September 14-17, 2020

Virtual Edition


Program

ConferCPERegistry_logo.jpgence participants are eligible to receive a maximum of 19.2 CPE credit hours. The Association of College and University Auditors (ACUA) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE sponsors. State boards of Accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the  National Registry of CPE Sponsors through its website: www.learningmarket.org.

To download a printable version of the program please click here
 

All times listed below are in EST. 

Monday, Sept. 14

Tuesday, Sept. 15

Wednesday, Sept. 16

Thursday, Sept. 17

12:30 PM - 12:55 PM
Welcome and Opening Comments
1:00 PM - 2:00 PM
Keynote: Liar, Liar, Pants on Fire
Presenter(s): Traci Brown, Traci Brown, Inc. 

 
2:00 PM - 2:30 PM
Break
2:30 PM - 3:45 PM
A1: How To: Performing Information Technology (IT) Risk Assessments at Colleges and Universities
Presenter(s): Katie Bumgardner, University of Oregon
Meghan Senseney, Baker Tilly 
Information Technology (IT) risks are an inherent part of any institution and may impact the ability of Colleges and Universities to conduct operations in support of its mission. These risks require continual assessment followed by the creation and modification of IT risk management plans. Collaboration among Internal Audit and the IT function is critical to monitor and mitigate an institution’s unique risks. This session will share the typical IT and cybersecurity risks that institutions face, and how Internal Audit can serve as a resource by performing IT risk assessments. Baker Tilly, an accounting and advisory firm with a specialized focus in serving higher education institutions, has been engaged by many College and University Internal Audit functions to conduct institution-wide IT risk assessments in conjunction with them. During this session, Baker Tilly will co-present with an Internal Audit team member from the University of Oregon, who have been working together since 2015 to continually assess, monitor, and mitigate the institution’s IT risks.

After this session, participants will be able to:
  • Learn about all of the specialized IT and cybersecurity risks prevalent in higher education, reviewing the various IT and cybersecurity requirements applicable to higher education institutions
  • Explain how to execute an IT risk assessment, including standard definitions of risk likelihood and impact
  • Provide potential approaches and templates for assessing IT risks at Colleges and Universities, including how to prioritize future internal audits and advisory assessments

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Information Technology
Prerequisites: None
2:30 PM - 3:45 PM
B1: Foreign Influence Risks and Responses
Presenter(s): Trey Atchley, University of Texas at Dallas
Toni Stephens, University of Texas at Dallas 
Seemingly routine audit findings may actually be indicators of a much more significant problem.  Why and how are foreign nations targeting your classified, controlled, or fundamental research programs, and what can you do about it?  In this session you will learn about one such audit that identified potential foreign interests and influence, the red flags to watch for in your audits and how to respond, and the management and technical controls to consider for improved prevention and detection of foreign influences in research.

After this session participants will be able to: 
  • Identify red flags during audits that may indicate inappropriate foreign influence and conflicts of interest in research activities
  • Understand the current regulatory environment and Federal directives related to State-sponsored efforts
  • Discuss options to identify and mitigate ongoing misconduct and defer future misconduct in fundamental research areas

Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:30 PM - 3:45 PM
C1: KRI's and the Use of Predictive Analytics in ERM
Presenter(s): Michael Bowers, Brown University 
3:45 PM - 4:15 PM
Break
4:15 PM - 5:15 PM
A2: Ensuring You Have the Right Stuff... and Ways to Get it When You Don't
Presenter(s): J. Michael Peppers, University of Texas System
The continually-expanding risks facing our institutions may call on internal auditors to perform work in areas or on topics for which they don’t have specific expertise on-hand. Often, it doesn’t make sense or isn’t possible to hire staff to address very specific audit competencies. There may also be times a department finds itself in need of temporary staff augmentation due to turnover or a short-term increase in workload. This session will explore options to consider when it is necessary to supplement or complement your audit team.  We’ll look at ways to assess the collective skills of the current staff and map that against the requirements of your audit plan, cover options that may be available to fill any gaps, review the methodology and tools used by The University of Texas System for the last four years to procure and establish master services agreements, and share lessons-learned for overseeing the work done by others – both technically and administratively.

