Having trouble viewing this email? View it in your browser.

Office of Audit, Compliance & Privacy

Case in Point:
Lessons for the proactive manager

November 2017
Vol. 09 No. 11
“Who am I, where have I been, and where am I going?”

-- Carl Sandburg

Case in Point has grown well beyond what we originally expected (or intended), and we hope you continue to find value in our monthly publication. We believe the industry of higher education is vitally important and hope this publication in some way helps our industry achieve success through proactive risk management.

As we rapidly approach the end of 2017, you will most likely read and hear a lot about self-reflection and new resolutions for the coming year. This is a good time to do the same thing for your area of operations. Here are three simple questions you might consider:

  1. Why do we do things the way we do them?

    If the answer is, ''because that's the way we've always done it,'' you might want to dig a little deeper. If there's not a good reason for some process, then change it if it can be done better in some way.

  2. Are there changes we can make to do things more efficiently?

    The world moves at a much faster pace now and operationally we need to think about how we conduct the business of higher education.

  3. Are there things we could do to make our institution better?

    The best ideas generally come from the people who are in the trenches day-to-day. If you have ideas for improvement, don't be afraid to voice them to someone.

These are just a few questions to consider as we move full speed toward 2018. We again invite you to consider the events across higher education the past month with a view toward proactive risk management within your sphere of influence. We welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy

Information Security & Technology Events

Nov 29, 2017: After a year marked by devastating cyber attacks and breaches, online attackers are expected to become even more destructive in 2018, security researchers said Wednesday. A report by the security firm McAfee said the ransomware outbreaks of 2017 offer just a taste of what's to come as hackers develop new strategies and "business models." McAfee researchers said that as ransomware profitability fades in the face of new defenses, hackers will turn to new kinds of attacks that could involve damage or disruption of computers and networks. Attackers will also look to target wealthy individuals and aim at connected devices which offer less security than computers and smartphones. (link)

Nov 28, 2017: University of Chicago hospital patient information was potentially vulnerable to hackers due to weaknesses in the University's network, a Maroon investigation revealed. Experts suspect that vulnerabilities like these are likely to be found at many hospitals, universities, and institutions around the world. The weeks-long investigation, encompassing a manual review of tens of thousands of lines of network scan logs, interviews with sources who have explored the University's network, and conversations with multiple cybersecurity experts, found that networked printers accessible by anyone on the University network were being used to print what seemed to be sensitive health documents, like organ donation logs, surgery face sheets, prescriptions, and even medical records, some of which may have been protected by federal privacy law. Researchers have shown that documents printed on printers like these are vulnerable to being remotely stolen by hackers relatively easily. (link)

Nov 17, 2017: Stanford is in the process of notifying some 200 people -- a mix of employees and former students -- that their privacy may have been breached due to incorrect settings in one of the University's file-sharing systems. Until this week, files including sexual violence records based on counseling sessions, confidential University statistics and emails to the Office of Judicial Affairs -- some with names and email addresses attached -- were left broadly available on an internet server that students, faculty and staff from over 50 institutions regularly use. Any Stanford faculty, student or staff member with a SUNet ID was able to access the sensitive files; The Daily also found that an MIT student username and password were able to grant access (link)

Nov 17, 2017: The Bucks County District Attorney's office said Aleisha Morosco tried multiple times to change her microbiology grade. After several failed attempts, she enlisted a friend's help, orchestrating a security breach at Bucks County Community College. Authorities said while working at a medical office affiliated with Penn Medicine, Kelly Marryott accessed a faculty member's personal information and leaked it to her friend, Aleisha Morosco. Desperate to change her grade, Morosco then used the stolen data to gain unauthorized access to BCCC's computer system. Officials said while inside the system, Morosco changed not just her grade, but several other student's grades in her microbiology class. (link)

Nov 13, 2017: A recent report by the Identity Theft Resource Center shows that data breaches in the United States are occurring at a record pace this year, and that hacking, from phishing attacks, ransomware and malware, has caused nearly two-thirds of the breaches. Overall, the ITRC reports that by early August, 10 percent of the breaches in 2017 have occurred in education, resulting in more than 1 million records getting compromised. None of us want to be on that list. Colleges and universities face new threats every day, so it's important for IT departments to be proactive and continually work to enhance security. Here are some best practices to protect university data. (link)

Nov 02, 2017: A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD). The extortion attempt's victim is the University of Fraser Valley (UFV), a Canadian university. A hacker or hacker group breached the university's network from where it gathered information such as names, email addresses, phone numbers, physical addresses, grades information, some instances, limited financial details, and possibly more. UFV shut down its email system until November 6, in an attempt to prevent the proliferation of other emails containing data of other students. (link)

