as $14 million. (link)

Dec. 3, 2013: Windows XP is now more than 12 years old but according to data from Net Applications, it is still used on more than 31% of desktop and laptop computers around the world. Those tens of millions of PC users could be in for a very rude awakening next year once Microsoft cuts off support for the aged operating system. (link)

Dec. 3, 2013: The 23-year-old former student indicted in connection to a computer security breach at the University of Nebraska-Lincoln last year pleaded guilty Tuesday. In a deal with prosecutors, he agreed to plead guilty to a single count of fraud in connection with computers. Stratman also agreed to pay restitution for the resulting loss, though that may end up being a matter for the judge to determine. (link)

 


Fraud & Ethics Related Events

Dec. 19, 2013: Alcorn State University President M. Christopher Brown II has resigned amid an investigation into university purchasing practices. (link)

Dec. 14, 2013: An Athens County man faces federal charges for apparently stealing bones from the anatomy laboratory at Ohio University, his former employer. Weston Henri Moquin, 28, was charged on Wednesday with one count of transporting stolen bones and preserved human remains across state boundaries and one count of stealing property from a federally funded agency. (link)

Dec. 13, 2013: The University of Colorado Denver has placed an administrator on leave after it appears that she may have been operating a phone sex business while she was on the clock at the school. (link)

Dec. 12, 2013: A January sentencing date has been set for a former Southern Arkansas University student accused of stealing horses from the school's stables. Jaci Jackson of Broken Bow pleaded guilty in August to four counts of conspiracy to commit theft of property, bringing stolen property across state lines, knowingly concealing stolen property and cruelty to animals. (link)

Dec. 12, 2013: Almost two years after the FBI raided Carnegie Career College, a grand jury has charged the school's founders with conspiring to steal $2.3 million in federal student aid and spending some of the money on property, jewelry and vacations. (link)

Dec. 10, 2013: Two students and one alumnus at Florida International University have been accused of a scheme that involved hacking into a professor's computer, stealing a pivotal test and distributing copies to students willing to pay $150 a pop, officials said. (link)

Dec. 9, 2013: A University of Louisville postal clerk faces termination after she admitted to stealing gift cards and other items from students' mail. (link)

Dec. 2, 2013: An accountant for a famous Princeton University musical-comedy group whose members have included F. Scott Fitzgerald and Brooke Shields has been charged with embezzling more than $100,000 from the club since 2010, prosecutors said Monday. (link)

Dec. 2, 2013: In the summer of 2011, as an NCAA investigation into payments from agents and improper academic help from a former tutor raged within UNC-Chapel Hill's football program, African studies chairman Julius Nyang'oro set out to create another summer class for students. Nyang'oro received payment -- $12,000 for AFAM 280: Blacks in North Carolina. But just like with many of those other summer classes, UNC investigations later found, Nyang'oro didn't teach the class, which turned out to be filled with football players. An Orange County grand jury indicted Nyang'oro on a felony charge of obtaining property by false pretenses. (link)


Compliance/Regulatory & Legal Events

Dec. 18, 2013: Columbus police officers accused in a federal civil-rights lawsuit of using excessive force on an Ohio State University student over what later amounted to a litter violation said in a court filing Wednesday that they punched the young man up to seven times, sprayed mace in his face and hog-tied him, but that they did nothing wrong. (link)

Dec. 18, 2013: Federal regulators have fined Harvard Medical School $24,036 for repeated animal welfare violations in its care of monkeys used in research, an unusual penalty for an academic institution. The fine, announced by the US Department of Agriculture on Wednesday covers 11 violations from February 2011 through July 2012, including four involving the death of an animal. (link)

Dec. 13, 2013: The University of Houston is being cited by a government Inspector over its treatment of lab animals. According to a USDA report, a rabbit died while undergoing anesthesia because of inadequate monitoring. (link)

