Being aware, mindful, and diligent are some of the expressions 15 of your colleagues used to describe our security and compliance responsibilities in behalf of the university. All were said in response to my survey about topics appearing in the Audit Update Blog and monthly Case in Point newsletter.
Mindful of Responsibilities
Survey Question - From all 35 Audit Update blog posts to date, what is one thing you learned that made the biggest impression? (Text in bold is my emphasis and text in parentheses are my additions.)
| The blog is a helpful reminder for security issues and possible pitfalls for compliance. I don't think a singular item stands out as having the biggest impression, but it is helpful to have a persistent reminder of how security and compliance are responsibilities for all of us to manage/police on and off campus. The blog helps me get topics to then share at staff meetings or via email to remind staff within our department to practice appropriate security measures like using the drop box, having strong passwords, being cautious of unexpected emails, using funds appropriately, etc. |
| Not really one thing, but a big thing I have taken from the blogs is that no university is immune from fraud, deceptive employees, or scams. The blogs are always eye-opening and serve as a reminder that it is important to be aware of how individuals are able to manipulate systems for their personal benefit or financial gain. |
| Appreciate the idea of sharing things that happen to create a fraud situation and just making a person mindful to be aware. Often it is shocking to me how many fraud situations are an ongoing problem in so many places. |
| Just seeing how prevalent the scams are, and how diligent we have to be every day! |
| I believe that separation (or segregation) of duties has made the biggest impression on me. It can be difficult with a small department, but it is massively important. |
| Love the blog! The Art of Noticing - practice paying attention was new to me and I find the idea valuable. (The Art of Noticing Part 1, Part 2, Part 3.) |
| I think the most surprising thing for me is how common fraud is in Higher Ed. I really enjoy reading both of these (blog and newsletter) and share them with others in my department. |
| The top red flags of fraud; some of them are surprising. Although some of them seem like common problems in America, i.e. financial difficulties, especially during these times. |
| I have learned a lot about security at other institutions and data security issues. That has been very interesting to me and to others in my area! |
| That well-educated individuals can be involved in fraud. One will hope that by receiving more education regarding rules and regulations there will be less chances for individuals to commit fraud. I love your articles and usually share with my staff not only to keep them apprised but so they can also learn from someone else's mistakes. I think it's important to share this information campus wide. It will bring a sense of reality and educate people as well. |
| From several of the posts, I have found it helpful to understand what WSU is doing to combat some of the issues. From the two-factor authentication to why we use the drop box. |
| I think most of it isn't new to me as a CPA that often does research and professional development outside of the university, but I did find the pcard one especially detailed. I passed that one on to the Pcard holders in our group. I have also passed certain snippets on from other sessions to the managers of the group that could benefit from the added knowledge. |
| That people who understand these things can take information about them, but people who don't understand these things have no foundation upon which to build an understanding. There is a gulf between the "haves" and "have nots" on the issue of anything technical, and with regard to cybersecurity especially. |
| I find that I read more of the detailed articles than general overviews. I can't name one specific thing. I find things interesting even though they are not necessarily applicable to my job. |
| I most appreciate how you write your blog for the reader and not yourself. You have clear headers/titles that eye-catching and the message is to the point. You invoke curiosity and offer a solution which is win-win to me. |
Composite Reader Profile
In addition to the open-ended written question, the survey included five polling questions. This composite reader profile is based on responses to the polling questions:
- Spends about 10-15 minutes reading each month's Case in Point newsletter and articles appearing therein.
- Clicks on 1 to 4 headlines in each month's newsletter to read the full article.
- Finds the newsletter's Fraud and Ethics section the most interesting, followed closely
by Compliance and Regulatory (22 responses, average ranking among the 5 sections in
parenthesis).
- Fraud and Ethics Related Events (2.14 average, ranked first by 9)
- Compliance and Regulatory Events (2.68 average, ranked first by 2)
- Information Security and Technology Events (2.95 average, ranked first by 4)
- Kevin Robinson's introductory comments (3.50 average, ranked first by 4)
- Campus Life and Security Events (3.73 average, ranked first by 3)
- Ranks the last 6 months of Audit Update blog posts (20 responses, average ranking among the 6 posts in parenthesis):
- Deposits Deceitfully Diverted in Toledo (2.65 average, ranked first by 6)
- This is Why Pcards have Protocols (3.00 average, ranked first by 7)
- Perfect Incubator for Disaster Fraud (3.30 average, ranked first by 3)
- Four Policies Essential to Data Security (3.90 average, ranked first by 1)
- Three Phish Tales (4.00 average, ranked first by 0, but second by 5)
- Hank Green's Tips for Better Video (4.15 average, ranked first by 3)
Reflecting a diversity of reader interests, all six posts were favored by some and less so by others. No reader ranked the Phish Tales post first, but it had the most second place rankings (5 of 20).
Reader comments also reflected this diversity of interests and expertise with different themes and blog posts referenced throughout. The average reader has read about half of the Audit Update blog posts with a few readers having read most or all of them.
Would you like to participate in future surveys about topics in the Case in Point newsletter or Audit Update Blog? The Audit Update Survey Group is open to anyone interested. Drop me a line anytime.