The Audit Connection Spring 2014 issue 7

Page 1

The Audit Connection Collaborating for Enterprise Excellence

Spring 2014, Issue No. 7

Inside this issue: Think internal controls are Internal Audit’s responsibility? Think again

1

Controlling and accounting for assets

2

Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if 5 your home computer has been compromised? What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

Internal Audit Staff Clay Sprouse…………………..CAO Kathleen Boyd ..... Assoc. Director Crystal Corey ......... Audit Manager Vernon Walters…...Senior Auditor Will Barnes ............. Senior Auditor Sheryl Brown ............... I.T. Auditor Rufus Copeland…………...Auditor Lisa Kedigh………Admin. Asst. III Sarah Wilder………….Audit Intern

Think internal controls are Internal Audit’s responsibility? Think again Clay Sprouse, Chief Audit Officer Effective organizations depend on controls to ensure goals and objectives are met. Controls help us ensure effectiveness and efficiency of operations, reliable reporting of operations, and compliance with standards, laws, and regulations. Internal controls, an integral part of our daily walk and work, are part of the process. They are effected by people – they are not policy manuals, systems, or forms. It’s about people caring and doing the right thing. Control is effective when it provides reasonable assurance that we are doing the right thing at the right time. Absolute assurance would immobilize our work and prevent us from accomplishing our objectives. Internal control is there to ensure we meet our objectives. It needs to be cost effective and reasonable, not over lagging and impenetrable. Internal Audit provides assurance and advising services to the organization. We believe in helping you create a reasonable, workable, and optimal process to ensure you and your department meet your goals and objectives and meet compliance requirements. Internal Controls are management’s responsibility; Internal Audit’s function is to advise management and monitor the state of internal controls. If you believe you or your team can improve controls to better meet your goals, please invite us in to evaluate and aid you.

The Office of Internal Audit's purpose is to support the mission and vision of the Georgia Regents Enterprise by: providing independent and objective management evaluations; identifying actual and potential problems; providing corrective guidance; developing management recommendations; and providing consultative services in accordance with professional internal auditing standards and compliance review guidelines. We are here to help you! 706-721-2661 gru.edu/audits

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 2

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

Controlling and accounting for assets Crystal Corey, Audit Manager If assets are not properly accounted for, it can result in misappropriation of assets and/or misstatement of financial statements. The following internal control tips will help ensure your department/unit is controlling and properly accounting for assets: Designate an individual(s) as assistant property control officer(s), with the appropriate level of responsibility and authority needed to accomplish reliable inventory control for the department/unit. This individual(s) should be familiar with all Asset Management policies and procedures and be apprised of all inventory activity in the department/unit, i.e., moves, surplus, loss, etc. Develop internal asset processes and communicate these to all individuals in the department, including new hires. Conduct a thorough inventory with physical verification and ensure accuracy of the items listed on your inventory listing as well as correct location. Investigate inventory discrepancies and report adjustments to Asset Management in a timely manner. Be diligent in distinguishing University, Medical Associates, and Medical Center owned devices. Consider performing inventory frequently within your department, i.e., mid -year. This has proven very useful for departments/units that have larger inventories. Ensure all equipment moves, transfers, as well as surplus of equipment are documented and reported correctly as required by respective policy. Ensure all assets are tagged with the appropriate property tag. Provide adequate safeguarding of equipment. Contact GRU’s Public Safety Division and Asset Management when theft and/or loss of equipment occur. Loss of equipment that contains confidential, regulated data must also be reported to the privacy officer. For more information, contact the Office of Asset Management at 721-1797 or visit, gru.edu/supply/property Let’s protect our assets!