After this session participants will be able to:
  • Assess conformance with professional standards concerning proficiency
  • Apply best practices for obtaining supplemental auditing resources
  • Utilize effective techniques to manage co-sourced engagements

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Audit Skills
Prerequisites: None
4:15 PM - 5:15 PM
B2: Culture, Campus and Cybersecurity: Managing Your University's Organization and Operational Risk
Presenter(s): Rob Belk, EY
Tasha Youngblood Brown, Princeton University
James Land, EY
 
4:15 PM - 5:15 PM
C2: Auditing Intellectual Property Processes - Identifying Best Practices from Invention Disclosure to Royalty Distributions
Presenter(s): Melissa Hall, Georgia Institution of Technology 
Research Universities often can change the world with inventions developed on their campus. However, as opposed to intellectual property processes in corporate America, this environment can present challenges for both protecting the interest of the University, as well as adequately compensating inventors.  In this session, we will explore best practices of Intellectual Property management as gathered from your peers and develop proposed audit programs that you can implement on your campus.

After this session, participants will be able to:
  • Identify best practices for each critical step of the Intellectual Property Process
  • Evaluate intellectual property risks and related scope perspectives for audit impact
  • Develop appropriate audit program steps to implement

Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
5:30 PM - 6:30 PM
Optional Networking Activity - Virtual Line Dancing
Since ACUA couldn't go to San Antonio this year, San Antonio is coming to ACUA. Grab your boots and get ready to boot, scoot and boogie! Join your fellow colleagues and bring your families for a virtual line dancing party - an instructor will walk you through two line dances and by the end of the event you will be able to line dance just like a true Texan. Western wear strongly encouraged! 

 
11:00 AM - 12:00 PM
Optional Roundtable: CAEs
Presenter(s): Kim Turner, Texas Tech University & Justin Noble, Virgina Tech
11:00 AM - 12:00 PM
Optional Roundtable: Diversity and Inclusion
Presenter(s): Diedre Melton, Florida Agricultural and Mechanical University
11:00 AM - 12:00 PM
Optional Roundtable: ACUA Resources
Presenter(s): Kara Kearney-Saylor, University of Buffalo
11:00 AM - 12:00 PM
Mentorship Program Session (Registration Required)
To participate please register for the session when completing your online registration. 
1:00 PM - 2:00 PM
Keynote Session: Auditors as Superheroes! Empowering Yourself by Empowering Others
Presenter(s): Kevin Crenshaw, Neverboss
With limited power and authority, it’s tempting to feel unappreciated. But auditors have a hidden superpower: influence. How you see and use your influence determines your leadership and legacy. And the best influencers—like the best superheroes—leave a trail empowerment behind them. Join us for a fun, interactive keynote session. You'll walk away with simple tools of empowering leadership to start using today.
2:00 PM - 2:30 PM
Break
2:30 PM - 3:45 PM
A3: You Don't Know What You Don't Know, and What You Don't Know Can Be Challenging
Presenter(s): Gemma Rinefierd, SUNY
Joseph Storch, SUNY
Don Temple, SUNY
 
Key Information Auditors and Compliance Professionals Must Know to Ensure Compliance with the Cleary Act, Title IX, and Related Obligations.

The Clery Act, Title IX, and related State laws are complex and the current administration has changed longstanding approaches. The level of training across campuses is not consistent, but there are important concepts that can aid colleges and universities not only in complying with the laws, but in exceeding compliance to better serve students. In this presentation, an auditor seasoned in Clery Act and related audits, a Director of a major training and policy development program aimed at aiding college compliance in this area, and an attorney and seasoned trainer in Clery Act, Title IX and related obligations will present key information on the Clery Act and Title IX that is directly relevant to auditors and compliance professionals. This session will specifically concentrate on how auditors and compliance professionals can help colleges and universities meet their obligations. The speakers will cover changing and new requirements of the laws, including up-to-the-minute analysis of the status of Title IX regulations (and any litigation that ensues) as well as cases that impact the national and regional landscape. They will discuss programs and resources developed by SUNY that are free or low cost and aid institutions in meeting compliance obligations and, ultimately, exceeding those minimal obligations to best promote safety and success of our students.

