Having trouble viewing this email? View it in your browser.

Internal Auditing

Case in Point:
Lessons for the pro-active manager

January 2014
Vol. 6 No. 1
''A computer lets you make more mistakes faster than any invention in human history -- with the possible exceptions of handguns and tequila.''

-- Mitch Ratliff

As we noted in last month's Case-in-Point, we linked 655 stories during 2013 dealing with diverse issues and sometimes even entertaining events that occurred within higher education. This month we begin analyzing those 655 stories and see what we can learn and hopefully prevent in our area of responsibility. Within the Information Security and Technology category, we had 103 stories linked during 2013. Here is the breakdown within this category:

  • Hack/Data Breach 44%
  • Accidental Data Disclosure 16%
  • Social Media Use 13%
  • IT Resources/Use 10%
  • Theft of Data Device 9%
  • Other 8%

The clear leader over the past year in stories we linked involved ''Hack/Data Breach'' where someone outside of the institution (or without legitimate internal access) attempted to obtain some protected data.

The second most common event we observed in this category involved accidental data disclosure by an employee. Most frequently noted was the situation where an employee thought they were storing electronic files in a secure place, but in reality they were open for anyone to view.

Closely related to accidental disclosure online is the all too often occurrence of losing the actual device where data is stored through either theft or by mistake. The device could be anything from a laptop computer to a thumb drive, but the results of the loss of the device can be costly for the institution.

We also noted several stories in this category dealing with social media. Everything from disclosing data via social media to questions about what was said by an employee and whether the institution has culpability. We even saw one institution's governance body pass a policy in December ''to suspend, dismiss, or terminate from employment any faculty or staff member who makes improper use of social media.'' How this plays out in the coming months and years will be interesting to watch as the definition of ''improper'' is certainly open to much interpretation.

Next month we will look at some best practices in the data security and IT realm to help manage these events. In future months we will delve into the other categories in more depth. As always we invite you to review the events from this month and consider ways you can help proactively manage risks.

M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing

Information Security & Technology Events

Jan 23, 2014: The FBI has warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases in the past year that involved the same kind of malicious software used against Target Corp in the holiday shopping season. (link)

Jan 22, 2014: Based on the 2013 Verizon Data Breach Investigations Report, 76% of network intrusions were due to exploited weak or stolen credentials and 29% used social engineering, increasing 4-fold in one year. Even the most cyber-savvy organizations have found themselves exposed and ill prepared to manage the effects of a data breach. The best defense is implementing a broad set of operational and technical best practices that helps protect your company and your customers' personal data. (link)

Jan 21, 2014: The idea did not seem controversial at first: Peter Xu and Harry Yu, twin brothers who are seniors at Yale University, set out to build a better, more user-friendly version of the university's online course catalog. But as Mark Zuckerberg found when he decided to build a better version of Harvard's undergraduate student directory, these things can take on a life of their own. (link)

Jan 15, 2014: The chairman of the Kansas Board of Regents said Wednesday the board likely won't suspend a controversial social media policy that has upset academics. Presented with a resolution by the faculty senate presidents of Kansas state universities, Fred Logan said the policy would likely stand as it is while the Board of Regents gathers input from stakeholders. (link)

Jan 15, 2014: Academic leaders increasingly think that massive open online courses are not sustainable for the institutions that offer them and will "cause confusion about higher-education degrees," according to the results of an annual survey. (link)

Jan 7, 2014: Apparently using a common internet deception called phishing, scammers obtained log-in information allowing them to change direct deposit routing information for the paychecks of 10 BU employees in December. The employees' monthly paychecks were then routed elsewhere. (link)

Fraud & Ethics Related Events

Jan 23, 2014: Six months into her job as chancellor of UNC-Chapel Hill, Carol Folt took her strongest stance yet on the athletics and academics scandals that have plagued the campus for several years. In public remarks at a Board of Trustees meeting Thursday, Folt said the university accepts responsibility and is ''absolutely'' accountable for years of bogus African studies courses that were significantly populated by athletes. And, Folt said, the university must ''fully acknowledge and accept lessons of our past'' before moving toward meaningful athletic and academic reform. (link)

Jan 20, 2014: Police say a University of Iowa professor falsely reported his laptop stolen because it contained pornography. UI music professor Brent Sandy, 55, reported his laptop stolen on Jan. 13. Sandy told police the laptop had been taken from his office during a three-minute window, according to Iowa City Police complaints. (link)

Jan 19, 2014: An FBI investigation is underway into allegations that a husband and wife team committed a multimillion-dollar fraud against an Oklahoma State University-owned company engaged in sensitive national security research. Attorneys representing OSU and its Ponca City research company allege that some of the diverted funds were used to support an upscale dress shop on Oklahoma City's Classen Curve, while some other funds ended up in Cyprus offshore accounts.(link)

Jan 14, 2014: University of Illinois at Chicago officials are reviewing the dissertation of a high-ranking administrator at Chicago State University amid allegations that parts of it were plagiarized. (link)

