RISKS | CONTROLS | COMPLIANCE ALERT

Volume 4 | Issue 1 | January – March 2023

“Lock it down, ensure compliance, and segregate your
duties to minimize threats and maximize effectiveness”

IN THIS ISSUE

GETTING AHEAD OF THE CURVE:
NEW YEAR, SAME THREATS!

RECENT SUCCESS:
COMPLIANCE WITH RESEARCH TRAINING AND POLICY DEVELOPMENT RESULTED IN NO ADVERSE AUDIT FINDINGS FOR ORED.

INTERNAL CONTROL:
ARE INCOMPATIBLE DUTIES SEGREGATED?

GETTING AHEAD OF THE CURVE – NEW YEAR, SAME THREATS!

As the new year begins, cybersecurity remains a top concern for academic institutions. In 2022, more than 200 government, education, and healthcare organizations in the United States fell victim to ransomware alone. Forty-four (44) universities and colleges were among the group impacted (www.emsisoft.com). According to Tech Republic, cyber threats facing organizations in 2023 include ransomware, phishing, supply chain vulnerabilities, and cloud security.

At FIU, the IT personnel in each business unit play an important role in configuring and maintaining secure systems that impact the University’s cybersecurity posture. However, all employees (i.e., executive management, faculty, and staff) and students play a vital role in cyber defense whether it involves adhering to or assisting in the enforcement of security policies, timely notifying IT of any security/configuration issues, or maintaining awareness about cyber threats through annual security awareness training.

Check out our website to find out about the steps that business units can take to play their part in keeping FIU safe.

Read More

Back to the top

RECENT SUCCESS –

COMPLIANCE WITH RESEARCH TRAINING AND

POLICY DEVELOPMENT RESULTED IN NO

ADVERSE AUDIT FINDINGS FOR ORED

In a recently published internal audit report that focused on the processes the Office of Research and Economic Development (ORED) has implemented to ensure compliance with research training and policies, it was noted that for FY 2021, FIU received more than $310 million in awarded research funding, submitted 107 invention disclosures, and filed 74 U.S. patent applications. These achievements help FIU to maintain its R1 status.

The audit report also highlighted a few additional achievements. For one, the auditors reported no adverse findings. This is a commendable achievement and speaks to the efforts the staff of ORED, the Office of Compliance and Integrity, the Office of the General Counsel, faculty, and researchers have put into ensuring compliance with training and policy development requirements. At the time of the audit, ORED had 57 research-related policies, and the auditors specifically reported that ORED has effective process controls for creating and maintaining research-related policies and ensuring research-related training is adequate and completed timely.

Read more to learn about how our auditors came to these conclusions.

Read More

Back to the top

INTERNAL CONTROLS –

ARE INCOMPATIBLE DUTIES SEGREGATED?

 

Introduction

Effective management is enhanced by sound internal controls. Sound internal controls include practical, situational, and effective control activities. Control activities are the actions management has established through policies and procedures to achieve its objectives and respond to risks in the internal control system.¹ Segregation of duties is an important control activity that each business unit of FIU should make every effort to implement into its operations and workflows.

What is Segregation of Duties?

Segregation of duties is a basic building block of sustainable risk management. The principle is founded on the concept of shared responsibilities of key tasks of an organization’s critical processes or functions among multiple individuals or departments.² At its core, proper segregation of duties is designed to prevent one individual from having total control over a transaction or process.

This includes separating the responsibilities for the following functions:³

Read more to learn about how to effectively separate your unit’s responsibilities.

Read More

Back to the top

OTHER RESOURCES

ABOUT US

The FIU Office of Internal Audit serves as an independent appraisal function for the University. Our audits of the University’s colleges and departments evaluate financial processes, internal controls, and compliance with laws, rules, and regulations with a view toward ensuring that services are appropriately delivered in the most efficient and economic manner possible. Our Office is also responsible for conducting investigations for all allegations of fraud, waste, abuse, and whistleblower complaints.

Back to the top