Internal Auditing

Case in Point:
Lessons for the pro-active manager

September 2009
Vol. 1 No. 9
Quotable...

"Relativity applies to physics, not ethics"

-- Albert Einstein

Consider the following scenario: Tim is a full-time tenured faculty member and is performing research for a drug company’s new drug. Tim is also a consultant for this same drug company. He does not disclose his ties to this company to his institution. Is this a problem or just good business? What about this next situation? Jane is a university employee who also owns a catering business. In her role as university employee Jane conducts business with her catering company. Is this a problem or just good business?

The first scenario is an actual case in our listing of ethics events occurring around the world of higher education this month. It seems Tim was also involved in a center for ethics at his institution, Washington University. This center has now been closed. While the issue began with Tim’s non-disclosure of his connection with the drug company, it ended, according to federal investigators, with Tim falsifying research. The second scenario happens more frequently than you might think. Generally, these situations begin rather innocently, but sometimes external connections can begin to bias decisions so that they are not made in the university’s or research sponsor’s best interest. Educating your faculty and staff about possible conflicts so they can come to you and disclose these potential conflicts can greatly and positively impact your control environment and prevent many headaches.

Both of these situations involve conflicts of interest. When left undisclosed these conflicts can bring disastrous consequences for individuals and institutions. When disclosed, more often than not, they can be proactively managed in a way that protects both the individual and the institution. It is important in your role as a manager to pay attention to both the potential conflicts you may have personally and also for those under your leadership. Otherwise, major costs may be paid in the form of damaged reputations and institutional credibility not to mention potential legal repercussions.

Sincerely,
M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing


Information Security Related Events

Sept. 2, 2009: University of Vermont recently discovered that the security of up to 242 university-funded credit cards has been compromised. Ann Naylor of UVM Procurement services said in a statement that UVM is unaware of how the breach occured. (link)

Aug. 21, 2009: Nearly a year ago, hackers broke into a computer server that contained Social Security numbers and ''a very limited amount of'' credit card information for graduates of University of Massachusetts at Amherst, the university announced recently. (link)

Aug. 20, 2009: A file transfer program erroneously installed on a server in an Army Reserve Officers' Training Corps (ROTC) office at Boston University inadvertently
exposed personal information about thousands of people affiliated with the
program. (link)

Aug. 20, 2009: Facebook on Thursday said it had disabled six rogue apps that were stealing Facebook users' log-in credentials and spamming people, and within hours more appeared. Five more of the apps appeared on Thursday, called "Friends," "Friends Gifts," "Matching," "Pok," and "Your Photos," according to an updated blog post by Trend Micro researcher Rik Ferguson. By that night those new ones were disabled too. Facebook "will continue to ensure that all applications on Facebook Platform comply with Facebook policies," a spokeswoman for the company said. (link)

Aug. 18, 2009: More than a dozen computers have been stolen from California State University, Los Angeles, sparking concerns over possible identity theft. Officials say on Aug. 1 someone broke a window in the office of the university's Minority Opportunities in Research program and stole 14 computers, two desktops and 12 laptops. (link)

Aug. 15, 2009: A Northern Kentucky University employee's laptop computer - which contained personal information about some current and former students -- was stolen from a restricted area last month, university officials said. (link)

Aug. 13, 2009: Some Lousiana State University students' personal information — their names and social security numbers — were displayed on a Web site accessible to the public recently. (link)


Misappropriation/Fraud/Ethics Events

Sept. 16, 2009: Thirty-Nine year old Tracy Laird pleaded not guilty to stealing 90,000 dollars from the Jones County Junior College. Laird worked for JCJC for 10 years in the accounting department but the embezzlement allegedly started in 2007. (link)

Sept. 11, 2009: A thief with an interest in finance and economics has stolen nearly $3,000 of materials from Drew University – in the form of textbooks. (link)

Sept. 11, 2009: Murray State students who leave their textbooks unattended increase the risk of falling victim to textbook theft. There were three different accounts of textbook theft reported in the Public Safety Activity Log, on Aug. 27, Aug. 31 and Sept. 1. Two of those accounts came from the University Bookstore. (link)