Jan 12, 2014: The City University of New York, of which Brooklyn College is part, has accused the longtime director of The Graduate Center for Worker Education of helping himself to at least $200,000 in salary that he was not entitled to, misappropriating grant money and secretly renting out the center during the day, taking at least some of the money for himself and leaving students to wait until evening every day to enter. (link)

Jan 11, 2014: The increasingly active local gun-rights group Florida Carry is suing the University of Florida over its comprehensive ban on guns in campus housing. (link)

Jan 8, 2014: Former Fairmont State University vice president David Tamm has pleaded guilty to embezzlement and filing a false tax return. David Tamm, 45 of Parkersburg, will be sentenced later this year for using a state-issued purchasing card to buy more than 300 computer switches from an electronics company, along with other electronics. He was indicted in Dec. 2013. Investigators estimate that Tamm made $650,000 from the scheme (link)

Jan 8, 2014: The human remains that a former Ohio University lab assistant stole and sold included a fetus, two skulls and two shoulders, according to a search warrant unsealed yesterday. Some of the remains might have been from bodies donated to the school, the document says. Weston Henri Moquin, 28, of Athens, pleaded guilty yesterday in federal court to stealing human bones and selling them to bone dealers between July 2011 and June 2012. (link)

Jan 7, 2014: A Baton Rouge state senator wants to crack down on legislators awarding full, state-funded scholarships for Tulane University to the lawmakers' own family members and other politically connected young adults. (link)

Dec. 23, 2013: An Iowa State University professor has resigned after being accused of spiking rabbit blood to make it appear that an AIDS vaccine was working better in the research animals than it really was. (link)

Compliance/Regulatory & Legal Events

Jan 28, 2014: A Rutgers University football coach did not bully cornerback Jevon Tyree and the university handled the student's allegations of mistreatment appropriately, according to an independent investigator's report released today. The 10-page report -- which largely exonerates Rutgers officials of wrongdoing in the high-profile case -- was prepared by Saiber, a Florham Park-based law firm hired by the university to review the allegations. (link)

Jan 28, 2014: Denison University reached a confidential settlement with a former student to end a lawsuit relating to a sexual assault case from last semester. A female Denison student had alleged that Hunt sexually assaulted her while walking her home from a party where alcohol was served to underage students on Aug. 30, according to the complaint. The sexual assault was reported on Sept. 2. Hunt was expelled in November after a student disciplinary hearing. (link)

Jan 28, 2014: A new labor union is being formed for U.S. college athletes, and football players at Northwestern University in Chicago are looking to get onboard, the College Athletes Players Association (CAPA) announced Tuesday. (link)

Jan 22, 2014: The parents of a slain Auburn University student from Cobb County have filed an official claim against the school stating their belief that their daughter might still be alive if Auburn had a campus police department. Lauren Burk was kidnapped from the Auburn campus and murdered in March 2008. A jury convicted Courtney Lockhart, a dishonorably discharged solider, and a judge sentenced him to death for the crime. (link)

Jan 16, 2014: The University of Wisconsin-Extension, the outreach arm of the state's public university system, has complied with atheists' demands to end the tradition of placing Bibles in guest rooms at a campus conference center. After a guest staying at the Lowell Center reportedly complained about the holy books, The Freedom From Religion Foundation, a secular advocacy group, sent a letter in early November to the University of Wisconsin-Extension, charging that the Bibles constituted an endorsement of Christianity, reported The Wisconsin State Journal. (link)

Jan 15, 2014: Two members of the University of Wisconsin-Milwaukee's now-dissolved student government filed a complaint in Milwaukee County Circuit Court against the university, alleging administrators had no legal right to invalidate the 2013-'14 student elections and replace the UWM Student Association with a board of trustees. (link)

Jan 14, 2014: A pair of new lawsuits have been filed in the 2011 Yale Bowl tailgating accident that killed a Massachusetts woman and injured two others. The new cases name 86 current and former members of Sigma Phi Epsilon, the fraternity involved in the Nov. 19, 2011, incident. The lawsuits were filed last month in state Superior Court on behalf of the estate of Nancy Barry, who was killed, and Sarah Short, a Yale University student who was injured. (link)

Jan 14, 2014: The University of Utah is investigating a complaint that a convicted felon working at a fertility clinic replaced a customer's sperm with his own, fathering a girl 21 years ago. The mother of the girl, Pamela Branum, says she and her husband discovered a genetic mismatch in their daughter, and were able to trace her lineage with help from relatives of the now-deceased fertility clinic worker, Thomas Ray Lippert. (link)

Jan 14, 2014: A Miami University student is suing the school for discriminating against her based on a disability. Aleeha Dudley, who is blind, filed the case in U.S. District Court for the Southern District of Ohio with the assistance of the National Federation of the Blind. (link)

