Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

September 2013
Vol. 5 No. 9
''He is most free from danger, who, even when safe, is on his guard.''

-- Publilius Syrus

Most everyone is familiar with the term ''con game,'' and last month we talked about a modern con game called phishing and the dangers associated with this scheme. Con games derive their name from the fact that the schemer can earn your confidence and in turn get you to part with some asset. In the phishing scheme the asset is your private information. Phishing has been prevalent within higher education the past couple of months, and the reason is simple: it works. Those using phishing schemes are very good and have conned a lot of smart people, so always be on guard against those who want to compromise you in this manner.

Phishing provides an easy segue into October's National Cyber Security Awareness Month. Unfortunately, phishing is just one of many ways we can run into trouble with technologies we use daily. This month is a good time to provide some simple reminders in the technology realm that we suggest you incorporate into your routine. Certainly, there are many things that could be listed, but here are three basic things we suggest you practice:

  1. Use strong passwords (and phrases are even better). Remember, don't write your passwords down or share them with other people.
  2. Select a unique password for your campus account -- not the one you are using or have used outside the campus for other websites (e.g. shopping, banking accounts.)
  3. Keep your computer up-to-date with the latest patches. There is a constant battle between those wishing to harm/compromise our systems and those who try to protect us. This protection often comes in the form of patches. Be sure your computer has automatic updates on.
  4. Use virus protection software, and keep this up-to-date.

This is also a good time to put in a plug for our Office of Information Technology's (OIT) efforts to keep our campus community safe in the technology realm. Their National Cyber Security Awareness Month web site is here: http://keepitsafe.auburn.edu/ . At this site you will find some practical information on mobile data security, copyright infringement, social media safety, and last but not least, phishing. Thanks to OIT for this great resource and we encourage you to take advantage of it.

We again encourage you to review the events happening in higher education and consider how you could proactively help manage risk better within your sphere of influence. We welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing

Information Security & Technology Events

Sept. 27, 2013: It is a bizarre story that raises concerns about the security of personal information held on home computers. A London film maker has found that a faulty Acer laptop he returned to Sainsbury's was sold via eBay to an American buyer -- who contacted him to let him know he had access to his personal profile on the machine. (link)

Sept. 27, 2013: A Bridgeport woman charged with stealing personal information of students at a medical imaging school where she worked in Stamford, was extradited from North Carolina on Thursday and is facing multiple identity theft and larceny charges. Torres, who worked as a receptionist at the Institute of Allied Medical Professionals for six weeks and had access to a databank of student personal information, moved to Jacksonville, N.C., over the summer after she was terminated by the school.(link)

Sept. 25, 2013: Syracuse University's official Twitter account (@SyracuseU), which is partially run by students, likely blundered for the third time in less than two years on Tuesday, re-Tweeting a Daily Orange story about recruits K.J. Williams and A.J. Long and committing a potential NCAA violation in the process. (link)

Sept. 24, 2013: Virginia Tech has learned that a computer server in the Department of Human Resources was illegally accessed on August 28, 2013. A VT spokesperson informs DataBreaches.net that the illegal access was from an IP address in Italy. The server contained information about 144,963 individuals who used the institution's online employment application process to apply for jobs at Virginia Tech between 2003 and 2013. (link)

Sept. 10, 2013: In its 2013 Data Breach Investigations Report, Verizon said that it had analysed more than 47,000 reported security incidents last year and found 621 ''confirmed data disclosures'' where at least 44 million records had been ''compromised''. More than half of the 621 data disclosures involved hacking, it said. (link)

Sept. 9, 2013: As a steady flow of headlines reinforces with troubling regularity, the importance of cyber security for the world's large businesses cannot be overstated. It was therefore no surprise that at a recent event for Chief Financial Officers hosted by Consero Group, the topic of cyber security captured quite a bit of attention. During one session in particular, Gary Loveland of PricewaterhouseCoopers and Alan Stewart of Epsilon Systems provided a useful cyber security framework for today's Fortune 1000 CFOs. (link)

Sept. 6, 2013: The Medical University of South Carolina (MUSC) sustained its largest breach ever between June 30 and Aug. 21 when a third-party credit card processing company compromised 7,000 patients' data.(link)

Sept 5, 2013: The prospect of handling the combined traffic of tens, perhaps hundreds of thousands of devices is enough to make any wireless network buckle -- and some already are. At colleges and universities across the country, chief information officers are exhausting their budgets just to maintain their existing networks while congestion threatens to choke their online traffic. (link)

Fraud & Ethics Related Events

Sept. 25, 2013: A University of Pittsburgh professor has been charged with using university and federal grant money to obtain narcotics, which police said he then injected. (link)