Fraud & Ethics Related Events

Nov 13, 2017: A Chinese college student was arrested on Monday in the latest case to stem from U.S. investigations into international students who authorities say hire imposters to take exams on their behalf to gain admission to American universities. Xinyan Wang, a student at Lehigh Carbon Community College in Pennsylvania, on six different occasions since July took college entrance exams under other peoples' names, according to a criminal complaint filed in federal court in Boston. (link)

Nov 09, 2017: Federal prosecutors say three Ohio women have been indicted in a plot that used stolen identities and those of prison inmates and acquaintances to steal federal financial aid after enrolling hundreds of people at an Arizona community college. Prosecutors say phantom students were awarded $1.8 million in financial aid after being enrolled in online classes by the women at Tempe-based Maricopa Community College. Prosecutors say that while most of the money went to the school for tuition, the scheme netted the women and co-conspirators about $200,000. (link)

Nov 06, 2017: After caught sharing answers to course assignments in a messaging app called GroupMe last spring, 83 undergraduate students enrolled in a principles of marketing course were charged with violations of the student code of conduct, calling into question the ethics behind using technology to collaborate with classmates. The Fisher College of Business students were reported by their professor in April, according to a statement from Ohio State spokesman Ben Johnson. ''The charges include unauthorized collaboration on graded assignments, which is prohibited under the Code of Student Conduct,'' the statement reads. (link)

Compliance/Regulatory & Legal Events

Nov 29, 2017: A conservative commentator who was arrested at the University of Connecticut and charged with breach of peace following an altercation blamed some UConn students for being ''violent and disruptive.'' Lucian Wintrich's Tuesday night speech titled ''It's OK To Be White'' was repeatedly interrupted by people in the audience booing and chanting before coming to an abrupt end when a woman appeared to take paperwork off the lectern he was using and then began to leave. (link)

Nov 27, 2017: Another high-profile instance of sexual harassment has rocked a major institution -- this time Princeton University in New Jersey. And students say administrators didn't act transparently or strongly enough when disciplining the alleged perpetrator, a decorated professor. A Title IX investigation, first revealed by HuffPost, found electrical engineering professor Sergio Verdu guilty of sexually harassing one of his student advisers. Yeohee Im told HuffPost Verdu touched her thigh and stomach and invited her to watch sexually explicit films at his house. (link)

Nov 27, 2017: A former Penn State student believes the university discriminated against her based on her race when it decided to suspend her. Grace Simms, who is black, said in a lawsuit that the university discriminated against her due to her race in the aftermath of an incident with two other students. Simms, who attended Penn State Altoona, recently filed a lawsuit for in excess of $75,000 against the university, and employees Jay Burlingame and Robert Matchock, who the suit says played roles in the disciplinary actions against Simms. The lawsuit said Simms was the target of cyberbullying in March 2016 by fellow student Sarah Ismail, who was not named as a defendant in the suit. Ismail, according to court documents and the university's directory, has not faced any charges related to the incident and is an active student. (link)

Nov 27, 2017: Larry Nassar pleaded guilty Wednesday to charges that he molested numerous girls as a doctor for the U.S. national gymnastics team. While he pleaded guilty to seven counts of sexual assault, he admitted responsibility in many more cases, some of them involving girls who went on to become Olympic stars. His guilty plea has renewed calls for more information about what Michigan State University knew about the accusations against Nassar, who was director of sports medicine at the university at the same time he worked for the U.S. gymnastics team. Some of the women who were Nassar's victims charge that Michigan State either covered up accusations against him or looked the other way, allowing his abuse of girls to go on longer than it might have otherwise. (link)

Nov 22, 2017: A federal grand jury sitting in the United States District Court for the Western District of Virginia in Roanoke has charged a former engineering professor at Virginia Tech in an indictment returned yesterday, United States Attorney Rick A. Mountcastle announced. Yiheng Percival Zhang, 46, of Blacksburg, Va., is charged with one count of conspiring to defraud the United States, three counts of making false statements within the jurisdiction of the United States, and three counts of making false claims to the United States. (link)

Nov 22, 2017: A national Asian-American fraternity has been found guilty of criminal charges stemming from the 2013 hazing death of a college student in the Pocono Mountains of Pennsylvania. Pi Delta Psi Inc. was convicted Tuesday of five felonies and two misdemeanors, including aggravated assault and involuntary manslaughter, in the death of Chun Hsien "Michael" Deng. Blindfolded and wearing a backpack, Deng was forced to walk in the backyard in the early morning hours through a line of fraternity members who allegedly pushed, shoved, and tackled him in an attempt to bring him down, court records show. Deng fell several times and suffered multiple blows to his body, including his head, according to a forensic pathologist, court documents state. (link)

