Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

January 2015
Vol. 7 No. 1
Quotable...
"What has been will be again, what has been done will be done again; there is nothing new under the sun.''

-- Ecclesiastes 1:9

This month we begin our analysis of the events that transpired during 2014 and were included in Case-in-Point. We linked a total of 580 stories in this publication during 2014. It is often difficult to categorize items into just one of our five categories as frequently a story will have elements of multiple areas. However, we do strive to bring consistency to our categorization and believe analyzing trends and the data is of benefit. Certainly, there are many more items that could be included in our publication than space allows, but we believe we provide a solid evaluation of the general risk-related themes and trends in higher education.

During 2014 the breakdown among categories is as follows: Information Technology Related 20%; Fraud/Ethics 19%; Compliance/Legal 28%; Campus Life 26%; and lastly, those hard to classify stories we call Other 7%. As a point of comparison, in 2013 the breakdown among categories was: Information Technology Related 17%; Fraud/Ethics 15%; Compliance/Legal 31%; Campus Life 26%; and Other 12%. One major trend we've seen over the past few years would be the growth of the compliance burden in our industry. This has certainly held true during 2014, and we would expect that to continue for the foreseeable future. Over the next few months we will analyze each specific category in more detail and discuss possible trends or emerging threats that may be useful for you to consider.

We again invite you to review the events occurring in higher education and consider how you may help reduce risks and improve the odds of achieving our objectives. We welcome your comments and feedback.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing


Information Security & Technology Events

Jan 30, 2015: University of Washington officials have acknowledged that some portions of the university’s website were “defaced” Thursday when university information was replaced with a photo of an American soldier memorial, as well as a vague threat to soldiers serving in Iraq. (link)

Jan 21, 2015: University of Oregon officials have placed two employees on leave after the ''unlawful release'' of 22,000 pages of records from the president's office, including confidential information on faculty, staff and students. Interim UO President Scott Coltrane sent out an email Tuesday night, addressed to colleagues, saying an investigation was underway. Although no Social Security numbers, financial information or medical records apparently were divulged, Coltrane wrote that, ''We are committed to taking steps to mitigate the potential injury associated with this situation.'' (link)

Jan 21, 2015: A study of Facebook activity and grade-point averages suggests that students may learn to regulate their use of Facebook, both as a distraction from coursework and in their free time, as they move through college. (link)

Jan 20, 2015: Malicious hackers spend much of their time developing sophisticated attacks and complex new ways to steal people's credit card numbers, bank account information and other private data. It's getting more and more difficult to protect ourselves from these hacks, especially when just about anyone can go online and hire a hacker these days. But for many people, all of the hard work these hackers put into ruining our lives is a waste of time, because they make things remarkably easy for hackers by using the worst passwords on the planet. (link)

Jan 16, 2015: When they first heard that someone had bragged in a blog post about hacking into their website, officials at Metropolitan State University weren't sure what to make of it. The hacker, they were told, appeared to be a teenager from Australia who claimed to have attacked Metro State's website, and dozens of others, on a whim. (link)

Jan 15, 2015: We have all heard about the damage caused by the Sony Hack. However, the Sony Hack was not even one of the top thirty largest data breaches of 2014 in terms of number of files breached. According to information from the massive database maintained by Privacy Rights Clearinghouse on data breaches, 30 educational institutions experienced data breaches in 2014. Five of the thirty schools actually had larger data breaches than the notorious Sony Hack. The leading cause was from hacking or malware. (link)

Jan 13, 2015: University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee's credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee's official human resources account to change the employee's direct deposit information. This redirects the employee's paycheck to the bank account of another individual involved in the scam. (link)

Jan 1, 2015: A Clarke County grand jury recently indicted a Georgia Tech student for allegedly hacking into the University of Georgia's computer network to post a message prior to the annual rivalry football game between the Bulldogs and Yellow Jackets. Ryan Gregory Pickren, 21, was charged with felony computer trespass for making the posting on UGA's online calendar on Nov. 27, two days before the intrastate gridiron match-up. (link)


Fraud & Ethics Related Events

Jan 24, 2015: A former New Jersey college theater production manager who admitted stealing box office receipts has been sentenced to prison. (link)

Jan 21, 2015: Make room, North Carolina. It appears you could soon have some company in the NCAA's academic doghouse. Jonathan Duncan, the NCAA's new head of enforcement, confirmed to the Chronicle of Higher Education that it's investigating allegations of academic misconduct involving 20 different athletic departments. The schools under investigation weren't identified, nor were the sports involved; rather the numbers were broken down by divisions: 18 Div. I schools, and one each at the Div. II and Div. III levels. (link)

Jan 18, 2015: Adams State University is freezing new enrollments in its print-based correspondence courses pending an external review of the student verification process. The university took the action in response to a report of fraudulent activities by a person who said he completed assignments and exams and bribed test proctors on behalf of student athletes. (link)