Sept. 21, 2013: The phone line at Elizabeth City State University has been lit up between the university and the West African nation of Senegal, with billings totaling about $105,000 in a recent 27-month span, state records show. Thousands of calls to Senegal from the campus 170 miles northeast of Raleigh are listed in records as originating from the university's main phone line. State officials have not provided further details about precisely which campus phone or phones the calls were made from. (link)

Sept. 21, 2013: Washington and Lee University declared in its official reports last year that 5,972 students applied for admission and 19 percent were accepted. Those numbers helped define the public profile of one of the nation's most-selective liberal arts schools. They also were the result of a counting method that worked to benefit the university's image. (link)

Sept. 18, 2013: A former Loyola University Medical Center nurse, Katrina R. Spears, was charged with felony identity theft on Sept. 8 after stealing a Loyola patient's identity and heavily affecting her credit. Riverside, Illinois police, according to chicago.cbslocal.com, revealed that Spears had opened several credit accounts in a Riverside patient's name and purchased thousands of dollars' worth of clothing. (link)

Sept. 17, 2013: Tufts University announced Tuesday that one of its researchers broke ethical rules while carrying out a study of genetically modified ''golden rice'' in China. According to the Tufts report, the scientific conclusions of the study remain valid. The researchers had found that a single bowl of this rice can supply more than half of a child's daily vitamin A requirement -- the most convincing evidence so far that golden rice can, in fact, be a useful tool in fighting malnutrition. But when the study was published last year, anti-biotech campaigners at Greenpeace China immediately called it a scandal, accusing the research team, led by Tufts' Guangwen Tang, of feeding children a ''potentially dangerous product'' without informing their parents of exactly what the children were eating. (link)

Sept. 14, 2013: One college football tradition in Georgia will soon disappear: Letting politicians into the stadium for free. (link)

Sept. 12, 2013: Northern Kentucky University officials and the former athletic director they say stole $311,000 wait to see whether criminal charges are filed now that school's internal investigation has concluded.Former Northern Kentucky University Athletic Director Scott Eaton stole $311,215 in university funds, mostly using a scheme with Kroger gift cards, according to an internal investigation whose findings were released Thursday. (link)

Aug. 29, 2013: A Central Michigan University psychology professor is accused of embezzling money by creating fake participants in research and pocketing the money. In addition to embezzlement by an agent or trustee between $20,000 and $50,000, Justin Dohoon Oh-Lee is charged in Isabella County with false pretenses between $20,000 and $50,000. (link)

Compliance/Regulatory & Legal Events

Sept. 29, 2013: State auditors urged Westfield State University to adopt stronger spending policies three times since 2006, but school officials were slow to carry out the recommendations, state records show. In a review completed in March but released Aug. 28, the auditors found that Dobelle and other top university officials violated travel and credit-card policies on trips to London, Vienna, San Francisco, Salt Lake City, Miami Beach and other national and international destinations. (link) (link)

Sept. 25, 2013: The student newspapers at two of Virginia's biggest universities can run advertisements for alcohol despite a ban the state says is intended to curb illegal underage drinking, a federal appeals court ruled Wednesday. (link)

Sept. 23, 2013: The National Association of the Deaf (NAD) and Joseph B. Espo, an attorney with Brown, Goldstein & Levy, LLP in Baltimore, Maryland, today filed a lawsuit against the University of Maryland College Park and several of its officials over the university's long-standing and continuing failure to provide captioning of announcements and commentary made over the public address systems during athletic events at Byrd Stadium and the Comcast Center. (link)

Sept. 23, 2013: Marvell Technology Group Ltd failed to overturn a $1.17 billion jury verdict for infringing two hard disk drive patents held by Carnegie Mellon University, and a federal judge said the amount may grow because the infringement was willful. (link)

Sept. 21, 2013: A University of Florida veterinary professor was arrested Friday afternoon on charges of video voyeurism for allegedly using a camera pen to secretly record images of the bodies of students on campus, according to an arrest report by the University Police Department. (link)

Sept. 20, 2013: Police said a priest was caught in the act of molesting a teenager in Lackawanna County, Pennsylvania. Father Jeffrey Paulish was led off to his arraignment to face various charges, including for having sexual intercourse with a 15-year-old boy. Investigators said Thursday night, they found the priest in a car with the 15-year-old in a parking lot near the tennis courts at Penn State Worthington Scranton campus. (link)

Sept. 18, 2013: A King County judge has fined the University of Washington more than $720,000 for withholding 12,000 pages of public records from a professor who believed she was wrongfully denied tenure at the Tacoma branch campus. After the professor lost a discrimination case in federal court, records turned up that might have helped her press a case that she was discriminated against because she is French, according to the Sept. 11 ruling by King County Superior Court Judge Monica Benton. (link)

Sept. 18, 2013: Occidental College has reached a monetary settlement with at least 10 current and former students who were part of a federal complaint that accused officials at the Eagle Rock campus of repeatedly mishandling  allegations of sexual assault, according to three sources familiar with the agreement. (link)