Nov 21, 2017: The Justice Department is actively investigating Harvard University's use of race in its admissions policies and has concluded the school is "out of compliance" with federal law, according to documents obtained by CNN. The Justice Department's battle with Harvard potentially sets the stage for the first major legal test of affirmative action policies under the Trump administration. Last year, the US Supreme Court ruled that race can be one among many factors universities use in making admission decisions. (link)

Nov 21, 2017: A Pennsylvania neurologist pleaded guilty Tuesday to misdemeanor charges of groping seven patients in 2016 at a Philadelphia clinic. Dr. Ricardo Cruciani is the former chair of neurology at Drexel University. The university fired him in March following an internal investigation. (link)

Nov 17, 2017: The only time university endowments pay taxes is when they invest in debt-financed financial firms such as private equity funds and hedge funds. These investments are considered a business activity unrelated to their tax-exempt missions. As The New York Times reported, large numbers of universities have adopted an offshore scheme that allows them to avoid even those taxes. The universities assign entities called ''blocker funds'' legal responsibility of otherwise taxable investments. These entities are incorporated in zero-tax jurisdictions such as Bermuda and the Cayman Islands. Consequently, wealthy universities have settled en masse on a strategy for reaping Wall Street-sized investment gains tax free. (link)

Nov 17, 2017: A group of college athletic administrators say they're extremely concerned that a proposed measure in the House's tax bill that passed Thursday will greatly impair college sports funding. In the proposed measure, Section 1306 would cut deductions associated with charitable contributions for tickets. Not allowing fans to deduct for donations that give them the right to buy tickets would immediately cost college programs hundreds of millions of dollars, according to athletic directors who spoke with ESPN. (link)

Nov 17, 2017: Rutgers University has fired its women's swimming and diving coach amid mental and verbal abuse allegations. Petra Martin's dismissal came Thursday after athletic director Patrick Hobbs met with the team on Wednesday. Hobbs told NJ.com: "We both agreed that it was in the best interests of the program." He declined to address specifics and said the university hasn't finalized details of Martin's salary for the remaining three years of her contract. (link)

Nov 13, 2017: Prosecutors on Monday charged 12 more Pennsylvania State University fraternity members in connection with fraternity pledge Tim Piazza's hazing death, after recovering footage they say had been deleted from a frat house security camera. In addition, Centre County District Attorney Stacy Parks Miller accused one member of the now-defunct Beta Theta Pi fraternity -- Braxton Becker, 20, of Niskayuna, N.Y. -- of deleting the video in an attempt to stifle the investigation. The charges -- felony counts against five new defendants and misdemeanors against seven others -- significantly broadened what was already one of the largest hazing prosecutions in the nation's history and drew renewed attention to Piazza's Feb. 4 death after a booze-fueled fraternity initiation ritual. (link)

Nov 09, 2017: Three freshmen on the UCLA men's basketball team accused of shoplifting in the Chinese city of Hangzhou could be months away from returning home while the legal process in their case plays out. ESPN, citing a source with firsthand knowledge, reported Wednesday that LiAngelo Ball, Cody Riley and Jalen Hill were released on bail after being questioned about stealing sunglasses from a Louis Vuitton store near the team hotel. ESPN's LA-based reporter Arash Markazi is covering the team from China. (link)

Nov 08, 2017: Further allegations emerged Wednesday that now-fired University of Louisville coach Rick Pitino not only knew about a plan to send payments from Adidas to the family of top Cardinals recruit Brian Bowen, but agreed to actively participate in it. This from newly released evidence in an unsealed indictment in the college basketball fraud and bribery case. Pitino has steadfastly denied he had any knowledge of the plot. Louisville fired the Hall of Fame coach last month anyway. (link)

Oct 31, 2017: Three Dartmouth College professors whose research included studies of sexual desire and attractiveness have been put on paid leave while a criminal investigation of alleged sexual misconduct is carried out, the authorities said Tuesday. Attorney General Gordon J. MacDonald of New Hampshire said his office was part of a joint criminal investigation by five law enforcement agencies into allegations of ''serious misconduct'' by the professors, all male tenured faculty members in the Department of Psychological and Brain Sciences. The professors' access to the Dartmouth campus has been restricted. (link)

Campus Life & Safety Events

Nov 28, 2017: Indiana University-Bloomington has joined a growing list of colleges and universities where Greek life is being put on hold. The university's Interfraternity Council, made up of fraternity members, met with chapter presidents Monday night. A statement from the IFC says the vote was unanimous to self-impose a three-month suspension. (link)

Nov 26, 2017: Tennessee lawmakers reached out to University of Tennessee officials Sunday regarding the potential hire of Greg Schiano as head football coach at the school -- and celebrated after the deal fell apart. The reason for the backlash: Testimony unsealed last year where former Penn State assistant coach Mike McQueary said that he heard Schiano, who was an assistant with the Nittany Lions, had witnessed Jerry Sandusky "doing something" to a boy in the shower. (link)

