Case In Point: Lessons for the proactive manager

Volume 14 Number 01 | January 2022

Quotable .....

“Every problem is a gift -- without problems we would not grow.”

-- Anthony Robbins

We begin our 14th year of Case in Point with our annual review and analysis of categories from the prior year. As a part of this analysis, we try to point out trends or emerging hot topics. Such analysis is our best guess from what we see and read across our industry.

Last year our hot topics to keep an eye on were in two areas: 1) regulatory changes due to a change in presidential administration and 2) NCAA Athletics. Both those items proved to be accurate in our assessment, and they are both areas where changes are continuing to occur.

A primary example of changes in federal requirements is in Title IX guidance. It certainly will change, but the details are yet to be fully known at this point. There are other changes to how federal rules are enforced that have already taken place or are in process in virtually all areas involving federal funding, so it's important to pay close attention to the guidance.

Athletics has seen change at a pace that is unprecedented: NIL (name, imagine and likeness), the transfer portal, an NCAA constitutional convention, and the NCAA v. Alston Supreme Court case are the big issues that have dramatically changed college athletics the past year. Don't expect these changes to slow down, especially with each NCAA Division drawing up rules to govern themselves over the next year.

When we look at each specific category, we see similar numbers to the prior year regarding stories we linked:

Information Security & Technology: 13% (11% in 2020)
Fraud & Ethics: 18% (17% in 2020)
Compliance & Legal: 42% (47% in 2020)
Campus Life & Safety: 27% (25% in 2020)

Next month we will dig into the Information Security & Technology category. Until then, we recommend you review the headlines from each category with a view toward proactive risk management at your institution. As always, we welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy
Follow us on Twitter

Information Security & Technology Events

Jan 27: Ransomware: Midland University recently announced a data breach stemming from a malware attack. Malware is short for "malicious software." Malware users will install the software over a network onto the victim's device. From there, the program can wreak havoc, including scouring the device for any personal information. While details about the breach are still forthcoming, as a result of the breach, the names, addresses, driver's license numbers, state identification numbers, and Social Security numbers of certain individuals were compromised. (link)

Jan 26: Mistaken Scholarship Message: A full ride, including tuition, room and board, plus a $5,000 award to study abroad and admission to the school's honors program. That's what 58 high school seniors were told they would receive from Central Michigan University when they were notified over the weekend that they had been awarded the school's prestigious Centralis Scholar Award. But then on Sunday they got horrible news: They had been sent that message by mistake. In fact, they had actually not been awarded the scholarship to the university of about 20,000 students in Mount Pleasant, Mich. (link)

Jan 24: Email Hack: A 39-year-old man managed to hack student and staff emails at two Philadelphia-area colleges -- and obtain their personal identifying information -- but he didn't make a dime in his failed tax return fraud attempt, authorities say. Authorities say the man hacked into the emails of about 25 college students and staff before obtaining identifying information, including W-2 tax forms and student financial information. (link)

Jan 22: Data Breach: The University of Arkansas for Medical Sciences (UAMS) has discovered a breach of patient information and is notifying the affected patients. On Nov. 29, 2021, UAMS became aware that a former employee sent emails from her UAMS email to her personal Gmail account with patient information attached on November 15, 2021, while still employed with UAMS. The attachments consisted of Excel spreadsheets used for internal billing compliance auditing purposes and/or billing statements addressed to UAMS for reimbursement. The information included the names of 518 patients, their hospital account numbers, dates of service, insurance type, claim information for billing purposes and medical record numbers. (link)

Jan 19: Cybersecurity Compliance: As has been widely reported, the Department of Justice (DOJ) launched its new Civil Cyber-Fraud Initiative on October 6, targeting entities that fail to follow cybersecurity-related contract requirements. Despite these widespread reports, an entire category of prime enforcement targets -- universities and research institutions -- remains oblivious to the rising danger they face. (link)

Jan 07: Ransomware: Education technology company FinalSite is still in the process of recovering from a devastating ransomware attack that crippled many of the services they provide to thousands of schools across the world this week. In an update on Friday morning, the company said the "vast majority" of its sites are back up and running on the front end, but many systems are still facing a variety of issues. They urged their customers -- which include thousands of schools across 115 different countries -- to limit "software usage to critical information updates for your front-end" until they have confirmed that all functionality is working fully. (link)