Sept. 15, 2013: When news broke in July that the University of Southern California was under federal investigation for allegations it failed to adequately handle reports of on-campus sexual assault, one woman saw remarkable similarities between the latest accusations and how the school handled her own case two decades ago. (link)

Sept. 12, 2013: A North Augusta woman has been charged with reckless conduct after allegedly giving her professor a snack cake injected with a foreign substance. Richmond County Sheriff's Office arrested Diane Ambrose for allegedly giving her professor at Virginia College a snack with a substance in it that puts her at high risk of miscarriage. (link)

Sept. 9, 2013: The Office of the Attorney General said Monday it has selected a Philadelphia law firm to investigate the University of Connecticut's handling of allegations that a music professor engaged in sexual misconduct. Drinker Biddle & Reath LLP of Philadelphia was hired from among a field of 28 law firms, at a fee not to exceed $250,000. The contract says the investigation, which will be paid for by UConn, will not go longer than two years -- Sept. 1, 2015 -- unless the contract is amended. (link)

Sept. 6, 2013: Nodaway County officials Friday said the Northwest Missouri State University faculty member who posted a Facebook message about possibly climbing the campus bell tower with a rifle would not be charged with making a terrorist threat. But all that marijuana they allegedly found during a search of Matthew Rouch's house, that's another thing. (link)

Sept. 5, 2013: Pasadena City College's porn professor Hugo Schwyzer admitted Thursday he had sex with students as recently as 2011 and said he has admitted himself to a psych ward for the fifth time this summer. (link)

Sept. 4, 2013: A federal jury on Wednesday found that Creighton University discriminated against a deaf medical student and violated federal law by not providing him with special equipment and interpreters. Jurors did not, however, award any damages to Michael Argenyi because they determined the discrimination wasn't intentional. (link)

Sept 4, 2013: In a sharply worded ruling handed down on Tuesday, a unanimous three-judge panel of the U.S. Court of Appeals for the 11th Circuit rejected arguments raised by Alabama State University in its appeal of a jury verdict in favor of three women who contended that they had been subjected to a hostile work environment and retaliation at the hands of their superiors. (link)

Campus Life & Safety Events

Sept. 25, 2013: A student on leave from Salem State University was arrested in upstate New York Wednesday night after he allegedly stabbed a female student on a university shuttle bus earlier in the day and then wounded the driver who tried to help. (link)

Sept. 23, 2013: Cornell University has suspended its entire men's lacrosse program for the fall after an alcohol-related hazing of freshmen recruits, which involved a beer-drinking competition, the school says. (link)

Sept. 23, 2013: More than a dozen Texas State University students have been charged in connection with a hazing incident involving several members of the marching band drumline, an official said Monday. In all, 13 students are facing hazing and other misdemeanor charges following a nearly three-week investigation by the school and its police department, said Joanne Smith, vice president for student affairs at the university. (link)

Sept. 20, 2013: At the University of Colorado--Boulder, 80 of the campus' 300 structures sustained some kind of water damage, making it the hardest-hit school in the state. University spokesperson Bronson Hilliard said that 21 students were evacuated from three dorms on campus due to flooding, 11 or 12 of which will require new housing for the remainder of the year. The school has also had to provide hotel rooms to 45 of its off-campus students, he says. (link)

Sept. 17, 2013: To many students, it was simply a prank, a way of poking fun at a popular music video.And on Tuesday night, they decided to let Grand Valley State University know it, protesting a decision to earlier that day remove a campus sculpture that students had begun riding -- at least one person did so nude -- to parody the music video of Miley Cyrus' hit song ''Wrecking Ball.'' (link)

Sept. 16, 2013: A fraternity at LSU that displayed a banner mocking the 1970 fatal shootings of Kent State college students may face disciplinary actions from the university. LSU's football team went up against Kent State Saturday night but before the game, students in the Zeta Zeta chapter of the Delta Kappa Epsilon fraternity, hung a sign from their fraternity house that read: ''Getting Massacred Is Nothing New to Kent St.,'' referring to the Kent State Massacre that left four people dead and nine injured. (link)

Sept. 13, 2013: Many colleges are reaching out to students about the dangers of the illicit club drug ''Molly'' following a series of fatal overdoses, some involving students. While use of Molly, a more pure form of ecstasy, among college students isn't as common as use of alcohol or marijuana, the deaths have given the issue new urgency. (link)

Sept. 12, 2013: A sorority at the University of Alabama says it is investigating allegations in a student publication that it was among Panhellenic organizations on the campus that allegedly blocked two black women from pledging, and a judge who serves on the university's board says the number of those rejected is higher and is asking school leadership to investigate. (link) (Sept 19: link) (Sept. 20: link)