Jan 13, 2015: He wore a hoodie and a stocking cap as he made multiple trips to an ATM on a warm day in April 2012, cutting a suspicious enough figure that a concerned citizen tipped off police in the college town. Using surveillance video, they discovered a cornerback for the University of South Dakota's football team was using a preloaded debit card that had been issued for a tax refund. The card, however, did not belong to Alphonso ''Rico'' Valdez. A scheme to defraud the IRS of $1.1 million began to unravel. After a months-long investigation, authorities busted up the fraud ring, which netted about $400,000 over nearly a year. (link)

Jan 12, 2015: In a coda to a major case of alleged research misconduct at Duke University in Durham, North Carolina, in the late 2000s, newly revealed documents suggest that Duke officials dismissed a medical student's concerns about cancer researcher Anil Potti's work. Potti came under scrutiny for problems with data in several papers that reported on using tumor gene signatures to assign cancer patients to different chemotherapies in clinical trials. (link)

Jan 8, 2015: Dartmouth College has charged 64 students, many of them varsity athletes, with honor code violations following allegations of widespread cheating in a sports ethics class. Department of Religion Chairman Randall Balmer, who in November accused some of his students of misrepresenting their class attendance, said that with a few exceptions, most of the students were suspended for a term.'' (link)

Jan 5, 2015: The University of Texas at Austin is investigating a report that two of its former athletes received academic help from a former coach not affiliated with the university, it said in a statement on Monday. The former coach, identified only as Mr. White, was the subject of a Chronicle investigation published on December 30. (link)


Compliance/Regulatory & Legal Events

Jan 27, 2015: The family of an MIT doctoral student who killed himself in 2009 is suing the university, two professors, and an associate dean, alleging the officials did not do enough to help him even though they had for months shared concerns about his mental well-being. (link)

Jan 26, 2015: Three Russian citizens were charged Monday in connection with a Cold War-style Russian spy ring that spoke in code, passed messages concealed in bags and magazines, and tried to recruit people with ties to an unnamed New York City university, authorities said. (link)

Jan 24, 205: A lawsuit filed by an Amherst College student who argued the school unfairly held up his academic career over an old, unproven allegation of an on-campus rape has quietly settled. According to records in U.S. District Court, the college recently reached a settlement with the ''John Doe'' but neither his lawyers nor school officials will discuss the terms of the agreement. (link)

Jan 22, 2015: ESPN has filed a lawsuit against Notre Dame claiming the university violated Indiana's public records law by refusing to release campus police records. The suit was filed in St. Joseph Superior Court on behalf of ESPN Inc., the sports media company based in Bristol, Conn., and ESPN reporter Paula Lavigne, who requested the records. (link)

Jan 15, 2015: UBooster, a Greenville-based website, allows college sports fans to pledge funds to their favorite school if the school signs a coveted recruit -- unless the fan's favorite school is Clemson University. UBooster launched Jan. 5. Three days later, Clemson's general counsel Chip Hood sent a cease and desist letter to UBooster founder and CEO, Rob Morgan. The letter instructed UBooster to ''immediately refrain from purportedly raising funds on behalf of Clemson University directly or indirectly.'' (link)

Jan 13, 2015: A former Quinnipiac University student who was placed on a mandatory medical leave after she sought help for depression will receive $17,000 to compensate for distress and $15,126 to cover tuition costs in a settlement reached by the U.S. Department of Justice and the university. (link)

Jan 12, 2015: Three Collin College police officers have filed a whistleblower lawsuit against the college district and are asking for the resignation of three college officials. The college has issued a statement denying any wrongdoing and that the lawsuit was filed by disgruntled employees. There is no basis for the claims in the lawsuit, and there was no cover up,'' the statement said. The civil suit states that the three officers became victims of retaliation after they began investigating an alleged scheme involving more than $1.5 million worth of missing college textbooks. (link)

Jan 9, 2015: The Medical College of Wisconsin has paid $840,000 to settle claims it billed Medicare for neurosurgeries at which teaching physicians weren't overseeing residents to the degree required by law. The payment, announced Friday by the U.S. attorney's office, resolves a False Claims Act lawsuit claiming the college billed for surgeries between 2006 and 2013 as though teaching physicians were always present. (link)

Jan 9, 2015: The University of Oregon student who says she was raped by three UO basketball players is suing the university and head basketball coach Dana Altman for allegedly violating her federal civil rights by recruiting one of the involved players after he had previously been accused of rape elsewhere. (link)

Jan 7, 2015: The woman who accused Jameis Winston of rape has filed a federal civil lawsuit against FSU trustees, arguing the university violated her Title IX rights by refusing to properly investigate the incident. (link)