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 3

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card

7

Inside this issue:

Is your information secure? Gaudi Kinzer, Information Security Administrator Guest Column If you have never taken the time to review your credit report or set up an identity monitor, this may be the time to start. There has been a recent rise in cybercrimes that have many consumers on edge and second-guessing as to which companies they can trust with their personal information. Major retailers like Michaels, the country’s largest arts and crafts chain, recently announced that it found “possible fraudulent activity” on some of their customer’s credit cards. Another large retailer that has made national headlines is Target. Over the holiday season, hackers stole the information of about 70 million of Target customers’ information to be sold in regional sets. Target has offered to pay for credit monitoring and identity theft insurance for those customers who were affected by the breech. If you are familiar with the Neiman Marcus Group, which owns a number of high end retail brands, they also failed to protect their customers’ information. The breach of 1.1 million customer accounts from which 2,400 fraudulent transactions have been made has left retailers questioning and rethinking their security processes. Cybercriminals are getting savvier and bolder in their attempts to obtain your information and so should you. The largest hack in recent history took place on Nasdaq’s computer network by five Russian and a Ukrainian cyber hacker where, over a period of seven years, they stole roughly 160 million credit and debit card numbers, targeted 800,000 bank accounts, and cost their victims $300 million in monetary losses. Also, last September, the names, addresses, DOBs, and Social Security numbers of 4 million patients were stolen from Advocate Medical Group. The U.S. is not the only country that has encountered the cybercrimes; these crimes are happening all around the world and are targeting all different types of businesses. Some of these cybercrimes are of higher sensitivity, like the recent attack on South Korea where the names, Social Security numbers, phone numbers, and credit cards of 20 million people were stolen. Cybercrimes are a real issue and everyone must take action to ensure that their information is protected regardless of how busy they may be. Always make time to ensure that you are doing your due diligence to protect not only your information … but also the information of the staff, students, and patients around you. You see, we no longer have the luxury of thinking “it’s someone else’s problem”; if we all thought the same … who would be responsible for safeguarding our personal information? Cyber criminals are taking advantage of any opportunity to exploit you and your loved ones. Make it a routine to periodically check your credit report to ensure that there haven’t been any fraudulent entries made that you did not authorize. Under federal law, everyone is entitled to a free copy of their credit report annually from all three credit reporting agencies. In doing so, you can make sure that your credit is up-to-date and accurate. You may contact the Central Source by: Web: annualcreditreport.com Phone: 1- 877-FACTACT (1-877-322-8228) Mail Request Form to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 4

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

Quick tips for managing your next project Rufus Copeland, Auditor The 2014 Winter Edition of the College & University Auditor magazine recently printed an article on the importance of project management. Internal Audit would like to share some helpful tips taken from this article that will assist you in managing your next project. Initiation Brainstorming is an integral piece of project management that should be performed not only in planning, but also throughout the entire project. The project team should have open-ended discussions on project risks and objectives to stimulate ideas and perspectives for developing project steps. Objectives should be defined in the actual objective narrative and should follow the SMART acronym by being: Specific – clearly defined or identified Measurable – quantifiable and measurable Achievable – realistic and able to be accomplished Results-Based – focused on results or outcome Timely – occurring at the correct or most useful time Schedule Budgeted hours should be assigned to each phase based on team discussions and tracked throughout the project. It is important to think through possible obstacles and try to incorporate these unknowns into the budget. When issues arise during a project, the team should discuss and formulate a plan of action and “true up” the budget, if necessary. Communication Communication breakdowns are one of the greatest factors in project failures. Thus, status updates are crucial to any successful project plan. These updates should be standardized and distributed frequently to alleviate concerns moving forward. Scheduling in person meetings is also helpful when necessary. Closeout Brainstorming after completion of the project is a very useful technique. Project plans should be revisited after completion to review budget against actuals and to document takeaways and lessons learned (i.e., what worked and what did not). This will help you build good estimates for future projects.

