|
|
I recently heard this statement, ''Culture trumps strategy every time.'' This person went on to state that this was the mantra embraced by the leadership of Apple Computer. I can't verify the truth of that statement with respect to Apple Computer, but I did discover one survey where 9 out of 10 international executives said they agreed with the statement.1 Culture is also important when we consider things like proactively managing risks, implementing controls, and complying with regulations.
The more I think about it, the more I believe there is a great deal of truth in the statement. An organization can have great policies and procedures saying they will behave in a certain way, but if the culture of compliance and proactive risk management isn't built into the organization, the policies and procedures are meaningless. In a failing culture, people disregard written policies or in some instances may not even know they exist. Therefore, one of our first responsibilities as a leader who wants to be proactive and prevent problems is to consider the culture we have either inherited or helped create.
In a recent Wall Street Journal article on changing an organization, I found this statement, ''Instead of just lecturing on the need for change, look for ways to get people to experience the harsh realities that make it necessary.''2 In many ways that is what this monthly communication provides as we look at various incidents where risk management, ethics, internal controls, compliance -- essentially the culture -- failed, across our industry. We hope you will share this within your sphere of influence and discuss how we can proactively prevent similar things here at Auburn University.
M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing
Information Security Related Events
Aug. 25, 2010: Accessing the Internet via an open Wi-Fi network is risky because you have no idea who is the hot spot provider or who is connected to it. At the airport it may seem more secure to use a terminal to check your e-mail or update your Facebook status; however, according to Symantec, these terminals might not be secure at all. (link)
Aug. 24, 2010: Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud. A sizable 96 percent said they believe the cloud opens up more hacking opportunities, while 89 percent said cloud vendors aren't doing enough to address cybersecurity issues. (link)
Aug. 19, 2010: The University of Kentucky is notifying 2,027 people of a breach of protected health information. Access to the laptop was password-protected but the hard drive was not encrypted. (link)
Aug. 19, 2010: University officials are investigating the theft of a laptop computer from UConn's West Hartford campus that contains the names and social security numbers of 10,174 applicants, many of whom were selected for consideration to attend the regional campus. (link)
Aug. 18, 2010: Yale School of Medicine today began notifying approximately 1,000 people whose clinical health information was contained on a laptop computer that was stolen last month. While access to the stolen laptop was protected by a password, the laptop was not encrypted. (link)
Aug. 17, 2010: Officials are reviewing the Internet policies of the Dimond Library at the University of New Hampshire in response to the recent incident where a man was arrested for viewing child pornography on a library computer. (link)
Aug. 12, 2010: Loma Linda University's dental school has hired a credit monitoring and repair firm to help potential identity theft victims. (link)
Aug. 10. 2010: Confidential information for about 126,000 students and employees at six community colleges — including Broward College — were publicly available on the Internet for five days, a state library service center announced Tuesda (link)
Aug. 9, 2010: Computer security breaches at two UNCG clinics allowed unauthorized access to information about more than 2,500 individuals. (link)
Aug. 8, 2010: A Portland Community College employee reported that a car had been broken into and items were stolen. The employee had been transferring information from one PCC work location to the other. One of items taken was a data storage device that held the names and Social Security numbers of participants in the Oregon Food Stamp Employment and Transition Program. (link)
July 30, 2010: A physician from Baylor College of Medicine and affiliated with Texas Children's Hospital had his password-protected laptop stolen from an office at Texas Children's Hospital in Houston, Texas. Electronic files on the laptop contained demographic and clinical information of approximately 1600 cardiology patients, including names, medical record numbers, dates of service, diagnoses and dates of birth. (link)
Misappropriation/Fraud/Ethics Events
Aug. 26, 2010: The University of California has appointed an official to manage spending and operations at President Mark G. Yudof's new private residence, after Mr. Yudof ran up nearly $700,000 in expenses and involved senior university officials in time-consuming personal matters over a rented mansion in the Oakland Hills. (link)