Jan 5, 2015: Kaplan Higher Education, a leading for-profit education company with campuses located throughout the country, will pay roughly $1.3 million under a civil settlement with the United States Department of Justice. The settlement resolves whistleblower allegations that the company employed unqualified instructors at its campuses in Texas, Acting U.S. Attorney Richard L. Durbin, Jr. announced today. (link)

Jan 3, 2015: A University of Colorado philosophy professor previously found in violation of the school's sexual harassment policy retired over winter break, the latest departure from a department still reeling from the release of a scathing report describing a climate that was unfriendly to women. (link)

Dec. 19, 2014: The University of Nebraska has been dinged by the state auditor for allowing employees to spend nearly $96,000 on 20 first-class flights around the world, book $300-a-night oceanfront resort rooms for a week and get reimbursed for alcohol while traveling, in violation of state law. (link)


Campus Life & Safety Events

Jan 29, 2015: The University of Ottawa will put in new training programs for administration, students and full-time coaches, launch a bystander intervention program and fund new courses on rape culture after the release today of a task force report into sexual violence. The task force on respect and equality's report, which school president Allan Rock said he received Thursday morning, gives 11 recommendations after nine months of work. (link)

Jan 29, 2015: Dartmouth College will ban hard alcohol on campus, forbid pledging at fraternities and sororities, overhaul its student housing model, and roll out a mandatory four-year sexual violence prevention program as part of major policy changes announced Thursday aimed at curbing high-risk behavior. (link)

Jan 29, 2015: A student at the University of Minnesota has tested positive for measles. It's the first confirmed measles case in Minnesota this year, and the first measles on campus in at least 20 years. (link)

Jan 23, 2015: Brown University has banned alcohol from being served at parties in fraternities and certain student residence halls for the spring semester. The crackdown, which has been nicknamed ''Prohibition'' by the campus newspaper's editorial board, was put in place this week after two fraternities were punished for having booze-fueled parties that led to reports of ''non-consensual sexual conduct.'' (link)

Jan 21, 2015: The Alpha Delta Phi fraternity at Duke University has been suspended, following an allegation from a female student that she was raped at party held at their off-campus house earlier this month. The woman told Durham police she passed out after being given a hot chocolate, and awoke the next morning with no underwear, wearing a shirt she didn't recognize. (link)

Jan 19, 2015: A new, student-developed app was shut down due to perceived safety concerns. The app, called GirlCode, created by three Princeton students, was created in opposition to the university's current bathroom policies, in which students must enter a code to access women's restrooms. GirlCode provided an interface through which students and the general public could easily find the required codes by inputting their residential college, followed by their building. (link)

Jan 15, 2015: The chancellor of the University of Massachusetts Amherst has decided to end the school's controversial confidential informant program, concluding that it is fundamentally inconsistent with our core values'' after an informant used by the university police died of a heroin overdose. Chancellor Kumble R. Subbaswamy suspended the program in September after The Boston Globe revealed that an informant had died of a heroin overdose in October 2013. In order to avoid drug charges, the student had agreed to help campus police, and his parents were never informed that he was involved with drugs or that he had served as an informant. (link)

Jan. 13, 2015: Police in Columbus have used tear gas and pepper spray to try and disperse crowds flooding onto North High Street to celebrate Ohio State's national championship victory Monday night. The Columbus Dispatch reports police were trying to get the thousands of people celebrating the win to stay on the sidewalks. However, party-goers kept blocking the street. (link)

Jan. 6, 2015: A month after a damaging Rolling Stone story about campus rape was discredited, University of Virginia officials announced that fraternity and sorority activities can resume immediately. To be able to participate in activities again, sororities and fraternities have agreed to a slew of stipulations officials say will increase safety for students, including additional leadership training for sexual violence and alcohol awareness, and submitting safety recommendations to university officials. Students return to school Monday for the spring semester. (link)


Other News & Events

Jan 27, 2015: Students at Texas Tech University celebrated a snowstorm last week by erecting a large snow sculpture of a penis. Accounts of the size vary from 8 to 11 feet. The University opted to demolish it, but not before it made it's way to youtube. (link)

Jan 9, 2015: Some students at New Jersey's second-largest public university are outraged after learning their school is spending $210,000 for a 12-foot bronze statue depicting the school's red-tailed hawk mascot. The students pay $11,000 in annual tuition and fees, and many are not feeling the school spirit. (link)

Jan 4, 2015: Students now pay more of the cost of attending public universities than state governments, according to a recent Government Accountability Office report, and the federal agency says it's making college unaffordable. Tuition officially surpassed state funding in fiscal year 2012, the GAO found, accounting for 25 percent of public college revenue. Meanwhile all state sources dipped from 32 percent in 2003 to 23 percent in 2012. (link)


If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director
robinmk@auburn.edu
334.844.4389

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.