Sept. 12, 2013: The parents of a University of Connecticut student who was killed when he was run over by a university shuttle bus in 2011 have received $5.5 million under the terms of a settlement with the state and university. (link)

Sept. 11, 2013: A Maryland university has lessened the punishment for a cheerleading team it had initially suspended for the entire academic year because of hazing allegations. The decision to modify the yearlong suspension came after the cheerleaders appealed to a committee representing students, faculty and staff. The committee made the change because it believed the cheerleading team hadn't received the same level of anti-hazing education and training as other athletic programs on campus, said Deb Moriarty, Towson's vice president for student affairs.(link)

Sept. 7, 2013: The University of British Columbia is facing backlash after frosh leaders for the Sauder School of Business led first-years in a chant glorifying sexual assault against underage girls. The incident reportedly took place on a bus during a three-day orientation for the business school. (link)

Sept. 4, 2013: A police task force focused on alcohol-related crimes has arrested a staggering 857 people around the Arizona State Campus over the course of two weekends, the Phoenix New Times reports. (link)

Sept. 4, 2013: A noted writing professor at Michigan State University is under fire from conservatives after he was recorded by a student railing against Republicans and ''closet racists'' in class last week. (link)

Sept 3, 2013: College enrollment in 2012 declined by nearly a half million students compared to a year earlier, according to new figures released by the U.S. Census Bureau, with students over the age of 25 leading the miniature exodus from higher learning. (link)

Sept. 2, 2013: As they watched Penn State struggle to contain a child sex-abuse scandal that ruined its once-pristine name and took down the mightiest of college coaches, schools around the country realized they needed to examine what they were doing so they wouldn't see their reputations destroyed as well. (link)

Aug. 31, 2013: A University of Wisconsin-Superior professor has been put on paid leave while the university investigates a report it received last week about a decades-old conviction in Utah of attempted child sexual abuse, according to a UWS official. (link)

Other News & Events

Sept. 30, 2013: If Congress fails to reach agreement on a stopgap spending bill and the government shuts down on Tuesday, the impact on colleges, students, and university scientists would be minimal, at least at first. But researchers who depend on government-run archives, libraries, and museums could see their work interrupted, and some university employees whose salaries are paid by the federal government may have to wait for their paychecks. (link)

Sept. 28, 2013: Richard Suk didn't think this song, this Blurred Lines, was particularly good -- but it was catchy, arguably the biggest hit of the summer. And so Suk, the Ohio University marching band director, added it to this season's performance list, planning to unveil it during the Sept. 21 game against Austin Peay.
He had no idea what he'd stepped into. As the band rehearsed, complaints popped up about the planned performance of the Robin Thicke song, which critics say glorifies rape culture. (Sample lyrics: I know you want it/I know you want it/I know you want it.) (link)

Sept. 26, 2013: Less than half of the students who took the SAT in 2013 are ready to succeed in postsecondary education, according to a report released on Thursday by the College Board, which owns the SAT. (link)

Sept. 25, 2013: Two top administrators at Pima Community College's downtown campus have been let go amid claims that student veterans were harassed and that PCC's veterans center is alienating those it's supposed to help. (link)

Sept. 24, 2013: Moody's Investors Service downgraded Howard University's credit rating Tuesday, citing a loss of patient revenue and volume at its hospital, cuts in federal funding and other challenges facing the historically black university.(link)

Sept. 19, 2013: Pennsylvania State University announced Wednesday that it is abandoning a plan to charge employees $100 a month if they do not participate in various health screening activities and fill out a detailed health questionnaire. (link)

Sept. 13, 2013: The administration of Metropolitan State University said Thursday that summer instructors have been paid the past two days, nearly a week after the lump-sum payments were due. Those paychecks, some of which amounted to thousands of dollars, were issued to ''a couple dozen individuals,'' stated a memo to faculty from President Sue Hammersmith. They're one of several steps the university is taking to deal with a payroll crisis that erupted this month. Nevertheless, another crisis appears to be on the horizon: morale. (link)

Sept. 11, 2013: An audit report released Tuesday by the Division of Legislative Audit confirms an earlier review by the University of Arkansas, finding that the deficit in the university's Division of Advancement's budget was the result of mismanagement that led to overspending. The two-part audit report includes sections by the Division of Legislative Audit and the University of Arkansas System Internal Audit Department, both of which looked into causes of the deficit. (link)

Sept. 9, 2013: Kevin Funk, a doctoral candidate in the department of political science and Center for Latin American Studies at the University of Florida, says he has held 20 jobs since starting to work at age 15, but this is the first time he hasn't received his paycheck on time. Funk and 18 other graduate assistants in the political science department -- half of the grad assistants in the department -- had not received their first paychecks of the semester. Funk said he was told it was caused by a backlog in paperwork and that he might not get paid until October. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.