After this session, participants will be able to:
  • Understand the core elements of the Clery Act, Title IX, and related obligations to be able to ensure compliance or conduct an audit.
  • Understand the changing landscape, new obligations, and relevant court decisions that can impact compliance.
  • Learn about free and low cost resources to assist colleges in meeting their obligations under these laws

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
2:30 PM - 3:45 PM
B3: It Ain't Agile - or Is It?
Presenter(s): Justin Noble, Virginia Tech 
Kim Turner, Texas Tech University
"Agile" is the new buzzword in auditing, but what does it really mean? In this session, participants will learn it’s not rocket science – it’s a series of adjustments that can lead you to more efficient, more impactful, and more value-added work.  The agility mindset can be used to improve how you approach your annual audit plan, how you respond to requests for audits, and how you perform your work every day.   Agile starts with your team, so we will discuss recruiting and developing auditors to facilitate increased agility. Through discussion about real life case studies, you will brainstorm techniques that you can implement right away.

After this session, participants will be able to:
  • Identify new techniques for introducing agility into your audit function
  • Recognize the key qualities of agile auditors and ways to recruit and grow team members
  • Discuss real life case studies that benefitted from agile techniques
  • Describe techniques you can adopt on your next project

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:30 PM - 3:45 PM
C3: Cybersecurity and IT Audit in Higher Ed
Presenter(s): Lesia Ervin, Mississippi State University
Johnny Sanders, BKD

In the world of information security and cybersecurity in higher education, major concerns and gaps exist. This session will describe MSU’s co-sourcing relationship with BKD for IT Audits. Requirements of the DOE and the released dear colleague letters will be discussed in detail. We will touch on what GLBA means for an institution and discuss the security requirements of NIST 800-171, and the changes relating to CMMC and even GDPR. We will also discuss risk assessments and establishing internal audit programs in order to assess compliance, and even more importantly, security.

After this session, particpants will be able to:
  • Describe the requirements of GLBA in relation to the DOE and the dear colleague letters.
  • Develop an IT audit partnership program.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing, Information Technology
Prerequisites: None
3:45 PM - 4:15 PM
Break
4:15 PM - 5:15 PM
A4: Giving Leadership Value from Transition Audits
Presenter(s): Julia Hann, University of North Florida
Robb Hartman, Colorado State University System
Winning over your leaders, can be as simple as offering a transition audit during high profile turnover.  Presidents and Chancellors want to give their executives the best start.  With our hands-on approach and experience, we have found transition audits are beneficial, low hour projects which can provide maximum value to your leadership team.  Transition audit work plans can show benefits through confirmations of: budgets; salaries; human resource compliance; IT security risks; and environmental health and safety standards.

After this session, participants will be able to:
  • Understand the value of a transition audit.
  • Learn how to develop a transition audit program
  • Identify risks for a transition audit

Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
4:15 PM - 5:15 PM
B4: Lessons Learned from Two Travel Investigations
Presenter(s): Christine Croskey, Portland State University 
In this session, PSU Internal Audit will present two investigations conducted involving possibly fraudulent travel reimbursement schemes. We will explain how the allegations came to Internal Audit, the investigation scope, what investigative procedures we performed to substantiate the allegations, and what control gaps existed at the time that allowed the fraudulent activity to occur. Additionally, we will discuss our interactions with General Counsel and Faculty and Staff Unions during investigations.  Attendees will leave with a better understanding of control gaps that can lead to travel fraud and abuse as well as best practices for working with General Counsel and unions during these investigations.

After this session, participants will be able to:
  • Identify control weaknesses that could be exploited by employees for personal gain.
  • Apply audit procedures to travel investigations.
  • Identify best practices for working with law enforcement, General Counsel, and faculty/staff unions.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
4:15 PM - 5:15 PM
C4: Auditing University Police Departments
Presenter(s): Charlie Hrncir, Texas A&M University System
Auditing law enforcement can be a challenge.  First responders are not focused on internal controls or other audit related issues creating client relations and communication challenges for auditors.
The backbone of this presentation will be to share experience auditing both statewide law enforcement organizations like the highway patrol, game wardens, prisons, and several university police departments.
Auditors do not have to have deep knowledge of criminal law enforcement techniques to provide valuable audit services to their institutions police departments in the areas of inventory control of firearms, vehicles, revenues, evidence inventory and related information technology.

