the compass december 2024 vol. 20, no. 1
Guidance for University leaders on governance topics facing UToledo and our peer institutions
THOUGHT FOR THE DAY
"Character is what you are in the dark."
- - Dwight Moody (American evangelist), and Susan Walland
Assumption Busting
Here are some more famous quotes from history …
- “Everything that can be invented, has been invented.” – Charles H. Duell, U.S. communicator of patents, 1899
- “Stocks have reached what looks like a permanent plateau.” – Irving Fisher, professor of economics, Yale University, Oct. 17, 1929
- “There is no reason for any individual to have a computer in their home.” – Kenneth Olsen, President of Digital Equipment Corp., 1977
- “Who the $*&@ wants to hear actors talk?” – Henry M. Warner, Warner Brothers, 1927
What do these quotes have in common? They are all quickly disproven assumptions. Of course, not all assumptions, or assumption-based reactions, are bad. They can protect you from solutions that are impractical or ill-advised. The failure to seriously consider distinctive ideas, however, is a pitfall that can discount the results of your efforts.
Highly functioning organizations employee an assumption-busting process that tries to “turn around” your assumption-driven responses (in a compliant manner, of course). This can be a way of analyzing potential solutions:
- Ask team members: How do you feel about the idea?
- Record responses/comments on flipchart or whiteboard.
- Take each comment and change it into its opposite.
- Ask and try to honestly answer: “How could we make this statement be true?”
When you feel an idea that is good, but makes you uncomfortable:
- Identify what premise, rule, or experience created your discomfort.
- Ask: Is this premise valid?” “Could I/we be wrong?”
- Consider ways to evaluate the premise; ask customers, talk to collaborators; get expert advice; see how others do it.
- Identify actions you can take to make the new assumptions work.
- Take TIME to adjust to a new way of seeing things.
Please consider leveraging the Internal Audit team to conduct an independent and objective assessment of the situation. You will find them to be an invaluable resource to you in helping you in improving the effectiveness and efficiency of your business process.
David L. Cutri, CPA, CISA, CIA
Chief Compliance Officer and Chief Audit Executive
This Month's Video
In addition to Chris’ cartoon, please check out this video, as it may have relevance.
https://www.facebook.com/share/v/1PGCjtjrX1/?mibextid=xfxF2i
This section of The Compass proactively shares key risks and emerging trends with stakeholders in regular interactions (e.g., emerging trends and key risks in the news) and explicitly discusses Internal Audit’s work within this context. The Fiscal Year 2025 Internal Plan addresses each of these topic areas. Feel free to reach out to David Cutri to learn more.
Cybersecurity
Seventy-nine percent of organizations suffered a cyberattack within the last 12 months, up eleven percentage points from 2023, and about half (47%) of all educational organizations faced unplanned expenses to fix security gaps due to a security incident, according to the latest survey by Netwrix Research Lab. While incognito hackers and dangerous malware tend to occupy our imagination when it comes to cybersecurity, one surprising stakeholder was Information Technology (IT) professionals' biggest risk to their cloud and on-premises infrastructure: company employees. IT workers in education were the loudest to report a lack of budget and understaffing as their top data security challenges.
Research Integrity
Penn State has taken the unusual step of revealing it has "indefinitely" prohibited a biomedical engineer from conducting research, after a review of her scientific papers found certain papers containing "unreliable data." Allegations that the data in dozens of scientific papers she has co-authored appeared problematic sparked the investigation into the work of [the researcher]. Penn State asked external experts to review her work, and they "confirmed the presence of unreliable data in several papers," according to a university statement. The university has alerted the scientific journals that published the affected papers, as well as the federal agency that monitors research integrity.
Student Aid Fraud
Reports indicate a surge in suspicious college applications, perpetrated by humans and bots using stolen or fabricated identities to secure federal student aid. This scheme not only defrauds institutions but also taxpayers, with incidents escalating due to the widespread availability of stolen personal data. Bad actors exploit this data to forge fake identities or manipulate existing applications, undermining the integrity of admissions processes. The dark web published billions of people's data around April 8, 2024, from a single breach of National Public Data. According to Cybersecurity Ventures, global cybercrime costs will skyrocket to $9.5 trillion United States Dollars in 2024 and $10.5 trillion by 2025.
Hazing
The former president and vice president of a Penn State fraternity where pledge Timothy Piazza fell and later died after consuming a large amount of alcohol received jail sentences Tuesday. The former president of the now-defunct chapter of Beta Theta Pi in 2017, Centre County Court sentenced the former vice president and pledge educator to two to four months behind bars, followed by three years of probation and community service. Each will be eligible for work release. They both pleaded guilty in July to 14 counts of hazing and a single count of reckless endangerment, all misdemeanors. They were the last two criminal defendants sentenced in a case that prompted Pennsylvania lawmakers to crack down on hazing.
National Security
A federal countersurveillance probe at the Camp Grayling military facility charged five University of Michigan graduates from China. A Federal Bureau of Investigation complaint filed October 1 charged [five people] with conspiracy, making false statements to investigators, and destroying records during the federal investigation. The 28-page complaint details how the complainant saw the five students at Camp Grayling, the training facility for the Michigan Army National Guard in northern Michigan. They possessed cameras near military vehicles and classified communications equipment during the Northern Strike training exercise in August 2023. A United States sergeant major found the students taking photos near classified equipment and soldiers sleeping in tents, records show.
An Audit Reveals Gaps in College Transfer System
Multiple California community college students aiming to transfer to four-year universities face systemic obstacles, with only a small percentage achieving their goals. A state audit found significant barriers, especially for Black, Hispanic, and rural students, despite reforms aimed at streamlining the process. Specifically, only 1 in 5 California community college students makes it to a university, the audit says.” This is relevant for Ohio students as well. Check out this video to learn more,
An Audit Reveals Gaps in College Transfer System
Republicans Aim to Increase Accountability
With Republicans in the majority, expect continued attacks on elite universities and more momentum behind key legislation introduced when the GOP took the House in 2023.
Read this article from Inside Higher Education to learn more.
Republicans Aim to Increase Higher Ed. Accountability
Penn State Resolves False Claims Act Allegations
Penn State University has agreed to pay $1,250,000 to resolve allegations that it violated the False Claims Act by failing to comply with cybersecurity requirements in fifteen contracts or subcontracts involving the Department of Defense or National Aeronautics and Space Administration.
Penn State Agrees to Resolve False Claims Act Allegations
If you have any suggestions, questions or feedback, please e-mail david.cutri@utoledo.edu, including suggestions for items to include in future newsletters Feel free to forward this email to your colleagues, employees. Back issues of this newsletter are available on the Internal Audit and Compliance website.
Redistribution of this newsletter, with or without modification, is permitted provided University of Toledo Internal Audit Department is listed as the source.