Jan 04: Data Breach: Dr. Judith Zimmerman knew she was fired for doing the right thing. She was the lead investigator on a research project on autism in children, which she spearheaded at the Utah Department of Health. She brought that project, and a very sensitive database of data, to the University of Utah, where she was in charge of securing grants, overseeing contracts for data procurement and, most importantly, making sure that data was secure. When she found out that it wasn't, though -- that in 2012, her superiors and other researchers had gone behind her back to share deeply personal, identifying information about Utah K-12 students, and asked her to sign off on doing so after the fact -- she was abruptly fired for raising alarm. (link)

Fraud & Ethics Related Events

Jan 21: Foreign Ties: A former University of Arkansas professor on Friday pleaded guilty to lying to federal authorities about his financial and business ties to China. Authorities said the professor, who started working at the U of A in 1988, received money and benefits from China at the same time he was receiving federal grants for university projects. He was required to disclose his connections to China under the university's conflict-of-interest policy, but did not. (link)

Jan 20: Foreign Ties: The U.S. Justice Department on Thursday dropped charges against a Massachusetts Institute of Technology professor accused of concealing his ties to China when seeking federal grant money, in the latest setback for a crackdown on Chinese influence on American research. Federal prosecutors in Boston in a court filing said new information had emerged concerning Chinese-born mechanical engineer and nanotechnologist Gang Chen's alleged omissions that undercut the wire fraud and other charges he faced. (link)

Jan 14: Occupational Fraud: A former official of a St. Louis University program pleaded guilty in federal court here Friday to five felony wire fraud charges and admitted orchestrating a $518,000 fraud. In April 2019, the official began creating and submitting false invoices from MoACEP to the university, Assistant U.S. Attorney Ed Dowd said. He then had the payments sent to his personal accounts or to two PayPal accounts he'd set up for the partnership and a vendor, Dowd said. He also used his university credit card to pay a total of $75,405 in fake invoices. (link)

Jan 12: Grant Fraud: A former State University of New York professor from Hurley, N.Y., has been accused of stealing $32,000 by forging an application for a grant intended to provide high-need school district K-12 teachers with professional learning opportunities, according to state Inspector General Lucy Lang. The accused was a computer science professor at SUNY Sullivan for 12 years, teaching courses on game development, cybersecurity, and other computer-related topics, Lang said. An investigation by the Inspector General's Office found that the professor, without permission or authorization, falsely completed and signed a grant application on behalf of SUNY Sullivan, with $32,400 coming directly to her instead of the college, Lang said. (link)

Jan 03: Foreign Ties: A Harvard University professor charged with hiding his ties to a Chinese-run recruitment program was found guilty on all counts Tuesday. The former chair of Harvard's department of chemistry and chemical biology had pleaded not guilty to two counts of filing false tax returns, two counts of making false statements, and two counts of failing to file reports for a foreign bank account in China. (link)

Jan 03: Corruption: A San Mateo County Community College District vice chancellor has been charged in a wide-ranging corruption scandal, as prosecutors alleged he steered an architectural contract to an unqualified firm, failed to report gifts and campaigned on district time. The charges, announced Tuesday, are the first in a 2½-year investigation into corruption at the district. Prosecutors say the alleged misdeeds go back more than a decade and may involve some of the highest ranking officials at the district. (link)

Compliance/Regulatory & Legal Events

Jan 27: Wildlife Trafficking: A Texas biologist has been indicted by a federal grand jury for allegedly importing protected wildlife items into the country without declaring it or obtaining the required permits. An associate professor of biology at West Texas A&M University was charged Thursday with smuggling goods into the United States and two violations of the Endangered Species Act, a press release states. (link)

Jan 27: Child Pornography: A former Butler University professor has been arrested and charged with several counts of child pornography possession after an investigation revealed he had uploaded several abusive images to the internet, according to an arrest affidavit. Police began their investigation last week after receiving a tip from the National Center for Missing and Exploited Children, which reported that two dozen files of child pornography had been uploaded through Adobe Software by the professor's Butler University email address. (link)

