Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

October 2011
Vol. 3 No. 10

One of the tests of leadership is the ability to recognize a problem before it becomes an emergency. 

— Arnold Glascow

October is National Cyber Security Awareness Month so as we end this month we present the Top Five Tips for Security as listed by AU’s Office of Information Technology (OIT).

Be smart!! Most security risks and scams can be easily avoided if you use a little common sense.

  1. Use anti-virus software
    • AU provides free anti-virus software @ AU Install
    • Frequently scan your computer
  2. Keep your operating system up-to-date
    • Turn on Automatic Updates to ensure your operating system gets the most recent security
      patches and hotfixes
  3. Backup Regularly
  4. Avoid Phishing Scams & Identity Theft - Don't Click Links in E-mail
  5. Stay safe on Wireless Networks
    • Only use legitimate hotspots
    • Defend your mobile device with a personal firewall and a VPN Client
    • Secure your home wireless network -- see print-out below Security Tips
    • Be smart!! Most security risks and scams can be easily avoided if you use a little common sense.

For more information on safe computing visit OIT’s Keep It Safe Website: http://keepitsafe.auburn.edu/
As you know, information technology is just one of many risks we face daily in higher education.  We again encourage you to review this month’s survey of events across our industry and think pro-actively about how you can prevent a crisis within your sphere of influence here at Auburn University.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing

Information Security & Technology Events

Oct. 25, 2011: Private financial information belonging to as many as 5,000 college students was open for viewing on a federal government student loan website in recent weeks, according to a senior Department of Education staff member. (link)

Oct. 25, 2011: Data breaches are going to happen, regardless of what an institution does. How effectively a school responds may be a more telling indicator of its preparedness. (link)

Oct. 20, 2011: No matter how many times entities warn employees about phishing attempts, it seems that some inevitably fall for them anyway. College of the Holy Cross recently notified the New Hampshire Attorney General’s Office that 7 of their employees had fallen for phishing attempts that originated in Nigeria and Ghana. (link)

Oct. 12, 2011: As technology advances, so do the threats posed to its users and their devices. One growing area of concern for colleges, highlighted in a report released today by the Georgia Tech Information Security Center and the Georgia Tech Research Institute, is the increasing number of attacks on smartphones and their mobile Web browsers (link)

Oct. 12, 2011: Microsoft released their bi-annual Security Intelligence Report. This is a detailed analysis of the current state of malware and infection propagation methods on the Internet. Sources of data include Microsoft's Malicious Software Removal Tool (MSRT), which runs and analyzes over 600 million computers every month. Their key finding? The human is the number one propagation method. (link)

Oct 7, 2011: University of Georgia officials are investigating how personal data on nearly 19,000 employees was publicly available on a university web site since at least 2008. A university official discovered last week that the information had been accessible to the public and immediately took the data offline, spokesman Tom Jackson said Friday. (link)

Oct. 5, 2011: Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor’s marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test, the hospital and contractors confirmed this week. The applicant then sought help by unwittingly posting the confidential data on a tutoring Web site. (link)

Fraud & Ethics Related Events

Oct. 26, 2011: A former Drake University administrator who pleaded guilty of embezzlement now is being chased by an insurance company that seeks to reclaim more than $600,000 paid out because of him. (link)

Oct. 25, 2011: One of the two former Eastern Michigan University student-employees who was accused of stealing the records of 64 people from the university turned himself in and has been charged, according to police. (link)

Oct. 25, 2011: The student life director at San Antonio College told the student newspaper, The Ranger, last week that he wanted a fee to be interviewed by its reporters. Jorge Posadas told The Ranger’s student editor Jolene Almendarez that he would answer questions via email but would not do a face-to-face interview without being paid. (link)