Aug. 23, 2010: After a three-year internal investigation by Harvard University, animal cognition researcher Marc Hauser has been found ''solely responsible'' for eight counts of scientific misconduct. (link)
Aug. 12, 2010: A Burlington County, PA woman received $192,000 in student loans even though she took only two college courses in three years, authorities allege. (link)
Aug. 12, 2010: Vandals at Indiana University have gone fishing again. A bronze fish that is part of the Bloomington campus's Showalter Fountain is missing just a year after it was replaced following an absence of more than 20 years. (link)
Aug. 5, 2010: A former University of Utah Hospital cafeteria cashier has been accused of stealing more than $400,000 from his cash register over a span of six years. (link)
Aug. 3, 2010: A prominent UW-Madison cancer researcher has abruptly resigned after university officials began investigating a potential conflict of interest involving his outside business interests. (link)
Compliance/Regulatory Events
Aug. 29, 2010: New Jersey lawmakers are touting legislation aimed at ensuring that the state's colleges and universities have plans in place to address major on-campus emergencies (link)
Aug. 28, 2010: Appearing in small claims court Friday, San Francisco State University student Angela Yuen Uyeda said university officials had unfairly forced her to pay twice for the fall 2009 semester. (link)
Aug. 24, 2010: The ACLU of Virginia is asking the U.S. Supreme Court to review a federal appeals court ruling that bans alcohol advertising in Virginia's college newspapers. (link)
Aug. 13, 2010: Public health officials are forcing UC Berkeley to make a major change to a controversial freshmen orientation project that involves testing students' DNA, the university announced Thursday. (link) (link)
Aug. 11, 2010: Georgia's public colleges have enrolled at least 472 students for fall classes who could not provide proof of legal residency, according to a report released by the State Board of Regents on Wednesday. More than half the institutions saying fewer than 10 such students will attend their campuses. (link)
Aug. 2, 2010: An appeals court is scheduled to consider a lawsuit Tuesday that challenges the use of race and ethnicity in undergraduate admissions policies at the University of Texas at Austin. (link)
Aug. 1, 2010: Critics say Cloyne Court, a student co-op residence leased from UC Berkeley, tolerates drug use. Defenders say it's no different than other college housing. (link)
July 28, 2010: A three-member panel will investigate allegations of "emotional abuse" and NCAA rules violations in Indiana University-Purdue University Indianapolis' women's basketball program. (link)
July 28, 2010: A former faculty member Tuesday filed suit in federal court charging Duquesne University and its law school with sexual harassment, gender discrimination, retaliation and breach of contract. (link)
Other News & Events
Aug. 24, 2010: Most of the San Diego State University campus remained without air conditioning Wednesday, the result of a water main break earlier in the week. Non-essential employees were given the day off Wednesday, for the second day in a row. (link)
Aug 16, 2010: A program that allows University of Colorado students to register their parties -- and get a police warning if neighbors complain they're too loud -- will continue this fall. (link)
Aug. 12, 2010: The number of college students who are afflicted with a serious mental illness is rising, according to data presented Thursday at the annual meeting of the American Psychological Assn. in San Diego (link)
Aug. 9, 2010: Federal spending to educate returning veterans from Iraq and Afghanistan is disproportionately helping the bottom line of for-profit colleges, according to government enrollment data. (link)
Aug. 6, 2010: Some 25,000 books were scattered in Indiana State University's library when workers accidentally set off a domino-like tumbling of long rows of shelves. (link)
Aug. 2, 2010: Ex-foster students at all UC campuses will get housing priority starting this fall, according to Judy K. Sakaki, the UC system's vice president for student affairs. It may entail moving students to a single hall during vacations for efficiency and safety, or making different arrangements for meals. "This is a population that deserves our attention," Sakaki said. "They are just fantastic students who have overcome incredible odds." (link)
Aug. 1, 2010: Some analysts worry that academics are possibly imperiling or compromising the independence of their universities when they venture onto boards. Others question whether scholars have the time -- and financial sophistication -- needed to police the country’s biggest corporations while simultaneously juggling the demands of running a large university. (link)
If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at http://www.auburn.edu/audit.
If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.