Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

May 2012
Vol. 4 No. 5
''All men profess honesty as long as they can. To believe all men honest would be folly. To believe none so is something worse.''

-- John Quincy Adams

In 1996, the Association of Certified Fraud Examiners (ACFE) began issuing a biennial report on occupational fraud and abuse. Occupational fraud is simply a fraud committed by an employee against their employer by virtue of their position in the organization. These reports have become some of the most authoritative and widely quoted studies dealing with occupational fraud issues available today. In May, the ACFE issued the 2012 ACFE Report to the Nations on Occupational Fraud and Abuse. As we do every two years, we will take a look at a few of the findings from this new report on occupational fraud.

  • The report estimates that the typical organization loses 5% of its annual revenue to fraud.
  • The median loss caused by an occupational fraud case in the study was $140,000.
  • The fraud lasted a median of 18 months before detection.
  • Occupational frauds are more likely to be detected by tip than any other method.
  • Small organizations are disproportionally victimized by occupational fraud.
  • Approximately 87% of fraud perpetrators had never previously been charged or convicted for fraud related offenses.

As was true two years ago, two of the findings are especially important for us to consider:

First, tips are the most likely source of detecting fraud and the greatest source of tips are employees. This has always been true since the report started monitoring this factor several years ago. I believe this will always be true because fraud is by nature hidden, so other employees are in the best position to see those moments where things may be somewhat exposed. This makes it important for us to ensure our employees realize they have a role in protecting our institution from fraud and also that they are aware of where they can report suspected fraud. Our anonymous reporting system can be found at our website: http://www.auburn.edu/audit.

Second, due to the decentralized nature of institutions with colleges, schools, and departments, in many ways we have some similar characteristics to those ''small organizations'' that are disproportionately victimized by fraud. Small organizations sometimes fail to implement controls that larger organizations have in their systems such as separation of duties within processes. If one person has complete control of a financial process, you simply do not have internal control. In this day of downsizing and doing more with less, it is still important to consider the effects of a reduced staff in light of how internal controls are affected.

Next month we will examine some of the recommendations from the ACFE Report to the Nations. As you examine this month's events across higher education you will again see issues of fraud and ethical failure. Ask yourself if your area has any similar risks and think about what you can do to proactively prevent similar events from occurring here at our institution.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing

Information Security & Technology Events

May 29, 2012: An Oracle PeopleSoft-based student information system in place since 2010 has been breached at the University of Nebraska Lincoln. The hacked database contains personal records for students, alumni and applicants of the university's four campuses. According to some media reports, the database contains 654,000 records going back to 1985. However, currently, the university is especially concerned about the data for 30,000 people who specifically had banking information stored in the system. (link) May 31, 2012: University of Nebraska-Lincoln police needed to look no further than their own campus to identify a suspect in a hacking incident last week. (link)

May 20, 2012: A ''tragedy of errors'' led to the compromise of Social Security and credit card information stored on a University of Maine server last month, according to the University of Maine System's information technology chief. (link)

May 8, 2012: The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor's Web site if updates are necessary while abroad. (link)

May 9, 2012: University officials at UNC Charlotte say they now know exactly what was exposed during an Internet breach earlier this year. An investigation into the incident shows that financial account numbers and approximately 350,000 social security numbers were included among the exposed data. (link)

May 8, 2012: Eastern Michigan University is "assessing and evaluating" its student notifications after GradesFirst, a third-party communications provider, mistakenly sending roughly 7,700 students dismissal notices Friday. (link)

May 3, 2012: Members of the hacktivist collective calling itself "Anonymous" are targeting the University of Pittsburgh, and threatening to release a wealth of private information regarding the school and its students, if the University does not "apologize to your students, law enforcement, and professors on your home page of your domain for a duration of no less then fifteen days!" (link)

Fraud & Ethics Related Events

May 28, 2012: New Hampshire's attorney general is looking into claims of conflicts of interest against members of the board of trustees and the investment committee of Dartmouth College in regard to their management of the college's $3.4 billion endowment. (link)

May 23, 2012: Dartmouth College has severed ties with a campus pharmacist accused of improperly diverting painkillers while at the same time college officials said they are reviewing hiring practices. (link)

May 22, 2012: Nearly $100,000 in checks made out to the head of a Los Angeles Trade Tech college foundation may have been forged, according to an audit released Monday. The Los Angeles Community College District launched the audit as part of a probe into the foundation's finances and, in particular, payments to the executive director. (link)

May 17, 2012: Former University of Georgia employee Rebecca Hill pled guilty today in Clarke County Superior Court to one count of Racketeering and one count of Theft by Taking for embezzling over $200,000.00 from UGA's Carl Vinson Institute of Government. She was sentenced under the First Offender Act to 20 years to serve 1 on house arrest. She was also ordered to pay restitution in the amount of $219,795.69. Hill was sentenced to house arrest in lieu of prison due to her physical condition. (link)

