The New Era of Fraud in Higher Education

By C&U Journal Staff
Congratulations to the following 2024 award winners and new board members announced during AuditCon in Atlanta:
Outstanding Professional Contributions Award
John McDaniel is currently the Director of Internal Audit at the University of Alabama System and has 25 years of experience in higher education and academic medical center administration, compliance, and risk management. Since 2021, John has been a key member of the ACUA Professional Education Committee, contributing to the success of several AuditCon events, and currently serves as the Director of Audit Interactive. John also plays an active role on the ACUA Standards and Best Practices Committee, was instrumental in founding the ACUA Sideline Committee alongside other ACUA members and has published many articles in the ACUA journal and for other organizations. John is also a dedicated participant and leader in external Quality Assurance initiatives for fellow ACUA members and has served in leadership roles outside of ACUA.
Rising Star Awards
Jocelyn Edge joined the Duke University internal audit department in 2021 and has embraced the higher education industry. Jocelyn has already made significant contributions to ACUA by serving as presenter at several AuditCons. Serving on the Communications Committee, Jocelyn supports social media content creation, design, posting and coordination with other committees. She took the initiative to standardize social media request processes to ensure individuals and committees have a clear path to promote ACUA activities and announcements. She continues to develop innovative ways to increase content posting to reach our members across several platforms and introducing video content to help engage members.
Erin Egan is the director of audit and advisory services for Rutgers University.Erin has been an active member of ACUA for the past ten years and was a member of the second cohort of the ACUA Leads program. Erin has served in a number of roles for ACUA over the years, including: Governmental Affairs committee co-chair, ACUA Journal article author, Conference speaker and proctor, and Mentor to other members. Erin has served as the director of the Auditing and Accounting Principles (AAP) sub-committee of the Standards and Best Practices committee, which has been focused on the changes to the IIA’s International Professional Practices Framework, specifically those to the new Global Internal Audit Standards.
Please make sure to congratulate our 2024 award winners and thank them for their outstanding work on behalf of ACUA and the profession!
New Board Members
The 2024-2025 ACUA Board of Directors officially assumed their new roles at AuditCon and thanked Melissa Hall, Emory University for her prior role as past-president. The 2024-2025 Board of Directors are:
ACUA thanked Deidre Melton for her past service as a board member and welcomed Amy Kozak in her new role. The Board Members-at-Large are:
ACUA committee chairs and sub-committee directors were also celebrated at AuditCon.
As stewards of federal funding, institutions of higher education must play a role in protecting the security and integrity of the research enterprise. Maintaining an open and collaborative research environment is critical to fostering research discoveries and innovations that benefit the United States and the world. Simultaneously, this open environment must be balanced by guardrails that protect intellectual capital and prevent deceptive practices, foreign government influence, theft of research data, and unwanted knowledge transfer. Over the past few years, federal agencies have issued multiple guidance documents intended to support ongoing efforts to keep international research collaboration both open and secure.
In December 2019, the National Science Foundation (NSF) released a report by the independent science advisory group JASON titled “Fundamental Research Security.” The report identified the need for a robust, coordinated approach to strengthen the integrity and security of the United States research enterprise by highlighting threats to basic research posed by foreign governments, which have taken actions that violate the principles of scientific ethics and research integrity. On January 14, 2021, the National Security Presidential Memorandum-33 (NSPM-33) was issued, which directs a national response intended to improve research security efforts at federal agencies. Approximately one year later, on January 4, 2022, the Office of Science and Technology Policy (OSTP) issued “Guidance for Implementing NSPM-33 on National Security Strategy for United States Government Supported Research and Development” (NSPM-33 Guidance). The NSPM-33 Guidance aims to clarify requirements for federally funded researchers, set best practices at federal agencies to strengthen research security, and offers direction on five major areas of research security addressed by NSPM-33: disclosure requirements and standardization, digital persistent identifiers, consequences for disclosure requirement violations, information sharing, and research security programs at federally funded research institutions.