Jan 12, 2014: A state university in Alabama is raising eyebrows with an unusual -- and perhaps even first-of-its-kind -- provision the school's board of trustees included in the new university president's contract. The Birmingham News reports that buried amidst the legalese in Gwendolyn Boyd's contract to run Alabama State University is a caveat she not only must live in the president's on-campus residence for purposes of embodying school spirit -- but refrain from sharing that home with a love-interest so long as she remains a single woman. (link)

Jan 9, 2014: The federal government is launching an investigation into allegations that Lehigh University has failed to properly address incidents of racial harassment on campus and created a racially hostile environment, a spokesman said. (link)

Jan 8, 2014: A former University of Iowa employee, who was fired because she was in the car when her husband ''stole'' parking, now is fighting for unemployment pay and some legal professionals say she has a case. The woman's unemployment insurance appeal raises questions about discipline of an employee who is present when a rule is broken versus being an active participant, and additional questions since the case involves a husband and wife, some say. (link)

Jan 6, 2014: The father of a former Sigma Alpha Epsilon pledge at Salisbury University who blew the whistle on the fraternity's illegal hazing activities is now considering filing a lawsuit. According to the Daily Times, Henry Stuart is meeting with attorneys to discuss possibly filing a civil lawsuit against SAE. (link)

Dec. 21, 2013: Creighton University must supply an interpreter and transcription service for a hearing-impaired medical student who successfully sued for discrimination, a federal judge ruled Thursday. Michael S. Argenyi plans to returns next summer to the medical school at Creighton after the judge ordered that the Omaha university pay for the services he requested but wasn't given during the first two years of his medical training. (link)

Campus Life & Safety Events

Jan 31, 2014: University of Missouri Libraries officials face tough choices as they consider what to do with 600,000 mold-covered books at an off-campus storage facility. The volumes are stored at Subtera, an underground storage facility off Stadium Boulevard in north Columbia. Jim Cogswell, director of MU Libraries, said library staff discovered the mold problem in October. (link)

Jan 24, 2014: Arizona State University severed ties with the Tau Kappa Epsilon fraternity Thursday night, only days after a party over the Martin Luther King Jr. holiday weekend depicting racial stereotypes drew harsh criticism from civil rights leaders. (link)

Jan 23, 2014: A chemical spill at an Auburn University lab sent one woman to a hospital just before 5 p.m. Thursday. But according to university officials, she did not suffer any injuries. (link)

Jan 22, 2014: A University of Utah student says he paid his tuition bill with 2,000 one-dollar bills as a silent protest against the rising cost of college. (link)

Jan 22, 2014: Purdue University officials are examining their own practices regarding digital emergency response plans as a result of website snafus that occurred after a fatal shooting on campus Tuesday. ''We're having a lot of conversations about what worked and what didn't and what tweaks we need to make,'' said Steve Tally, a senior marketing and media strategist at Purdue who focuses on information technology and serves Information and Technology at Purdue, or itaP. (link)

Jan 20, 2014: Police have arrested a peeping Tom suspect near the edge of the Wingate University's campus. Police arrested Worthell Taylor, 53, early Sunday morning after a woman called 911 to report a man hiding underneath her bedroom window. (link)

Jan 20, 2014: A Florida State student was knocked to the ground, kicked repeatedly and robbed early Sunday morning while walking on campus and now three other college students are in custody. The victim, an FSU student, said three men claiming they were University of Florida students approached him while he was walking near Deviney Hall on campus. (link)

Jan 14, 2014: University of Michigan is reviewing its inclement weather policy after receiving heat for staying open during last week's dangerously low temperatures. According to U-M Provost Martha Pollack, part of the reason the university's Ann Arbor campus remained open is quite simple: it didn't have a plan in place for closing. (link)

Dec. 22, 2013: Established to provide security on campus, many university police forces are expanding their jurisdictions beyond school grounds and into surrounding neighborhoods. (link)

Other News & Events

Jan 28, 2014: As they scramble to meet looming deadlines for financial-aid applications, families in which both parents are unmarried and live together--or in which the parents are in a same-sex marriage--may qualify for less assistance than in previous years. (link)

Jan 22, 2014: Just over half of the graduates from New Mexico high schools need to take remedial coursework -- particularly in math and English -- upon entering state colleges or universities, according to a new report compiled by the Legislative Finance Committee. (link)

Jan 21, 2014: Mississippi is spending more than $35 million a year on remedial courses for students who aren't ready for college, and lawmakers are looking for solutions. (link)

Jan 7, 2014: A CNN investigation found public universities across the country where many students in the basketball and football programs could read only up to an eighth-grade level. The data obtained through open records requests also showed a staggering achievement gap between college athletes and their peers at the same institution. (link)

Dec. 21, 2013: Following the release late this week of thousands of emails documenting strife on the Santa Fe Community College campus under recently ousted president Ana ''Cha'' Guzmán, additional emails obtained Saturday indicate a Governing Board member had raised concerns that Guzmán may have made racial remarks. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.