May 15, 2012: Central Connecticut State University sanctioned its athletic department and head men's soccer coach Tuesday, after the coach dumped copies of the school's student newspaper. CCSU President Jack Miller announced that head coach Shaun Green will be suspended for 60 days without pay, suspended from coaching four games next season, is required to issue a written apology to the Recorder and financially compensate the paper for destroying the copies. (link)

May 15, 2012: The NCAA has cleared UMKC of wrongdoing in the wake of a part-time professor's claim that a failing grade was changed to a passing grade by the university to benefit a student-athlete. (link)

May 10, 2012: The longtime, outspoken president of the faculty union at Bergen Community College was suspended without pay Thursday over allegations that he enlisted others to tamper with his granddaughter's grades. Trustees at the school also voted unanimously to bring tenure charges against the instructor, Peter Helff, that could lead to his dismissal after 42 years at the school. (link)

May 9, 2012: UT Southwestern Medical Center has decided to cut Dr. Kern Wildenthal's salary by half starting in June, the latest fallout over his use of school dollars on personal travel and entertainment expenses. (link)

May 7, 2012: The president of the Iowa state Board of Regents on Monday defended the University of Iowa's decision to pay Ken Mason for his work as a ''presidential fundraiser.'' The statement comes one day after The Des Moines Register reported that Mason, husband of U of I President Sally Mason, receives about $54,000 in compensation annually via the University of Iowa Foundation to attend fund-raising events on behalf of the school. (link)

May 4, 2012: An internal investigation into UNC-Chapel Hill's Department of African and Afro-American Studies has found evidence of academic fraud involving more than 50 classes that range from no-show professors to unauthorized grade changes for students. One of the no-show classes is the Swahili course taken by former football player Michael McAdoo that prompted NCAA findings of impermissible tutoring, and drew more controversy when the final paper he submitted was found to have been heavily plagiarized. (link) May, 25, 2012: NC-Chapel Hill trustees, briefed Thursday on academic fraud uncovered in the African and Afro-American Studies department, asked pointed questions about accountability in the university's academic operations. And they heard about new procedures and steps aimed at preventing future irregularities. (link)

May 1, 2012: Whereas 25 percent of private colleges were recently found to have business ties with trustees in a nationwide investigation of more than 600 schools by The Chronicle of Higher Education, we identified at least 70 percent of the 20 wealthiest Massachusetts private colleges as engaging in business transactions with
trustees (link)

May 1, 2012: A University of Minnesota professor pleaded guilty Monday to lying about his employment in an email. Francois Sainfort pleaded guilty to a felony charge of false statement and writing for a February 2008 email to a Georgia Institute of Technology administrator, in which he falsely stated neither he nor his wife had signed employment agreements at the University. (link)

Compliance/Regulatory & Legal Events

May 30, 2012: That's a message coming out of the annual meeting of Nafsa: Association of International Educators, held here this week. This year's meeting comes on the heels of twin policy announcements, from the Departments of State and Homeland Security, dealing with increased oversight of foreign students, scholars, and teachers. (link)

May 21, 2012: Illinois Gov. Pat Quinn said Monday that he will sign a bill abolishing legislators' century-old authority to give tuition waivers to students to attend public colleges and universities in Illinois. (link)

May 20, 2012: University of Montana Vice President Jim Foley was so upset that an alleged rape victim spoke publicly about UM's handling of her case that he asked whether action could be taken against her under the Student Code of Conduct. ''Is it not a violation of the student code of conduct for the woman to be publicly talking about the process and providing details about the conclusion?'' Foley emailed then-Dean of Students Charles Couture in March. ''Help me understand please.'' (link)

May 17, 2012: The parents of two University of Southern California Chinese graduate students slain near the campus last month have filed a wrongful death lawsuit against the university, saying the school misled them when it claimed that it ranks among the safest universities. (link)

May 17, 2012: The NCAA overhaul of its body of rules may call for the suspension of a head coach whose assistants commit violations, as well as a fine for a university up to five percent of its annual athletic budget, according to proposals discussed Monday at the Atlantic Coast Conference spring meetings. (link)

May 16, 2012: The Federal Emergency Management Agency should reduce its rebuilding grants to Tulane University by $24.5 million to reflect private insurance payments made to the college after Hurricane Katrina, according to a federal inspector general's report. The inspector general for FEMA's parent agency, the Department of Homeland Security, said the federal government has already reduced Tulane's disaster allocation from $291.9 million to $166 million to reflect previous insurance payments. (link)

May 15, 2012: Two University of Maryland, Baltimore County employees resigned or were fired after a state audit and an internal investigation uncovered about $9,000 in questionable expenditures on their corporate credit cards. Their activities have been referred to the criminal division of the attorney general's office for further review, though no charges have been filed. One of the employees purchased $4,400 in gift cards. (link)