After this session, participants will be able to:
  • Perform a basic audit of a university police department

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
1:00 PM - 2:00 PM
Keynote Session: Nine-Step Success Process
Presenter(s): Stedman Graham, S. Graham & Associates
IDENTITY LEADERSHIP IS SELF-LEADERSHIP BASED ON THE PHILOSOPHY THAT YOU CANNOT LEAD ANYONE UNTIL YOU FIRST LEAD YOURSELF.

As we move through the 21st Century, continuing to deal with the pandemic crisis, job losses, lifestyle changes, and even starting over, we must know that our greatest strength is going to be found within us.

"LEADERSHIP IS EVERYTHING"

ACUA is excited to sponsor the Stedman Graham Identity Leadership 60 minute session focusing on his Nine Step Success Process®
  1. Check your ID
  2. Create your vision
  3. Develop  your travel plan
  4. Master the rules of the road
  5. Step into the outer limits
  6. Pilot the seasons of change
  7. Build your dream team
  8. Win by a decision
  9. Commit to your vision
2:00 PM - 2:30 PM
Break
2:30 PM - 3:45 PM
A5: Visitors on Campus: How to Follow the Rules While Being Collegial and Inclusive
Presenter(s): Monika Cami, University of Michigan
Asel Solovyeva, University of Michigan
University of Michigan (UM) welcomes visiting scholars, visiting graduate students, post-docs, visiting observers, and others for research, guest teaching, clinical observation, and other forms of collaboration.  While it is important to maintain an open environment where collaboration and exchange of information and knowledge are encouraged, there is also a need to be aware of the risks associated with visitors, especially in the light of new NIH regulations around Conflict of Interest/Commitment and Foreign Influence implications. How should one find the right balance?  University of Michigan Audit Services department dived into the processes related to visitors to campus, including how UM welcomes, supports, hosts, and protects visitors as well as how UM protects the university community, assets, and brand while collaborating with visitors.  The review was broad and included both domestic and international visitors, visiting researchers, students, and faculty (with Michigan Medicine in scope as well).

After this session, participants will be able to:
  • Learn about the current governance structure associated with key visitors, existing policies and procedures, training, access, tracking, onboarding/offboarding, and payment arrangements at the University of Michigan.
  • Understand how the processes for visitors are handled at other Universities, based on benchmarking.
  • Recognize certain data analysis techniques that could be applied to the visitor information, considering many risks associated with this category.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:30 PM - 3:45 PM
B5: Spur Your Investment in Cybersecurity: Internal Audit's Role in Incidents and Breaches
Presenter(s): Mike Cullen, Baker Tilly
Goli Trump, Montgomery College
Cyber risks are an inherent part of any institution and can impact the ability of colleges and universities to conduct operations in support of its mission. These risks require continual identification, assessment, and monitoring. Every institution must manage cyber risks, handle cybersecurity incidents and inevitably deal with a data loss or breach event. Per the 2019 “Cost of a Data Breach Report” study conducted by the Ponemon Institute, the average total cost of a data breach in the education industry is $4.77 million. Could your institution afford this?
The cyber-criminal threats influencing academia are coming from adversaries that are financially motivated. Auditors must engage before, during, and after cybersecurity incidents and/or breaches to help the business get back up and running and effectively assess what happened, why it happened, and how to prevent it in the future.

After this session, participants will be able to:
  • Understand how auditors can get a seat at the table and engage with cybersecurity stakeholders.
  • Make the case for performing cybersecurity related audits or reviews.
  • Implement potential approaches for getting involved in post-breach remediation activities.

Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in risk-based audit planning
2:30 PM - 3:45 PM
C5: What's Up with Accounting Standards Setters?
Presenter(s): Sue Menditto, NACUBO
This session provides a high-level review of key FASB and GASB projects. Special attention will be given to standard setter response to the Coronavirus Aid, Relief, and Economic Security Act and the accounting and reporting impact for colleges and universities. Important horizon topics will also be reviewed such as revenue and expense recognition for public institutions and financial responsibility for private institutions.

