This Is Auburn Office of Audit, Compliance & Privacy
Office of Audit, Compliance & Privacy

Our Mission

The mission of the Office of Audit, Compliance & Privacy is to assist the Auburn University System in fulfilling its vision of being a preeminent comprehensive land-grant university. Our office provides services in three distinct yet related disciplines - audit, compliance, and privacy - in support of Auburn University's three-pronged mission of teaching, research, and service.

The Office of Audit, Compliance & Privacy functions in partnership with University leadership to:

  • improve the internal control system and culture;
  • improve and enhance the management of operational, financial, compliance, strategic and reputational risks;
  • enhance governance processes;
  • ensure strong stewardship and management accountability at all levels of the University.

Case In Point: Lessons for the proactive manager

Our monthly newsletter compiles relevant higher education risk-related stories from around the nation.

August 2019

Last month we discussed the topic of occupational fraud in higher education, and I stated in the column, ''Fraud rarely occurs when strong controls and oversight are in place.'' I certainly can attest to this being true in the cases we have investigated over the years. In addition, the Association of Certified Fraud Examiners publishes a report on the topic every two years listing the top reasons that occupational fraud was able to occur:

  1. Lack of internal control
  2. Lack of management review
  3. Override of existing controls
  4. Poor tone at the top
  5. Lack of competent oversight

All five are control related issues. Therefore, I thought this month would be a good time to expand on what we mean by controls and offer some advice in this area. Controls are simply the things we do to ensure we are successful in achieving our objectives. Certainly, we have an objective to prevent fraud in our organization (though it may not be written down). The actions we take to achieve that objective are all internal controls. You implement controls in your personal life every day. For example, most people lock their doors when they leave their house. This is a control activity used to achieve your objective of preventing your property from being stolen.

When speaking on the topic of internal controls, I used to include my top ten suggestions for improving internal controls, but lately I've narrowed the list to five:

  1. Never let one person have complete control of a process. You effectively have no control if you do.
  2. Follow your intuition. Ask a question if something seems ''off.''
  3. Don't sign something you don't understand. Proper management oversight means asking questions.
  4. Make sure reconciliations are being done and reviewed by someone other than the reconciler.
  5. Consider the example you are sending to other people. ''Social proof'' impacts internal controls in a powerful way - people follow your example for good or ill.

Controls can be used to manage almost all the risks we see each month in our links. We invite you to review the events happening throughout higher education with a view toward strong controls, oversight, and proactive risk management. As always, we welcome your comments and suggestions.

Read this month's issue of Case In Point

Case In Point Archives

Anonymous Reporting Hotline

Auburn University uses the EthicsPoint anonymous Reporting System to enhance communication and empower individuals to promote safety, security, and ethical behavior. Use this anonymous, confidential system to report situations, events or actions by individuals or groups that you believe unethical or otherwise inappropriate. Frivolous or unfounded reports do not help foster a positive workplace. This hotline service does not replace our existing reporting methods for reporting fraud, waste, abuse or other potentially illegal activities. The University continues to encourage stakeholders to report concerns or suspected violations to their supervisor or other campus entities as appropriate.

If you are uncertain if a situation violates University policy, is illegal or constitutes harassment or discrimination, you may use EthicsPoint to obtain clarification. We would much rather have you ask questions than let potential problems go unchecked. However, EthicsPoint should not be used for immediate threats to life or property. If the situation presents an immediate threat to life or property call emergency -- 911

Last Updated: September 13, 2019