May 15, 2012: Federal officials are auditing Roxbury Community College for suspected lapses in its reporting of crimes committed on campus - the latest in a series of controversies for college president Terrence Gomes. (link)

May 13, 2012: When the law and business colleges needed new deans in 2008, the University of Illinois didn't just rely on faculty search committees to find candidates. The UI paid search firm Baker & Associates $190,000 to help fill both positions. Then, when the searches failed to turn up suitable candidates, officials brought in another search firm, Greenwood/Asher & Associates, at a cost of $200,000. In the end, the university wound up choosing internal employees for both jobs: Larry DeBrock, the interim business dean, and Bruce Smith, associate dean at the College of Law. (link)

May 9, 2012: The cost of doing biological research is increasing for universities as they attempt to comply with a proliferation of security requirements and recommendations from government agencies, according to a new report prepared by the Association of American Universities, the Association of Public and Land-grant Universities, the FBI, and AAAS. (link)

May 8, 2012: In continuing fallout from the Occupy campus protests at UC Davis, the university has filed a complaint against U.S. Bank, alleging breach of contract. The bank announced March 1 that it was pulling out of its UC Davis campus contract, citing days of disruption during student protests against the bank last January and February. During that period, the bank either did not open or closed its doors early. (link)

May 7, 2012: The state has settled with 73 former Virginia Western Community College nursing students who claimed they were misled after the college lost its national nursing accreditation and didn't tell them about it. (link)

May 7, 2012: The parents of a College of New Jersey freshman whose body was found in a landfill in 2006 have reached a $425,000 settlement in a wrongful death lawsuit filed against the college and state. (link)

May 6, 2012: Ohio State University has spent at least $844,000 on President E. Gordon Gee's travel since 2007, including more than $550,000 in the last two years that included two treks to China and two other international trips to Iceland, Turkey, France and the United Kingdom. (link)

May 3, 2012: The Alliance Defense Fund has launched a new legal effort to change unconstitutional policies at more than 160 public universities and colleges by sending a first round of 40 letters to schools (including AUM) in 23 states. The schools all have policies that violate the rights of students protected by the First Amendment. (link)

May 3, 2012: The U.S. Department of Education announced today that its Office for Civil Rights has entered into a resolution agreement with Butler University in Indianapolis to resolve a compliance review that was initiated at the university. The review examined whether the institution discriminates against female students by denying them an equal opportunity to participate in intercollegiate athletics and whether the university discriminates in awarding athletic scholarships. (link)

May 2, 2012: Thirteen people were criminally charged on Wednesday with hazing in the death of a Florida A&M University marching band member who was beaten after a football game last fall.Thirteen people were criminally charged on Wednesday with hazing in the death of a Florida A&M University marching band member who was beaten after a football game last fall.(link)

Campus Life & Safety Events

May, 29, 2012: University of Northern Iowa leaders need to overhaul procedures for handling sexual misconduct complaints, a process mired in so much confusion that victims could be discouraged from stepping forward, according to an audit conducted for the school. (link)

May 25, 2012: In the wake of the shocking child molestation scandal at Pennsylvania State University, that institution is leading the way in ensuring policies are in place to protect children on campus and prevent similar incidents in the future. And it's not the only one. (link)

May 10, 2012: An Indian-born former Rutgers University student did not show remorse for using a webcam to spy on his roommate kissing another man and should be sent to prison, prosecutors said in court filings today. (link)

May 8, 2012: Faculty leaders at the University of Utah say canceling classes for weekday football games undermines the academic mission of the state's premier research institution. On Monday, they unveiled recommendations to top U. bosses for how to keep the campus open during athletic and other big extracurricular events. (link)

May 4, 2012: The objective of the draft report "Response to Protests on UC Campuses" is to provide clear direction and guidance to campuses on how to facilitate robust discourse on our campuses while also protecting the health and safety of our students, faculty, staff, police and the general public, de-escalate conflicts between students and police, and to build understanding, communication and interaction among all campus sectors. (link)

Apr. 29, 2012: The clock hands on the front face of Georgetown's famous Healy Tower went missing early Monday morning. The hands were not removed by the university, according to spokesperson Stacy Kerr. "[The Department of Public Safety] is currently investigating this. Breaking into this area and removing the clock hands involves serious violations and safety concerns," she wrote in an email. (link)

Other News & Events

May 11, 2012: UMass Lowell administrators are expressing anger and disappointment over the offensive nature of the spoof edition of its student newspaper, dubbed the "UMAss" Lowell Disconnector, in which the "M" has a red "X" through it. The eight-page issue is packed with raunchy, lewd and crude attempts at humor that some might say is more befitting of a movie rated NC-17 rather than a college publication. (link)

May 8, 2012: Major League Baseball would fund scholarships and exert greater influence over Division I college baseball under what would be an unprecedented partnership with the NCAA. If an agreement is reached, it could lead other professional organizations to enter partnerships with the NCAA. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.