After this session, participants will be able to:
  • Explain accounting and reporting for higher education related provisions of the CARES Act.
  • Describe how future revenue and expense recognition might impact financial statements.
  • Define financial responsibility considerations and risks

Knowledge Level: Update
Advanced Preparation: None
Field of Study: Accounting
Prerequisites: None
3:45 PM - 4:15 PM
Break
4:15 PM - 5:15 PM
A6: Performing a Data Security Audit - Highlighting Unique Challenges in Graduate Medical Education
Presenter(s): Carolann Lazarus, University of Buffalo, SUNY
This session will walk you through the execution of a typical Data Security Audit highlighting recent experiences performing this review.  We’ll look at objectives, risks, controls, tests, findings and recommendations.  We will use specific examples focusing on our audit of the Office of Graduate Medical Education.  This area had unique challenges, such as student health care data, regulated private data, and data sharing with outside entities.  We’ll share our audit process including audit planning and execution.  Additionally, we'll promote group discussion to share best practices and learn from each other.

The University at Buffalo Internal Audit Department consists of 6 auditors, with one IT auditor.  We are a research university with a medical school, but not a teaching hospital.  While our experience will not be identical to yours, the basics of a data security audit remain the same and we’ll provide knowledge that you can use to enhance your reviews.

After this session, participants will be able to:
  • Construct a basic data security audit plan for a department/operation/entity.
  • Identify and manage data security concerns that always pop-up.
  • Analyze and improve your data security audits by utilizing our experience.

Knowledge Level: Basic
Advance Preparation: None
Field of Study: Auditing
Prerequisites: None
4:15 PM - 5:15 PM
B6: Collaborate with Research to Successfully Advance Export Control Monitoring
Presenter(s): Laura Buchhorn, University of Texas at San Antonio
Michelle Stevenson, University of Texas at San Antonio
Export Control Laws are the series of regulations over the flow of information, technology, and commodities internationally and to foreign nationals in the U.S. for the purpose of protecting national security and trade. Predominately, Export Control regulations are administered under three agencies:
  • The Department of Commerce's Export Administration Regulations (EAR).
  • The Department of State's International Traffic In Arms Regulations (ITAR).
  • The Treasury Department's Office of Foreign Assets Control (OFAC).

Learn how Internal Audit collaborated with Research Integrity to gain an understanding of how Export Controls Regulations are communicated to faculty and staff and how activities with foreign parties are monitored for ongoing compliance.  Discover how to uncover tools and reports available within an accounting system that could help monitor transactions with foreign parties, including foreign travel, purchases from foreign vendors, and export-controlled commodities.  Gain a current update on the foreign influence issues higher education institutions are asked to address.

After this session, participants will be able to:
  • Refresh their understanding of Export Controls Regulations (EAR, ITAR, OFAC).
  • Gain an understanding of current events with foreign influence in research.
  • Learn a successful approach to auditing Export Controls in higher education. 

Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: Experience in Research Compliance
4:15 PM - 5:15 PM
C6: The Art of Indentifying Vendor Fraud
Presenter(s): Kara Hefner, University of North Carolina - Chapel Hill
Vendor greed and lax internal controls are a recipe for fraud. While goods are subject to the three-way match, invoices from service vendors with open purchase orders are often not reviewed to verify that the services were actually performed and billed in accordance with the contract. Inadequate vendor performance may also result in reputational risk and lost opportunity costs to your organization. Internal Audit can play a critical role in vendor fraud detection and prevention through risk-based audits and internal control reviews. The speaker will review case studies from personally performed service vendor audits that resulted in over $5M in fraud recoveries and mitigated reputational risk.

After this session, participants will be able to:
  • Design risk-based audit plans around critical vendor contract terms.
  • Implement proven audit techniques from case studies that identified significant fraud from different service vendor contracts.
  • Critique internal controls and perform vendor master file audits to proactively mitigate vendor fraud.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
5:30 PM - 6:30 PM
ACUAdemy Awards & Networking
Join us for a celebration to honor the 2020 ACUA award winners. Once we have honored the ACUA celebrities, mix your ACUA signature mocktail or cocktail and get ready for some speed networking!

