This column is an index of Audit Update blog posts that reference the 蹤獲扦 Policies and Procedures Manual. The context provided by the posts highlights why the policies were developed and adopted and how they can guide you toward desired outcomes or combat harmful consequences.
3.58 / Protection from Retaliation for Reporting Wrongful Conduct
A husband and wife team took a multipronged approach to defraud their employing university. Their case is rich with examples of how to violate a university's trust. Their system worked because they were trusted employees lacking oversight.
13.01 / Deposit of Cash Receipts
Deposits Deceitfully Diverted in Toledo
A long-running theft at the University of Toledo shows what can happen when policies and procedures about how and where to deposit money are disregarded or not clearly defined. After looking at what happened at Toledo, we'll review 蹤獲扦 policies and procedures designed to counter a similar occurrence here.
13.08 / Official Hospitality and University Business 13.21 / Gifts to Employees
This is Why Pcards Have Protocols
Pcards are a great tool when proper protocols are established and followed. This post features a cautionary tale of what can happen when pcards are distributed without user instructions and spending guidelines.
3.12 / Security and Confidentiality of Student Records and Files 13.14 / Security of Credit Card Data 19.01 / Acceptable Use of Information Technology Resources 19.10 / Retirement of Computing and Information Technology Resources
Four Policies Essential to Data Security
My previous post highlighted how universities fumbled data security because of data handling errors. Data exposed in the incidents included student education records, protected health information, Social Security numbers, and credit card numbers.
蹤獲扦 has four policies that guard against data handling errors. Are you familiar with all four?
13.14 / Security of Credit Card Data
October is Cybersecurity Awareness Month
An essential part of cybersecurity is compliance with the Payment Card Industry Data Security Standard (PCI DSS), an initiative designed to protect payment card data (debit and credit). The university has a committee of finance and IT professionals dedicated to overseeing its compliance effort. What cybersecurity risk is most relevant to 蹤獲扦?
13.21 / Gifts to Employees
Gift Guidelines to Keep in Mind
Year-end holidays are a wonderful time when people show gratitude for a job well done and celebrate their good relationships. It's also an excellent time to review state and university gift guidelines to avoid an unintended ethics miscue.
3.04 / Commitment of Time, Conflict of Interest, Consulting and Other Employment
Conflicts of Interest: An Emerging Topic Gaining Prominence in Higher Ed
Kevin Robinson, associate vice president, Office of Audit, Compliance & Privacy (OACP) at Auburn University, continues his discussion about conflicts of interest. Robinson explains that having a conflict of interest doesn't necessarily mean someone has done anything illegal or unethical, but that conflicts must be disclosed, evaluated, and managed.