This Is Auburn Office of Audit, Compliance & Privacy
Office of Audit, Compliance & Privacy

Our Mission

The mission of the Office of Audit, Compliance & Privacy is to assist Auburn University, Auburn University at Montgomery, the Alabama Cooperative Extension System, and the Alabama Agricultural Experiment Station (the "University") in fulfilling its vision of being a preeminent comprehensive land-grant university. Our office provides services in three distinct yet related disciplines - audit, compliance, and privacy - in support of Auburn University's three-pronged mission of teaching, research, and service.

The Office of Audit, Compliance & Privacy functions in partnership with University leadership to:

  • improve the internal control system and culture;
  • improve and enhance the management of operational, financial, compliance, strategic and reputational risks;
  • enhance governance processes;
  • ensure strong stewardship and management accountability at all levels of the University.

Case In Point: Lessons for the proactive manager

As someone who has spent their career assisting in risk related activities in the higher education environment, I can recall several times where the topic of pandemics would show up on some risk assessment or heat map. Honestly, to me it was one of those risks that while certainly possible, I never really expected to experience. Then came COVID-19.

This publication has become widely distributed across higher education not only within the United States but also at many international institutions. As a result, I attempt to write for a wide audience. However, I feel compelled to briefly give kudos to Auburn University President Jay Gouge and his leadership in preparing our institution for this event.

I recall sitting in the President's cabinet meeting in January 2020, and Dr. Gogue mentioning the COVID-19 issues occurring in China. He went on to ask the AU Cabinet to being working on an operational plan should we have to carry out our mission remotely for 30 days. Little did I know in January how prophetic this instruction would become over the next two months. We have been very blessed at AU with visionary leaders throughout the executive leadership team here at AU. I hope your experiences at your institutions have been similar.

So what does one write about in the midst of a global pandemic? Honestly, I have no clue, but I thought I would share five things that came to mind.

  1. If you are working remotely, find a routine that works for you. One person told me that they still get dressed and ready just as if they are going to work in their office every day. They have found this helps them gain the right focus to still be productive in this new world.
  2. Take a break. It is okay to take a short walk (with appropriate distancing or by yourself). This is all new for us and sometimes stepping away for a few minutes can result in much more productivity.
  3. Do not hide on video conference calls. Most of us miss interaction with our colleagues, and I think we all miss something when looking at a non-video participant on these calls. Sure, it is weird, and I hate looking at myself on the screen, but it is the hand we have been dealt at the moment. We should maximize the interactions we have even if only on a video call.
  4. Use any down time for personal growth. Get better during these days by improving not only technical knowledge, but also person growth, leadership, emotional intelligence, management, communication, etc. Find an area you want to improve on, and use the time you have to capitalize on it. This is probably more valuable than watching Tiger King on Netflix.
  5. Do not forget that protecting data and information is still important. The privacy laws governing information and materials you may be accessing or using remotely are still in place. Remember that and make wise security and privacy decisions.

One thing that has occurred during the pandemic is an increase in phishing emails and attempts to comprise systems, not only in higher education, but also in virtually all industries. Jim O'Conner, VP for Information Technology at AU, and his team wrote some excellent suggestions for AU employees regarding phishing. These are presented with his permission with some with slight modification so they relate to any institution or organization.

How do you determine if an e-mail is safe?
  1. Look at sender's email address. If you are not 100% sure you know the sender do not click on anything in the message. Be extra careful on messages forwarded to you.
  2. If there is a link, hover the mouse pointer over the link. Does it come from your institution or do you recognize the link? If not, do not click.
  3. Free email services are routinely exploited by hackers -- Gmail, Hotmail, Yahoo, etc. Be extra suspicious of mail that originates from one of these. It does not mean the message is malicious but does require extra scrutiny.
  4. If there is more than one @ sign in an address or you receive a suspicions email, either trash it and or send it as an attachment/forward to your IT department for guidance
  5. No one should ask you to send your credentials via email.

I hope that a few of the items in this month's column are of some use to you. Even more so, I hope that when you hear from us next month our world will be returning to normalcy. In the meantime, please look at the issues occurring across higher education with a view toward proactive management. As always, we welcome your comments and suggestions.

Read this month's issue of Case In Point

Case In Point Archives

Anonymous Reporting Hotline

The University uses the EthicsPoint anonymous Reporting System to enhance communication and empower individuals to promote safety, security, and ethical behavior. Use this anonymous, confidential system to report situations, events or actions by individuals or groups that you believe unethical or otherwise inappropriate. Frivolous or unfounded reports do not help foster a positive workplace. This hotline service does not replace our existing reporting methods for reporting fraud, waste, abuse or other potentially illegal activities. The University continues to encourage stakeholders to report concerns or suspected violations to their supervisor or other campus entities as appropriate.

If you are uncertain if a situation violates University policy, is illegal or constitutes harassment or discrimination, you may use EthicsPoint to obtain clarification. We would much rather have you ask questions than let potential problems go unchecked. However, EthicsPoint should not be used for immediate threats to life or property. If the situation presents an immediate threat to life or property call emergency -- 911
Report a Concern

FAQ | How to File a Report

Last Updated: January 24, 2020