Jan 26: Title IX Liability: The University of Arizona cannot be held liable under Title IX for a football player's off-campus assault of his girlfriend, even though the university exercises "substantial control" over its student athletes, a federal court said Tuesday. A divided three-judge panel of the 9th U.S. Circuit Court of Appeals rejected the girlfriend's argument that university officials could have prevented her assault by acting on previous reports that Orlando Bradford assaulted other women on campus. (link)

Jan 25: Discrimination Lawsuit: A former visiting math professor sued St. Joseph's University in federal court this month for removing him from the classroom and failing to renew his contract after his anonymous tweets last February against racial-bias training and reparations for slavery. Gregory Manco, who also lost his position there serving as a volunteer assistant baseball coach, says the university defamed him, discriminated against him on the basis of his race -- he is Caucasian -- and attempted to "cancel" him by suspending him and not renewing his contract, "despite his dedication and excellent performance." The lawsuit also names a professor and former students who complained about Manco. (link)

Jan 25: Free Speech Lawsuit Settlement: A former Collin College professor -- who lost her job after tweeting messages critical of the school's COVID-19 protocols and of then-Vice President Mike Pence -- resolved her lawsuit with the school Tuesday. Lora Burnett, who taught history, accepted the school's $70,000 offer to end the dispute. Burnett sued Collin College claiming her contract was not renewed last year because of her social media posts, which she said violated her First Amendment rights. (link)

Jan 24: Affirmative Action Legality: The Supreme Court announced Monday it will reconsider race-based affirmative action in college admissions, a move that could eliminate campus practices that have widely benefitted Black and Hispanic students. The justices said they will hear challenges to policies at Harvard and the University of North Carolina that use students' race among many criteria to decide who should gain a coveted place in an entering class. The cases would be heard in the session that begins next October, with a decision likely by June 2023. (link)

Jan 22: A federal judge on Friday in a decisive free speech ruling ordered that the University of Florida stop enforcing its conflict of interest policy against six professors who were barred from giving expert testimony in lawsuits against the state. Chief U.S. District Judge Mark Walker for the Northern District of Florida accused the university of silencing the professors and granted them a preliminary injunction. (link)

Jan 20: Title IX Investigation: The U.S. Department of Education has opened a civil-rights investigation into how LGBTQ students are disciplined at Brigham Young University, a private religious school. The complaint under investigation came after the school said it would still enforce a ban on same-sex dating even after that section was removed from the written version of the school's honor code, the Salt Lake Tribune reported. Students can be punished for holding hands or kissing someone of the same sex, harsher discipline than that faced by heterosexual couples at the school operated by The Church of Jesus Christ of Latter-day Saints. (link)

Jan 19: Sexual Abuse Settlement: The University of Michigan has agreed to pay $490 million in damages to the more than 1,000 former students, mostly male, who said they were sexually abused by sports doctor Robert Anderson, their lawyers confirmed Wednesday. The announcement came after 15 months of mediation and appeared to close the book on one of the nation's biggest sex abuse scandals, which involved several generations of victims going back to the 1960s. (link)

Jan 18: Title IX Liability: In a case involving the murder of a student on campus by a visiting boyfriend, the Third Circuit Court of Appeals held that an institution may be liable under Title IX for its failure to address apparent harassment by a non-student visitor. While acknowledging that no prior court had extended the scope of Title IX liability to include the actions of a student's visiting guest, the Third Circuit, in Hall v. Millersville University, held that institutions that "act with deliberate indifference to known sexual harassment" may be held liable even if the harasser is "a third-party." (link)

Jan 17: Wrongful Death Lawsuit: A Palo Alto family is suing Stanford University, and several others, after their son died of an accidental overdose at his fraternity two years ago. The Weiner family is ingrained in the university. Both parents are faculty members, daughter, Ya'El, is a graduate, and in 2020 their son Eitan was a sophomore and goalie on the club soccer team. Eitan was a member of the Theta Delta Chi Fraternity and it was there in 2020 he died at the house. The medical examiner says it was an accidental fentanyl overdose. (link)

Jan 17: Inappropriate Relationship: The University of Michigan removed president Mark Schlissel from his position "effective immediately" following an anonymous complaint suggesting that he "may have been involved in an inappropriate relationship with a University employee," the university said Saturday. "After an investigation, we learned that Dr. Schlissel, over a period of years, used his University email account to communicate with that subordinate in a manner inconsistent with the dignity and reputation of the University," a statement from the board of regents read. (link)

Jan 13: Insider Trading: A Chicago lawyer who was a faculty member at the Loyola University Chicago was indicted Monday for allegedly making a $110,000 profit by trading on insider information passed along by a college friend. The lawyer was accused of purchasing shares and call options in stock of an education-technology company called Chegg Inc., report Reuters and Law360. (link)

Jan 13: Sexual Assault: A former Ontario Tech University lecturer from Courtice is facing multiple sexual assault charges from two men who were students of his at the time of the alleged assaults. The Durham Police Special Victims Unit began investigating the suspect after one of the victims came forward in October with "allegations of a sexual nature." The alleged incidents began in 2016, when the victim was 17, and continued for several years according to investigators. The suspect was a lecturer at Ontario Tech University (then known as UOIT) during this period from 2008 to 2017. Both victims were students of the suspect. (link)

Jan 13: Solicitation: A University of Maryland men's basketball assistant coach was arrested in October and charged with soliciting a prostitute, according to court documents obtained by The Baltimore Sun. He was suspended 30 days by the school late Wednesday night for violating his employment agreement. According to court documents, the coach responded to an advertisement, which was posted by an undercover detective for a Prince George's County police special assignment team, on the "women seeking men" section of a website known to be utilized by women who exchange sex for money to solicit their clients. (link)

Jan 12: Discrimination Lawsuit Settlement: A former University of Iowa employee who says she was discriminated against based on age and gender received a $325,000 settlement Tuesday from the state, which admitted no wrongdoing. Pam Ries, the former director of a program within the UI College of Education, filed a lawsuit against the university, the Board of Regents and the state in 2018. She had been fired from her job a year before at age 61 and replaced with a younger male employee who was paid more, a series of actions she argued constitute gender and age discrimination, unequal pay and retaliation. (link)

Jan 11: False Claims Act: UC San Diego Health, the academic health system of the University of California, San Diego, has paid $2.98 million to resolve allegations that it violated the False Claims Act by ordering medically unnecessary genetic testing reimbursed by Medicare. The settlement resolves allegations that, from December 2015 to October 2019, UC San Diego Health ordered and submitted referrals for medically unnecessary genetic testing performed by CQuentia Arkansas Labs, CQuentia NGS and Total Diagnostic II (collectively "the CQuentia labs"). The government alleged that this conduct led to the submission of false claims for payment to Medicare for these tests. (link)

Jan 10: Antitrust Lawsuit: Sixteen major U.S. universities, including Yale University, Georgetown University and Northwestern University, are being sued for alleged antitrust violations because of the way they work together to determine financial-aid awards for students. According to a lawsuit filed in Illinois federal court late Sunday by law firms representing five former students who attended some of the schools, the universities engaged in price fixing and unfairly limited aid by using a shared methodology to calculate applicants' financial need. (link)

Jan 03: Breach of Contract Lawsuit: A former basketball coach at the University of Evansville (UE) in Indiana, Walter McCarty, is suing UE for breach of contract, saying it owes him $75,000, reports 14 News. The lawsuit comes one year after the university fired McCarty based on findings during an investigation into allegations of sexual misconduct and Title IX violations made against him. According to 14 News, the lawsuit alleges that university "could not afford the contractional obligations resulting from Mr. McCarty's success" saying that McCarty "revived the University of Evansville basketball program, bringing it back to national prominence." (link)

Jan 03: Title IX Lawsuit: Marissa Root first went to a Salt Lake County hospital, she said, to report that she had been raped by a college football player. Then she went to two Utah universities seeking support -- only to be turned away by both. She initially tried her school, Utah Valley University, where the staff said they couldn't provide her resources because the alleged perpetrator wasn't a student there, Root said. They recommended that she go instead to his school, the University of Utah. In a federal lawsuit filed Tuesday, Root alleges that the two schools did not meet their legal obligations under Title IX. (link)

Jan 01: Discrimination Lawsuit: A University of South Florida football player kicked off the team after he was accused of rape has filed a federal discrimination suit against the university. Charges against Kevaughn Dingle, 22, were dropped by the Hillsborough State Attorney's Office. But Dingle said in the lawsuit that his arrest by campus police in November 2017, his expulsion and the resulting news coverage "destroyed" his life. According to the suit, filed Dec. 8 in U.S. District Court in Tampa, USF "rushed to a judgment" in the case for a number of reasons -- the emergence at the time of the "Me Too" women's rights movement, mistrust toward Black men, flawed investigative and judicial processes, internal bias in favor of female accusers and embarrassment over a prior USF assault case. (link)

Campus Life & Safety Events

Jan 27: Sexual Assault: A man has been charged with rape and accused of assaulting an Indiana University student while she was intoxicated and vomiting in a campus bathroom. According to a probable cause affidavit, the woman had been drinking alcohol with friends in a room at the Teter-Thompson residence hall on December 2, 2021. She told IU police she became intoxicated and decided to lie down on the floor when another student tried to touch her inappropriately. (link)

Jan 18: Hazing: A Clemson University fraternity was suspended for four years after violating the university's code of conduct, a conduct report released earlier this month revealed. A Clemson University investigation into the Pi Kappa Phi fraternity revealed hazing incidents that occurred on Feb. 4, 2021. The incidents involved acts of personal servitude by new members and included "line-ups, berating, morally degrading behavior," according to the report made available through the South Carolina Tucker Hipps Transparency Act. (link)

Jan 16: Roof Collapse: An intense situation unfolded Sunday, Jan. 16 at Brevard College. Emergency crews responded to a partial roof collapse at one of the dorms -- Jones Hall -- just after 3 p.m. At full capacity, Jones Hall has 80 residents; 50 were in the building when the collapse happened. Late Sunday night, Brevard College tweeted that heavy snowfall caused by the winter storm caused the partial roof collapse. But what actually failed within the structure is being investigated, and crews are assessing the building. (link)

Jan 07: Burglary: Several on-campus housing apartments at Prairie View A&M University were burglarized and ransacked over winter break, impacting dozens of students. At least 15 apartments at University Village, the on-campus housing, were broken into. Doors were broken open, rooms were ransacked, and shoes and clothes were stolen. (link)

Jan 05: Campus Threat: D.C. police are investigating a bomb threat that was made to Howard University late Tuesday afternoon. Similar threats were phoned in to other historically Black colleges and universities around the country. All were later found to be hoaxes. Howard said the school was notified by the Metropolitan Police Department that someone had phoned in claiming a pair of bombs had been placed inside the school's administration building on 6th Street in Northwest. (link)

Jan 05: Hazing: The University of Kansas has suspended two fraternities for five years following an investigation that accused the clubs of fostering a culture of hazing. KU Vice Provost for Student Affairs Tammara Durham on Tuesday informed Phi Gamma Delta and Phi Delta Theta in a letter that they will be removed from KU's campus until the spring of 2027, the Kansas City Star reported. The letter said investigations by national fraternity leadership and reviewed by a university panel found the fraternities engaged in a pattern of hazing that, combined, included sleep deprivation, assaults, forced workouts, destruction of pledges' property and retaliation for reporting the behavior to university officials. (link)

Jan 01: Vaccine Mandate: Hundreds of unvaccinated employees who work at public colleges and universities in Nevada were being fired Friday, a day after the state Board of Regents voted to keep a staff vaccine mandate in effect. The Nevada System of Higher Education Board of Regents on Thursday deadlocked 6-6 on a measure to repeal the staff vaccine mandate and then rejected a measure to push the effective termination date back two weeks. Higher education officials said on Friday that 379 employees were being terminated, 188 attribution employees ended their contracts and 18 more voluntarily resigned. Employees who are fired can seek reinstatement if they show proof of vaccination in January, regents said. (link)

If you have any suggestions, questions or feedback, please e-mail Kevin Robinson at robinmk@auburn.edu or Robert Gottesman at gotterw@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.