Nov 21, 2017: A few days after headlines exploded about yet another university president suspending Greek life activities after yet another hazing death, a group of college presidents sat around a dinner table expressing concern about bad behavior at fraternities. But somehow, they couldn't help singing their praises as well. Fraternities foster a sense of belonging. Their members do community service and care about social welfare. They boost retention and graduation rates. They raise money for charity and provide vast alumni job networks. They add value to the college experience .... Meanwhile, the list of recent hazing horrors seemingly grows. (link)

Nov 20, 2017: When Charles Murray or Milo Yiannopoulos visit a college campus, administrators don't just worry about the effect that inflammatory speech might have on their students. They aren't only concerned about being swept up in the higher education free speech debate, or playing host to a scandal that could taint their school's reputation for months. There's also the cost -- which can climb into the millions of dollars. (link)

Nov 20, 2017: Nearly 364,000 foreign students with F-1 visas were newly enrolled at a U.S. college or university in 2016, double the number at the outset of the Great Recession, according to a Pew Research Center analysis of U.S. Immigration and Customs Enforcement data obtained through a public records request. (link)

Nov 13, 2017: The first new college class since the election of Donald J. Trump has arrived on campus, and new numbers confirm what the higher education industry had feared: Fewer foreign students are coming to the United States. The number of newly arriving international students declined an average 7 percent in fall 2017, with 45 percent of campuses reporting drops in new international enrollment, according to a survey of nearly 500 campuses across the country by the Institute of International Education. Experts cited an uncertain social and political climate in the United States as part of the reason for the decline in enrollment. (link)

Nov 09, 2017: Faculty members and students at Clemson University are calling on the administration to do more to address racism and hate on campus. It took Clemson University 4 days to email students and faculty about white supremacist recruitment fliers that were scattered around school grounds on Monday, September 30th. (link)

Nov 07, 2017: A terroristic threat on Ohio University's campus on Monday caused dozens of police officers to surround a dining hall and take a suspect into custody. Curtis Embrey worked at Nelson Dining Hall. According to Ohio University police, a few hours before his shift, Embrey texted his coworker threatening messages that he was going to take down himself and other employees here. (link)

Nov 06, 2017: Florida State University announced on Monday that it will indefinitely suspend all fraternities and sororities following the apparent alcohol-related death of a freshman pledge and, separately, the arrest of a member of a different fraternity on cocaine charges. In a news release posted to the University's website, the university said the suspension was needed to "review and reflect on the loss of a young life." The death and drug bust, which are not related, took place just days from one another. (link)

Nov 06, 2017: At Reed College, a small liberal-arts school in Portland, Oregon, a 39-year-old Saturday Night Live skit recently caused an uproar over cultural appropriation. In the classic Steve Martin skit, he performs a goofy song, ''King Tut,'' meant to satirize a Tutankhamun exhibit touring the U.S. and to criticize the commercialization of Egyptian culture. You could say that his critique is weak; that his humor is lame; that his dance moves are unintentionally offensive or downright racist. All of that, and more, was debated in a humanities course at Reed. But many students found the video so egregious that they opposed its very presence in class. (link)

Nov 02, 2017: Missouri Western State University removed some politically motivated fliers from some of their buildings, but only because the anonymous poster violated campus posting rules. Signs reading ''Illegal immigrants are criminals #buildthewall'' and others that stated there are only ''two genders'' were posted primarily in Western's Eder Hall and Blum Union earlier this week, and were removed on Wednesday. (link)

Nov 02, 2017: A UC San Diego student was arrested for stealing women's laundry items worth approximately $2,000 last Friday. UCSD police apprehended the student, identified as first year David Chou, and charged him with burglary, grand theft, and receiving known stolen property. Following Chou's arrest, police confiscated the stolen laundry items. For owners of the laundry items wishing to claim their articles of clothing, police warned students against wearing them again, as Chou admitted to wearing the items. (link)

Nov 01, 2017: Twenty-one students at a New York college were charged with hazing pledges to the Pi Alpha Nu fraternity by forcing them to drink large quantities of alcohol and other liquids, making them eat food off the floor and vomiting on them. (link)

Nov 01, 2017: A student at the University of Hartford in Connecticut was charged with criminal mischief and expelled from school after boasting about having contaminated her roommate's toothbrush, face lotion and other belongings in an effort to drive her from the room. (link)

Other News & Events

Nov 15, 2017: As lawmakers consider two different bills that would overhaul the tax code, several changes on the table could affect Americans who are paying for college. The House version of the bill would eliminate some tax benefits for those with college costs, but the Senate version would mostly leave them untouched. The goal is to have a final bill on President Trump's desk by the end of the year. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

Office of Audit, Compliance & Privacy
Auburn University
304 Samford Hall
M. Kevin Robinson, Assoc. VP

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.