Oct. 22, 2011: A former St. Xavier University vice president pleaded guilty Friday to stealing more than $850,000 from the school by submitting false claims for more than 10 years. Prosecutors said that as vice president for business and finance, Susan Piros knew that expenses under $10,000 needed only her approval. To conceal her thefts, she submitted fraudulent requests to be reimbursed for school expenses — all in amounts less than $10,000. (link)

Oct. 17, 2011: Oklahoma State University chemistry staff member Cynthia Low, originally from Yale, is accused of embezzling more than $80,000 in university funds to purchase Wii games, sex toys, lingerie and other personal items between July 2008 and February 2010, according to the initial filing at the Payne County Courthouse. A search of Low's work computer showed various altered invoices in an effort to make the purchases appear legitimate, according to the affidavit. (link)

Oct. 12, 2011: Four more people have been charged in connection to a federal visa fraud investigation of the now-closed Tri-Valley University. On Tuesday, Vishal Dasa, Anji Reddy Dirisinala, Ramakrishna Reddy Karra and Tushar Tambe pleaded not guilty in federal court on charges of conspiracy to commit visa fraud. (link)

Oct. 11, 2011: A former University of Montana employee who embezzled more than $300,000 from the school's Residence Life office was ordered Tuesday to pay it back - with 10 percent interest. (link)

Oct. 11, 2011: A woman from Republic pleaded guilty in federal court on Tuesday for embezzling more than $717,000 from St. John’s Mercy Health Care Systems and the College of Nursing. (link)

Oct. 11, 2011: Fraud rings that use “straw students” to pilfer federal financial aid are a growing problem, particularly in online programs at largely open-access community colleges and for-profit institutions. But proposed regulatory fixes, even if well-meaning, could create layers of red tape for colleges and make it harder for some students to receive financial aid. (link)

Oct. 10, 2011: A Cuyahoga Falls woman pleaded guilty to stealing nearly $100,000 from a University of Akron sorority.(link)

Oct. 9, 2011: An assistant professor at the University of Pittsburgh's School of Nursing has lost his job due to research misconduct that includes plagiarizing text and falsifying data in two unpublished manuscripts and two applications for federal grants, according to investigators for the school and a federal agency. (link)

Oct. 9, 2011: Throughout his career with Alabama’s two-year college system, James Lowe has been a fix-it man, sent to turn around troubled institutions, including Bishop State in Mobile. Lowe, who became Bishop State president in 2008, is now dealing with questions about his own academic credentials. His résumé lists a doctorate from San Francisco Technical University, a non-accredited school with a website that no longer is active. (link)

Oct. 6, 2011: A former West Liberty University admissions counselor pleads guilty to embezzlement. Latisha Turner is accused of charging more than $20,000 to one of the university’s purchasing cards last year. She pleaded guilty to that charge Thursday before Judge James Mazzione in Ohio County. (link)

Oct. 6, 2011: Columbia University will pay nearly $1 million in civil damages to the federal government after settling a lawsuit filed against the university, New York Presbyterian Hospital and Dr. Erik Goluboff by the U.S. Attorney's Office for the Southern District of New York.(link)

Oct. 4, 2011: A Solon woman is accused of using a University of Iowa Hospitals and Clinics credit card to make personal purchases totaling more than $12,000. According to a UI Department of Public Safety criminal complaint, 37-year-old Debra Ann Suchomel used a UIHC procurement card for her personal use without permission during a three-month period ending in March. (link)

Compliance/Regulatory & Legal Events

Oct. 30, 2011: Two students at Mississippi Valley State University are free on bond after being charged with growing marijuana in a dormitory room. (link)

Oct. 29, 2011: A jury Friday returned a $4.1 million judgment in favor of a University of Memphis graphics-art student who suffered a severe brain injury in a fall down an elevator shaft at a school-sponsored event in 2005. (link)

Oct. 27, 2011: University of Idaho President Duane Nellis said the psychology professor who gunned down Katy Benoit of Boise and then took his own life two months ago had disclosed his disorder shortly after he was hired in 2007. Nellis announced Wednesday that the university would take action to bolster its consensual relationship policy and expand sexual harassment training. (link)

