Policy Primers - Guiding You Toward Desired Outcomes

This column is an index of Audit Update blog posts that reference the 蹤獲扦 Policies and Procedures Manual. The context provided by the posts highlights why the policies were developed and adopted and how they can guide you toward desired outcomes or combat harmful consequences.


3.58 / Protection from Retaliation for Reporting Wrongful Conduct

Corrupt Couple Cause Chaos

A husband and wife team took a multipronged approach to defraud their employing university. Their case is rich with examples of how to violate a university's trust. Their system worked because they were trusted employees lacking oversight.


13.01 / Deposit of Cash Receipts

Deposits Deceitfully Diverted in Toledo

A long-running theft at the University of Toledo shows what can happen when policies and procedures about how and where to deposit money are disregarded or not clearly defined. After looking at what happened at Toledo, we'll review 蹤獲扦 policies and procedures designed to counter a similar occurrence here.


13.08 / Official Hospitality and University Business  13.21 / Gifts to Employees

This is Why Pcards Have Protocols

Pcards are a great tool when proper protocols are established and followed. This post features a cautionary tale of what can happen when pcards are distributed without user instructions and spending guidelines.


3.12 / Security and Confidentiality of Student Records and Files 13.14 / Security of Credit Card Data 19.01 / Acceptable Use of Information Technology Resources 19.10 / Retirement of Computing and Information Technology Resources

Four Policies Essential to Data Security

My previous post highlighted how universities fumbled data security because of data handling errors. Data exposed in the incidents included student education records, protected health information, Social Security numbers, and credit card numbers.

蹤獲扦 has four policies that guard against data handling errors. Are you familiar with all four?


13.14 / Security of Credit Card Data

October is Cybersecurity Awareness Month

An essential part of cybersecurity is compliance with the Payment Card Industry Data Security Standard (PCI DSS), an initiative designed to protect payment card data (debit and credit). The university has a committee of finance and IT professionals dedicated to overseeing its compliance effort. What cybersecurity risk is most relevant to 蹤獲扦?


13.21 / Gifts to Employees

Gift Guidelines to Keep in Mind

Year-end holidays are a wonderful time when people show gratitude for a job well done and celebrate their good relationships. It's also an excellent time to review state and university gift guidelines to avoid an unintended ethics miscue.


3.04 / Commitment of Time, Conflict of Interest, Consulting and Other Employment

Conflicts of Interest: An Emerging Topic Gaining Prominence in Higher Ed

Kevin Robinson, associate vice president, Office of Audit, Compliance & Privacy (OACP) at Auburn University, continues his discussion about conflicts of interest. Robinson explains that having a conflict of interest doesn't necessarily mean someone has done anything illegal or unethical, but that conflicts must be disclosed, evaluated, and managed.