Dec. 11, 2013: A chiropractic university in Missouri has agreed to count pregnancy- and childbirth-related absences as excused absences, four months after the National Women's Law Center filed a complaint that its attendance policy violated Title IX of the Education Amendments of 1972. (link)

Dec. 10, 2013: A Florida appeals court on Tuesday handed down a potentially far-reaching ruling that would block state universities from regulating guns on campus. The 1st District Court of Appeal -- in a rare opinion decided by the entire appeals court -- sided with a University of North Florida student and a gun rights group that challenged a university rule that bans students on campus from storing guns in their cars. (link)

Dec. 9, 2013: The U.S. Department of Education's Office for Civil Rights plans to investigate the Title IX complaint filed seven weeks ago by seven current and former students. The students allege that the university did not protect them from sexual assault, did not provide them with needed services after they were assaulted and treated them with indifference. (link)

Dec. 3, 2013: A Santiago Canyon College administrator was sentenced Monday to 27 months in federal prison for stealing at least $46,400 in student aid. (link)

Dec. 1, 2013: One month after being sued by ex-president Evan S. Dobelle, Westfield State University trustees are seeking advice from the state attorney general's office on whether they have enough liability insurance. (link)


Campus Life & Safety Events

Dec. 16, 2013: Hundreds of Harvard students and faculty who were displaced by a bomb scare and walked out in their shirtsleeves or without their university ID cards, only to be locked out for hours as law enforcement swept the campus over what officials called ''unconfirmed reports of explosives. '' (link) (link)

Dec. 15, 2013: An Al Jazeera America video that featured Kansas University students discussing their drunken sexual encounters threw light on a local version of a common college problem: the dangerous mix of alcohol, sex, ignorance and the social lives of college students. Partly as a response, some KU students are pushing for beefed-up sexual assault and consent training for students, with the goal of both preventing sexual assault and making KU a model for other universities. (link)

Dec. 13, 2013: Six University of Houston students reported being robbed at gunpoint in one of the school's dorms, campus police said early Friday. (link)

Dec. 13, 2013: Borough police and Fairleigh Dickinson University Public Safety officers are asking for the public's help identifying four men seen entering and exiting a campus building before and after three students were reportedly robbed and assaulted. (link)

Dec. 12, 2013: Police are investigating the death of a college student who suffered brain trauma after "too many" tackles during a fraternity hazing incident over the weekend in the Poconos, a prosecutor said on Wednesday. (link)

Dec. 10, 2013: Montana State University has ordered members of an off-campus fraternity to attend classes on sexual assault prevention and imposed a ban on hard liquor there after a female student reported being raped at a frat house party where alcohol was served. (link)

Dec. 10, 2013: Campus and city police forces assured Minnesota lawmakers Tuesday that they've stepped up patrols and security features around Twin Cities-area colleges as a response to brash crimes affecting students. (link)

Dec. 9, 2013: A Texas campus police officer shot and killed an honors student after a high-speed chase because the student stole his baton and began attacking him with it, the college said Monday. (link)

Dec. 8, 2013: For first-semester freshmen pledging a fraternity at the University of Pittsburgh, more will be riding on final exams this week than just relief or regret about their own academic success or failure. If they finish the semester with a grade point average that's too low, it will cost their fraternity cash. (link)

Nov. 20, 2013: A U.S. congressman on Wednesday introduced legislation that would require colleges with high-revenue sports programs to provide their athletes with a package of benefits, including financial aid when an athletic scholarship is lifted for reasons other than misconduct or academic failure. (link)


Other News & Events

Dec. 10, 2013: DePaul University took a calculated gamble in early 2011 when it became the largest private school in the country to drop the standardized tests requirement for admission. (link)

Dec. 7, 2013: After a day of emotional protests, the Kean University Board of Trustees voted unanimously to uphold the denial of tenure -- and effective layoff -- of six university professors at a meeting in Toms River. (link)


If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/audit.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director
robinmk@auburn.edu
334.844.4389

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.