Download recipes for an ACUAtail - The Critical Risk, The Fraudster or The Risk Adverse
 
What is speed networking? Attendees will be put into random breakout rooms into small groups for discussions. Worried you won't have anything to talk about? Icebreaker questions will be provided to help start the conversation. After 15 minutes you will be put into a new group for more networking! 
11:00 AM - 12:00 PM
Optional Roundtable: Small Shops
Presenter(s): Small Shops - David Terry, Portland State University and Christine Croskey, Portland State University

 
11:00 AM - 12:00 PM
Optional Roundtable: IT
Presenter(s): Barry White, John Hopkins University
11:00 AM - 12:00 PM
Optional Roundtable: COVID-19
Presenter(s): Toni Stephens, University of Texas at Dallas
12:30 PM - 12:55 PM
Officer Transition & Closing Comments
1:00 PM - 2:00 PM
General Session: Strengthening Defenses - How the University of California is Addressing Admissions Fraud Risk
Presenter(s): Peter Cataldo, University of California
Matthew Hicks, University of California
Derek Sinutko, University of California
This session will address how the University of California system (UC) responded to the national admissions scandal by performing audits of its admission process at nine campuses and the system-wide office.  Deputy Audit Officer Matt Hicks, Associate Audit Director Peter Cataldo, and Principal Auditor Derek Sinutko will discuss how UC developed a two-phased system-wide approach for assessing the design and operating effectiveness of internal controls in the admissions process. The co-presenters will discuss how UC developed a system-wide program, including an initial process walk-through questionnaire, and coordinated the audit with nine campus internal audit departments.  They will provide an overview of why they developed this approach and the challenges and successes UC encountered as part of the audits.  The session will conclude with an interactive survey and group discussion on other institutional approaches and strategies for addressing admissions vulnerabilities and a general discussion about the significant issues that UC identified.

After this session, participants will be able to:
  • Summarize how the University of California system responded to the national admissions scandal and attain information on how to engage and coordinate activities with multiple stakeholders, including admissions personnel, faculty, the Board, and external agencies.
  • Discuss the process utilized to develop a systemwide audit program and the methodology and mechanisms used to identify and assess admissions risks in a multi-campus environment.
  • Explain the significant issues and recommendations identified in the UC admissions audits, including controls addressing athletics and other non-standard admissions.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:00 PM - 2:30 PM
Break
2:30 PM - 3:45 PM
A7: Strategic Academic Program Reviews: Assessing Institutional Programs for Overall Success
Presenter(s): Kimberly Macedo, Baker Tilly
 
As colleges and universities continue to face the challenge of offering competitive and relevant programs to meet enrollment goals, retain students, and prepare students for success post-graduation, the need for strategically evaluating existing courses and program offerings has become more essential. Internal audit can assist with this important process, by helping evaluate the current process for assessing course and program offerings, assessing how new courses and programs are established, and understanding decision factors for sunsetting courses or programs that are no longer advantageous to provide. In this presentation, we will share experiences and perspectives on how internal audit can assess the academic program review process to provide considerations for adding value to enhance program transparency, relevancy, and overall value.

After this session, participants will be able to:
  • Learn how to evaluate program review processes and enrollment data to define and measure success for new and existing programs.
  • Share leading practices for curriculum development procedures.
  • Offer ideas for how to establish a strategic framework for program evaluation decision-making, including measurable evaluation criteria, definitions for program relevancy, marketability, and transferability, and pathways for students to reach their goals.

Knowledge Level: Overview
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
2:30 PM - 3:45 PM
B7: Using CIS Benchmarks and Tools to Audit Security Compliance
Presenter(s): Rodney Almaraz, University of Texas System 
Rene Herrera, University of Texas at Dallas
CIS (Center for Internet Security) is a non-profit entity that publishes standards and best practices for securing IT systems and data. CIS benchmarks for the secure configuration of a system are available for more than 100 technologies including Windows, Linux, OS X, and Solaris as well as IOS and Android. CIS benchmarks are free to download and thus are available to use for your IT audits. Additionally, CIS offers tools that can be used to automate the compliance checks. This session will introduce you to the CIS reference material and tools available as well as discuss a case study of an audit project that utilized the CIS benchmarks.