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 5

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

SAVE THE DATE: BRINGING FREUD TO FRAUD

8

Have you ever wondered if your home computer has been compromised? Sheryl S. Brown, IS Auditor With Microsoft dropping support for the Windows XP operating system, there is a lot of discussion about safe home computing. In February 2014, the CIO.COM website shared this article from InfoWorld (Robert Grimes): “11 Sure Signs You’ve Been Hacked.” Your computer may have been hacked, if … You see a fake antivirus (AV) warning message. You see browser toolbars you did not install and do not want. Your Internet searches are redirected somewhere you don’t want to go. You get frequent random browser pop-up messages from sites that don’t normally generate them. Your mouse moves between programs and makes valid selections. Mouse pointers can move randomly due to hardware problems, but if your mouse moves itself AND selects options that work, you have been hacked. This requires professional help to resolve. Meanwhile, disconnect the infected computer from the network or wireless router and immediately use another uninfected computer to change your login names and passwords. Check your financial accounts and report any theft to law enforcement. In general, safe home computing requires knowledge of what you’ve installed so that you can recognize bogus software you did not choose or install. Familiarize yourself with the format of your legitimate AV program so that you recognize a bogus message. Make certain that you install security updates as they are distributed and ensure your AV software remains current. An additional safeguard is the use of a security scanner such as MalwareBytes, for example. Keep everything you use up-to-date. Remove browser toolbars you did not install and do not want. When installing any software, watch for a question about installing a free toolbar and make a conscious decision to install or not. If you think you’ve been hacked and you’ve kept your AV software up-to-date prior to the hack, you can run the AV software once you restart in Safe Mode, no networking*. For the first four indicators in the list, you can try powering a Windows based computer down followed by starting it in Windows Safe Mode, no networking*; and uninstalling bogus toolbars, programs, and fake antivirus software. Once the suspicious software has been removed, restore the computer to a point in time prior to the hack. If you continue to experience issues on your home computer, you should consider having your data backed up, then having a computer professional wipe all software from the computer and reload it. In some cases, these last steps are the only way to effectively mitigate a malware infection. *NOTE: Safe Mode does not apply to Mac computers. This only applies to Windows based computers.

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 6

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

What is the role of the Administrative Ambassador? Lisa Kedigh, Administrative Assistant Human Resources (HR) and the Office of Communications and Marketing (OCM) recently partnered to create Administrative Ambassadors from select departments to assist with key administrative communications as well as general HR announcements. In addition to official, full-time job responsibilities and duties, Administrative Ambassadors serve as liaisons between their respective departments and the Division of Human Resources and the Office of Communications and Marketing to help employees “discover what’s next.” Ambassadors help to keep Georgia Regents employees informed through the dissemination of key administrative communications and general HR announcements. Ambassadors serve as conduits for departmental faculty and staff and help to identify operational and administrative resources that can be used to further promote engagement across the university and health system. They also help to identify issues that can be addressed through internal employee communications and provide operational and administrative advice regarding: HR Administration Training and development opportunities and resources Enterprise wide communications and issues Key enterprise initiatives, events, and activities Major Responsibilities: Assist with dissemination of key enterprise administrative communications and general HR announcements, i.e., open enrollment for benefits, compliance training. Allow for two-way communication between enterprise administrative functions and departmental faculty and staff, providing feedback to enterprise leadership as needed. Serve as an advocate and champion in support of enterprise initiatives and events, including GRU Discovery Expo, Employee Engagement survey, recognition programs, Day of Service, Diversity Conference, PFCC Conference, and HR Training Events. Maintain access to employee contacts, information, and resources, including PAWS intranet, HR website, and GReport publications. Administrative ambassadors have a heightened visibility within the enterprise along with additional dialogue with the senior leadership team. Senior leaders appoint someone from their department who is trusted and respected by coworkers and managers, who work effectively with diverse groups of people, and have a solid knowledge background of the university and health system.

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Page 7

The Audit Connection

Think internal controls are 1 Internal Audit’s responsibility? Think again Controlling and accounting for 2 assets Is your information secure?

3

Quick tips for managing your next project

4

Have you ever wondered if your home computer has been compromised?

5

What is the role of the Administrative Ambassador?

6

Always check your monthly debit and credit card statements

7

Always check your monthly debit and credit card statements Danny Walters, Senior Auditor It’s always a good idea to protect yourself from fraud by diligently reviewing your monthly debit and credit card statements. For example:

$9.84

If this charge appears on your debit or credit card statement, the Better Business Bureau says fraudsters may have put it there. As part of a worldwide scam, thieves are using information from stolen payment cards to make small charges to those cards that could easily go undetected. The Better Business Bureau urges cardholders to closely monitor their past and current statements for such charges and to call their card-issuing banks if they have questions or find any issues. For more information, see “Were You Charged $9.84? It Might Be Fraud” by Jose Pagliery, Jan. 28, 2014, CNNMoney, tinyurl.com/n3dr3at. Source: “Fraud in the News,” Fraud Magazine, March/April 2014 Edition

Ask the Auditor! We invite you to send your questions to internal_audit@gru.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.