Sept. 10, 2009: More than $39,000 in textbooks was stolen from the Kenyon Bookstore in approximately a week at the beginning of August, according to Chief Business Officer Mark Kohlman. College officials and Bookstore employees are still finalizing the exact value of the stolen textbooks and working in collaboration with the Sheriff's office, which is managing the investigation, according to Kohlman. (link)

Sept. 3, 2009: Georgetown University has reimbursed the U.S. Department of Education for more than $62,000 in federal work study payments it gave to 26 baseball players over the course of seven years for employment the athletes did not complete. (link)

Aug. 28, 2009: Washington University has announced it will close its ethics center just as two people connected to the university have had high-profile ethical lapses. (link) (backstory)

Aug. 24, 2009: American InterContinental University, a for-profit college with campuses in Atlanta, has defrauded federal grant and loan programs and the agency that approved its accreditation, a whistle-blower lawsuit contends. (link)

Aug. 23, 2009: A year after a landscaping scandal led to the retirement of a longtime university leader, Mississippi State University is looking to improve the ethical culture on campus. (link)


Compliance/Regulatory Failure Events

Sept 7, 2009: University of Arkansas police said Avery Scott, 38, is facing felony rape charges. They said he's a university employee, and that he raped a female student at residence hall early Friday morning. (link)

Aug. 27, 2009: A Colorado State University sorority was quietly ousted from the university in the spring after campus police found numerous alleged incidents of hazing and harassment that one sorority pledge called "torture." (link)


Other Events

Sept. 9, 2009: The President of Johns Hopkins University is a Canadian citizen who just received his green card. Ronald Daniels cannot obtain security clearance to oversee classified research. And under Hopkins' enormous research umbrella sits the Applied Physics Laboratory in Laurel. The lab attracted $845 million in research money last year, about 70 percent of which came from the Department of Defense. Many of those defense contracts involve classified research. (link)

Sept. 9, 2009: Harvard University is coming under fire for running an advertisement in its campus newspaper questioning the reality of the Holocaust.Recently named for the second straight year as the No. 1 school in U.S. News & World Report rankings of American colleges, Harvard is known for its rigorous scholarly standards and prestigious reputation. On Tuesday, however, The Harvard Crimson, in what it said was an error, ran the Holocaust-questioning advertisement, which had been rejected by the paper over the summer. (link)

Sept. 9, 2009: Gov. Rick Perry has reopened the issue of Bonfire at Texas A&M University. Perry, perhaps the state's highest-profile graduate of the flagship university in College Station, was quoted by a Texas Monthly writer as saying he expects Bonfire to be back as soon as 2010. The campus hasn't hosted a Bonfire, a century-old ritual traditionally held before the football game against the University of Texas at Austin, since 1999, when a 60-foot stack of wood collapsed, killing 11 A&M students and one graduate. Another 27 people were injured. (link)

Sept. 3, 2009: Jordan Chusid received a first-day orientation that seems a little inappropriate - even for the University of Miami. The transfer from the University of Central Florida had to stare down the barrel of two guns held by campus police who bum-rushed the student last week because they thought he was a suspect who had stolen a motorcycle from the law school parking lot earlier in the day. (link)

Aug. 27, 2009: When she was thrown out of nursing school just 13 weeks before graduating, Sara Castle was humiliated. Still, she knew she and her classmates weren’t getting the clinical training they needed because an instructor repeatedly dismissed students early — a practice Castle exposed, and the teacher was fired. (link)

Aug. 23, 2009: The nightmare events now known simply as ''Virginia Tech'' and ''Northern Illinois'' -- deadly on-campus shooting sprees in 2007 and 2008, respectively -- have refocused college campus safety, leading to mass alert systems, stepped-up police retraining and emergency preparedness plans. (link)

 


If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/audit

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman gotterw@auburn.edu.

Department of Internal Auditing
Auburn University
304 Samford Hall
M. Kevin Robinson, Exec. Director
robinmk@auburn.edu
334.844.4389
© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Internal Auditing is listed as the source.