In March 2023, OSTP requested public comment on the “DRAFT Research Security Programs Standard Requirement” (Draft Memorandum), prepared by the Interagency Working Group on Research Security Programs. The requirement applies to any research organization whose component parts receive at least $50 million in Federal science and engineering support annually in the aggregate. As of March 2024, the final research security program requirements have not been published. However, as per the Draft Memorandum, covered research organizations will need to certify they maintain a research security program which meets the requirements for foreign travel security, research security training, cybersecurity, and export control training. Additionally, they must:
The National Institute of Standards and Technology (NIST) released further guidance in August 2023 entitled “Safeguarding International Science Research Security Framework,” which establishes a set of recommended best practices and a methodology for implementing a risk-balanced, institutional research security program that addresses the requirements of NSPM-33. Additionally, the NSF has developed resources to enhance research security practices and implement research security provisions of the CHIPS and Science Act of 2022, including:
As research focused institutions of higher education await the final research security program requirements, institutions should assess their current processes against the research security provisions and guidelines outlined in the aforementioned documents and implement best practices to strengthen and protect the security and integrity of the research enterprise. The Subcommittee on Research Security under the National Science & Technology Council Joint Committee on the Research Environment recommends the following practices for research institutions to effectively address threats to research security and integrity:
Internal audit functions within research focused institutions of higher education can help improve the organization’s research security posture by providing management and the board with independent and objective assurance on governance, risk management, and controls pertaining to research security. This includes assessing the overall effectiveness of the institution’s research security program to ensure compliance with all applicable federal laws, regulations, rules, and directives. Focus areas for internal audit may include:
In addition to guidance provided by federal agencies, the Council on Governmental Relations (COGR), an association of research universities, affiliated medical centers, and independent research institutes, has developed a Science and Security webpage to provide resources and analysis to assist member institutions in navigating requirements in this area. The webpage provides links to statues, regulations, and other sources of legal requirements related to science and security, including links to federal research agency policy and guidance. Two recently updated COGR publications contain useful information regarding federal research security requirements:
As the timeline for issuance of final research security program requirements is uncertain, research focused institutions of higher education should continue to engage with institutional leaders to determine how the new requirements may impact current processes and procedures and ensure appropriate steps are taken to protect the security and integrity of the research they conduct.
The mission of the National Science Foundation (NSF) Office of Inspector General (OIG) is to provide independent oversight of NSF to improve the effectiveness, efficiency, and economy of its programs and operations, and to prevent and detect fraud, waste, and abuse. That mission extends to overseeing the 11,000 grants, cooperative agreements, and contracts that NSF awards annually to more than 2,000 colleges, universities, and other institutions. These awards fund basic and applied research; support science, technology, engineering, and mathematics (STEM) education; and help strengthen the U.S. research enterprise.
We conduct audits and reviews of NSF’s award recipient organizations to ensure they follow applicable federal regulations and NSF terms and conditions, and that costs claimed on NSF awards are allowable, reasonable, allocable, and necessary to complete award objectives. Through this work we’ve had the opportunity to identify areas of elevated risk that are common to managing federal awards, as well as trends and practices that can help enhance stewardship of federal funds.
We regularly contract with independent public accounting firms to conduct audits of NSF award recipients on our behalf. In 2022, we published a capstone report, Promising Practices for NSF Award Management, which cataloged our contractor’s observations of award recipients’ control weaknesses and strengths over a 3-year period. The report includes the 5 most frequent finding categories we identified, 46 distinct examples of our most common findings, and promising practices we observed to strengthen controls within those areas. We believe this report will provide a strong foundation for any college or university auditor to develop a risk assessment or audit program related to their institution’s federally funded award portfolio.
The most common audit finding categories at the institutions we audited included:
The report identified the following promising practices that could help decrease the likelihood of recipient non-compliance with federal and NSF criteria, as well as improve the stewardship of federal funds:
We hope our Promising Practices for NSF Award Management report will serve as a valuable tool as you evaluate your institution’s federally funded award portfolio. If you have questions, please feel free to reach out to us at OIGPublicAffairs@nsf.gov. Our audit reports of NSF funded institutions can be found on our website.
To report research misconduct or other forms of fraud, waste, abuse, or whistleblower reprisal, please contact us by: