Internal Auditing

Case in Point:
Lessons for the pro-active manager

May 2009
Vol. 1 No. 5

"I reject your reality and substitute my own."

-- Adam Savage

One of the more interesting shows to hit the airwaves in recent years is the Discovery Channel's popular program, MythBusters. In this series, the stars use basic elements of the scientific method to test whether various rumors, urban legends, myths, and the like are true or false. We live in a time where easy and convenient communication can help us greatly, but unfortunately, it can also result in bad information being spread either quickly or to many people. Similarly, the "campus grapevine" spreads information for good or ill and has a substantial impact on campus culture and beliefs. This month I'd like to "bust" two of the more common "campus myths" that we sometimes hear.

The "Its My Money" Myth - Sometimes this myth is believed by a principle investigator (PI) when referring to a contract or grant he or she was awarded. While it is great to take ownership and pride in such projects, it's also important to remember that as a PI you are a financial steward of the government (or funding organization) and are responsible for spending the funds according to their requirements. In most cases simply having funds remaining in a project does not mean you can do with them whatever you desire or that you can transfer them to another project. Likewise, all funds in any university account are governed by university policy and legal requirements. The account manager whether a dean, director, department head, or PI has a fiduciary responsibility to ensure these funds are expended in an appropriate way. Ultimately, the buck stops with you as the responsible party over an account.

The "They Will Tell Me If Its Wrong" Myth - On occasion we hear of departments relying on this myth when processing transactions for which they are unsure if the transactions are allowable. This can be an attempt to get questionable items through the system, but more often it's simply an issue of trying to transfer responsibility to another part of campus. While we certainly attempt to have controls in place to prevent inappropriate expenditures/transactions, an item making it through the system does not mean you have transferred responsibility for its accuracy to someone else. As the leader and financial steward of your unit, the people approving the expense/transaction at the departmental level are responsible. Once again, the buck stops with you as the responsible party. Ask questions before approving anything you are unsure about. This protects you and the university and ensures you are taking your fiduciary and leadership responsibilities seriously. It means you are pro-actively managing your risks.

Once again, we present you with this month's current happenings in higher education and suggest you ask yourself, "How can I prevent this from happening in my unit?" Remember that every manager is a risk manager. We encourage you to be a pro-active one and think about your risks before problems occur. We hope this information helps. We welcome your suggestions and input into our monthly communication.

M. Kevin Robinson, CIA, CFE
Executive Director, Internal Auditing

Information Security Related Events

May 12, 2009: Personal information from 2,400 student applicants for college financial aid was accidentally e-mailed to about 1,250 of those applicants, a D.C. agency said Monday. The Office of the State Superintendent of Education said it has told all students about the breach, which happened when a worker at the agency's Higher Education Financial Services Program inadvertently attached a spreadsheet to an e-mail. (link)

May 11, 2009: On college campuses hacking can mean a number of different things and threats can come from students as well as outsiders. Hackers attack university databases and systems but they also are targeting the student ID card. Several high-profile incidents have hit close to home with the campus card community, but securing cards isn’t enough. Universities need to secure payment and IT networks as well or risk data falling into the hands of hackers. (link)

May 8, 2009: Overseas hackers gained access to confidential information belonging to tens of thousands of students and alumni at UC Berkeley and Mills College after breaking into computer databases at the Berkeley campus' health services center. The databases contained 97,000 Social Security numbers, health insurance information and nontreatment medical information, such as immunization records, names of doctors whom people may have seen and dates of medical visits. (link)

May 5, 2009: When Troy Abel, assistant professor for environmental studies at Western Washington University, arrived to his office after his 8 a.m. class two weeks ago, something was not right.  He realized his laptop, which he had left on his desk when he went home at 4 p.m. the day before, was gone. (link)

May 4, 2009: More than 15,000 students at Kapiolani Community College face an identity theft risk because of an Internet security breach, school officials said. (link)

May 4, 2009: Stephan Grzeskowiak, a former assistant professor of marketing at the University of St. Thomas, was sentenced recently in U.S. District Court in Madison, Wis., for illegally using a computer to monitor e-mail activities of a former graduate business student. (link)

April 30, 2009: Four individuals were indicted by a federal grand jury in Missouri this week for spamming more than 2,000 colleges and universities across the US. The team first started on their scheme at the University of Missouri and then branched out, hitting up nearly every college and university in the country. As a result, the spammers and their company were all charged in a 51-count indictment that includes fraud in connection with computers, fraud in connection with e-mail, conspiracy, and violations of the CAN-SPAM Act. (link)

April 25, 2009: Josh Ingram and other Texas Woman's University criminal justice students gathered around his laptop Wednesday afternoon on campus, unable to believe the information Ingram had accessed. The 24-year-old junior discovered an online loophole where he could look up any student record he wanted through the university's Degree Audit Report System. And Ingram thought he had the ability to change grades with the help of a drop-down menu. (link)

 Misapproriation/Fraud/Ethics Events

May 9, 2009: Through almost a year of public scrutiny, the University of Central Arkansas has set an example in the importance of transparency, interim president Tom Courtway said Friday. Courtway stood in front of the Joint Legislative Auditing Committee in Little Rock on Friday and answered questions concerning an audit highlighting events that have "compromised UCA's commitment to integrity and ethical values." (link)

May 6, 2009: Former Office of Student Activities (OSA) Director Jodie Nealley was driven by a gambling addiction as she embezzled more than $300,000 from Tufts, her attorney told the Daily today. Nealley will plead guilty on Friday to larceny charges, closing a chapter in a scandal that has reverberated throughout the campus since 2007. (link)

May 3, 2009: New Jersey's medical university, which spends more than $1 million a year for pagers and cellular phones, cannot account for many of them, according to a confidential internal audit. The auditors, whose report was obtained by The Star-Ledger, found the University of Medicine and Dentistry of New Jersey was paying for cell phones still held by terminated employees, and also was paying for expanded services -- such as cell phone picture messaging -- that the auditors questioned. Their report also said the university is not tracking personal phone usage by its employees -- a violation of Internal Revenue Service regulations. (link)

April 29, 2009: A former University of Nebraska-Lincoln faculty member has been arrested on charges of fraud for misrepresenting his academic standing and pocketing a higher university salary as a result. (link)

April 29, 2009: The wife of former Shelton State Community College President Tom Umphrey was sentenced Tuesday to 16 months in federal prison for her admitted role in fraud at the Alabama Fire College. The three counts of wire fraud result from payments transmitted across state lines in the job that paid her nearly $157,000 in salary and benefits, according to the plea agreement. (link)

April 22, 2009: The University of Kentucky fired four employees in the College of Pharmacy after an internal audit turned up more than $20,000 in improper or undocumented expenses, including sports tickets, a $475 bottle of wine and a swank dinner party. (link)

April 22, 2009: A state audit accuses the Maricopa Community College District of breaking the law by misrepresenting at least 22 employees of non-profit organizations as district employees for years and allowing them to enroll in the state retirement system. (link)

Compliance/Regulatory Failure Events

May 12, 2009: Quinnipiac volleyball coach Robin Sparks testified in federal court Monday that the school manipulated the rosters of athletic teams to make them appear more in line with the gender makeup of its student population. Sparks and several team members filed a lawsuit last month, accusing the school of failing to provide female students with equal opportunity to participate in varsity intercollegiate athletics. They're asking U.S. District Judge Stefan Underhill for an injunction that would prevent Quinnipiac from eliminating the women's volleyball program while the matter is in court. (link)

May 9, 2009: A state audit released Friday says Enterprise Ozark Community College officials failed to comply with provisions of state law in their actions on two 2008 building renovation projects totaling $478,353. “The college began renovations on these two buildings without advertising or requiring sealed bids,” the audit report states. “The Public Works Law states no public improvement shall be split into parts involving sums of fifty thousand dollars ($50,000) or less for the purpose of evading the requirements’ of the law.” (link)

May 6, 2009: A federal audit completed last week says Southern Illinois University Edwardsville misused federal grant money intended for helping disadvantaged youths and should return up to $1 million to the U.S. Department of Education. The report criticizes the university for failing to use the money to serve as many students as required by law, spending funds on noneducational excursions such as trips to Six Flags, and not keeping proper records on student eligibility.(link)

May 6, 2009: During the early morning hours today (May 6), a resident of Witte Hall at the University of Wisconsin-Madison let a male nonresident into the building. Soon after, a different student allowed the same individual to enter a stairwell. The person proceeded to enter eight unlocked rooms of female residents while they were sleeping. (link)

May 4, 2009: The University of Michigan Health System is under fire from two animal rights groups following reports of misconduct in University laboratory experiments and improper use of federal funding. Alka Chandra, a laboratory oversight specialist for People for the Ethical Treatment of Animals, said that documents obtained under the Freedom of Information Act revealed 33 violations of animal treatment by the University over a six month period. (link)

Other Events

May 13, 2009: A white fraternity that traces its roots to the Civil War and Confederate Gen. Robert E. Lee is again facing complaints over its antebellum-themed events. This time, University of Alabama alumnae are upset after Kappa Alpha Order members wearing Confederate uniforms and carrying battle flags paraded past a historically black sorority as the women celebrated the group's 35th anniversary. (link)

May 12, 2009: Three teens at Central Connecticut State University face criminal charges after police say they burned popcorn in a microwave, then tied shut the doors to some dorm rooms so students thought they were trapped in a fire. (link)

May 8, 2009: The rats are out in spades this spring in North Allston, a gritty neighborhood wedged between the Charles River and the Massachusetts Turnpike, and residents are blaming Harvard. (link)

April 21, 2009: The University of Tennessee overstated $6.4 million in gifts from donors last year because of accounting errors and lack of oversight, state auditors said Monday. The five-campus, 46,000-student flagship university ultimately wrote off $9.6 million in promised donations as uncollectible, and reduced its net gifts and pledges to $42 million for the fiscal year ending June 30. (link)

April 16, 2009: It is no secret that grade inflation is common within contemporary academia. The extent of it, however, is known to comparatively few. One student of the topic, Stuart Rojstaczer of Duke University, recently published data showing a steady increase in undergraduate grades from 1991 to 2007. In public institutions the average GPA rose from 2.93 to 3.11. In private schools the average GPA climbed from 3.09 to 3.30. (link)

If you have any suggestions, questions or feedback, please e-mail me at We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director
© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.