After this session, participants will be able to:
  • Identify the CIS benchmarks that are available to use for IT technical auditing and how they can be leveraged as audit criteria.
  • Understand how the benchmarks can be used to determine where the security settings can be found for various operating systems and how the available tools to can automate compliance testing.
  • Discuss the practical use of the benchmarks and tools and lessons learned from an audit project.

Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: Experience in IT Auditing
2:30 PM - 3:45 PM
C7: High Impact Student Financial Aid Audits
Presenter(s): Tracey Sadler, Texas A&M University System
There's no denying that student financial aid (SFA) audits are complex and exhausting, and it seems like we rarely do enough during these audits. What if you could add value to the entire SFA process by efficiently identifying major risks and effectively improving operations for your university?

Texas A&M University (TAMU) System Audit teams completed 7 SFA operations audits since 2018 covering the entire umbrella of federal financial aid from the Program Participation Agreement through awarding through R2T4 and exit counseling. Learn how to use data analytics coupled with traditional audit techniques to stop wasting time on eligibility and start making a difference in SFA operations.

After this session, participants will be able:
  • Understand common financial aid terms and concepts.
  • Learn about common audit issues noted by the Department of Education and TAMUS.
  • Recognize how to use data analytics coupled with traditional audit techniques to improve audit efficiency.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Specialized Knowledge
Prerequisites: None
3:45 PM - 4:15 PM
Break
4:15 PM - 5:15 PM
A8: Robotic Process Automation
Presenter(s): Mark Bednarz, PKF O'Connor Davies
Robotic Process Automation (RPA) allows institutions to automate processes and free up employees to focus on more student centric activities. We will discuss the benefits and risks associated with implementing RPA and how Internal Audit can get involved in the project management and post implementation phases.

After this session, participants will be able to:
  • Understand risks and rewards of implementing RPA.
  • Understand the basics of RPA technology and some of the key providers.
  • Pinpoint areas where Internal Audit can focus their attention as it relates to governance and controls

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Information Technology
Prerequisites: None
4:15 PM - 5:15 PM
B8: Academic Audits: Boldly Go Where Few Have Gone Before
Presenter(s): Aletha Karls, Vanderbilt University
Bruce Weisman, Vanderbuilt University
Have you ever been told to “stick to auditing administrative divisions” or “stay out of academics”?  We’ve heard those comments, too.  We are here to tell you that auditing academics is possible!  Learn how we approached our audits in academics – the grade change process and a degree program review. We will discuss:
  • Obtaining support from academic deans and administrators while still respecting academic freedom.
  • Building relationships and trust with academic personnel.
  • The far-reaching effects of grade changes and associated risks.
  • Degree program approvals and related academic controls (admissions, degree requirements, etc.)
  • Results from our audits…and things that may be happening at your institution too.

After this session, participants will be able to:
  • Identify opportunities for relationship development with those in academic administration.
  • Explain how auditing grade changes impacts multiple areas within academics including financial aid, international students, accreditation, etc.
  • Describe accreditation risks associated with creating degree programs including, program approval, admissions, oversight, awarding degrees.

Knowledge Level: Basic
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
4:15 PM - 5:15 PM
C8: Using Data to Identify High Risk Sponsored Research Activity
Presenter(s): Christine Heise, University System of New Hampshire
Every year hundreds of thousands of sponsored research expenditure transactions are processed at our institutions. With the spending of grant funds comes the responsibility to comply with Uniform Guidance and sponsor requirements. Being able to identify high risk areas can help an auditor target transaction areas that may need in-depth review. This presentation will share trends in research expenditure non-compliance, present data analytics techniques for auditors to identify high-risk transactions, and discuss the role of data analytics in continuous monitoring. In addition, the presentation will cover best practices for Uniform Guidance compliance.

After this session, participants will be able to:
  • Identify trends in research expenditure non-compliance.
  • Implement sponsored research data analytics tools and techniques.
  • Discuss Uniform Guidance compliance best practices.

Knowledge Level: Intermediate
Advanced Preparation: None
Field of Study: Auditing
Prerequisites: None
Track A
Track B
Track C