Oct. 27, 2011: Colleges across the country have tightened their use of aerial lifts -- or outright eliminated them -- a year after a University of Notre Dame student was killed when wind gusts toppled the lift where he was filming football practice. (link)

Oct. 19, 2011: Sam Houston State University’s recent attempt to corral school-affiliated social media pages was met with concern over students’ free speech rights, spawning controversial protests on campus and a Wednesday “Liberty in Peril” event. (link)

Oct. 16, 2011: An Eastern Kentucky University student was arrested Friday night and charged with setting two fires at the university on Thursday. Samuel Stephen McFarland, 19, is charged with first-degree arson, a Class A felony, and first-degree wanton endangerment and first-degree criminal mischief, both Class D felonies.(link)

Oct. 13, 2011: A fraternity hazing incident has landed 20 Texas State University students in jail.
Hazing is illegal at Texas State University, but students will tell you it's still a common recruiting practice in the Greek system. (link)

Oct. 12, 2011: A Purdue University official typically tasked with handing out suspensions to misbehaving student organizations has been placed on paid leave following his arrest over the weekend. (link)

Oct. 10, 2011: Philip, a precocious and confident 16-year-old who is taking two college classes this semester, has a lot to say but also a profound stutter that makes talking difficult, and talking quickly impossible. After the first couple of class sessions, in which he participated actively, the professor, an adjunct named Elizabeth Snyder, sent him an e-mail asking that he pose questions before or after class, “so we do not infringe on other students’ time.” (link)

Oct. 6, 2011: Shuichi Komiyama, the Montana State University Orchestra conductor accused of having an affair with a student that amounted to sexual harassment, has resigned, the university’s top attorney said Wednesday. (link)

Oct. 3, 2011: Universities and anti-gun lobbyists have had many reasons to celebrate this year, with the death or delay of bills in more than a dozen states that would have allowed the concealed carry of weapons on campuses. But it seems the momentum may be shifting.(link)

Campus Life & Safety Events

Other News & Events

Oct 31, 2011: Feathers have been ruffled at Lynn University over the removal of some fowl residents from the Boca Raton, Fla. campus. After a gaggle of nonnative Muscovy ducks set up shop at the college -- allegedly sullying local health conditions (think duck excrement!) -- the school called in a private contractor to remove the ducks and relocate them to their natural homes -- or so they thought. (link)

Oct. 26, 2011: Jurors on Tuesday evening convicted Southern Illinois University Edwardsville student Olutosin Oduwole of trying to threaten what a prosecutor characterized as a "murderous rampage." (link)

Oct. 20, 2011: The University of Southern California places a premium on synchronous online education. Students fire up their Webcams and participate in live virtual classes. But those live video feeds are opening a debate about classroom decorum, pushing the university to create new guidelines for “Netiquette.” (link)

Oct. 7, 2011: West Virginia University on Friday asked the news media not to use the phrase "WVU study" to refer to research by university faculty members, saying the findings of academic papers don't reflect the position of the school. (link)

Oct. 7, 2011: Three Tulane students were robbed at 12:39 a.m. Oct. 3 at the intersection of Oak and Adams streets. An armed man approached them and demanded money. The students had just left one of their off-campus homes and had been waiting for Safe Ride to pick them up for approximately 20 minutes when the incident occurred. (link)

Oct. 3, 2011: Out-of-state students at the University of Colorado are increasingly petitioning the school to gain in-state status, which, if approved, gives them an annual tuition break of about $20,000. A new company called "Tuition Angels" is trying to capitalize on the interest in gaining in-state tuition. The company, started by a CU graduate, has been posting fliers on campus, promising students that they'll do all of the "heavy lifting" to help non-residents switch to in-state status. But the company charges a hefty fee and CU officials say that employees in the registrar's office can do the same work, but for free. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.