Purdue University Mark

Purdue University

Internal Audit Office

Tip of the Month


January 2015

Data security technology on its own is not enough to ensure an optimized balance of access and security.  A data security methodology that can be utilized to help optimize data security processes and minimize impact on business operations consists of:

  • Data classification
  • Discovery of where sensitive data is located
  • Applying security methods that best fit risk, data type, and use case
  • Enforcing data security policy based on principle of least privilege
  • Monitoring access


ISACA Journal, Volume 6, 2014, Bridging the Gap Between Access and Security in Big Data

Click here for previous tips

Education & Training

Enterprise Risk Management (ERM)

Risks are those uncertainties that we must understand and manage in order for each of us to execute strategies and achieve our objectives and goals. Limited resources must be applied in a manner to achieve our strategic objectives and to manage the risks that may stand in the way of that achievement. This is the domain of Enterprise Risk Management. The foundation for any ERM program is the COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM Framework which may be viewed at the following site.


Internal Controls

Internal Audit Staff are available at your request to provide training on internal controls, proper segregation of duties, information system internal controls, etc. Please contact the Internal Audit Office, iadirector@purdue.edu or plfish@purdue.edu to discuss your training needs. The training agenda will be coordinated with you to ensure your training objectives are met.

Guidelines in the Event of Theft

Thefts may result from internal misappropriations or external events such as a robbery. Always remember that unnecessary risk should never be taken -- items in homes, offices, cars, etc. can be replaced. You can't!

Guidelines in the Event of Suspected Internal Theft

The responsibility for protecting University assets is shared by everyone. It is your responsibility to report suspected theft, negligence, misappropriations or carelessness to your Supervisor, Internal Audit, or Campus Police. Be alert and recognize control weaknesses that could result in a loss to the University. It is always better to prevent a loss than to recover one.

Guidelines in the Event of a Robbery

For detailed guidelines refer to the Purdue University Cash Handling Manual. A copy of this document should be on file with your Business Office or may be obtained from the Manager of University Collections. Remember that unnecessary risk should never be taken.

Remain calm and as soon as possible call 911

The "do's" for defusing situations are (1) do have a plan, (2) do be aware of warning signals, (3) do intervene early, and (4) do use calming techniques. The "don'ts" to remember are (1) don't sacrifice yourself for things, (2) don't put your hand unexpectedly on a disturbed or upset person, (3) don't challenge, dare, argue, or threaten the person, (4) don't use derogatory terms or talk as if he/she isn't there.

Feedback | E-mail Webmaster
Maintained by: Purdue Marketing Communications

Purdue University, West Lafayette, IN 47907
(765) 494-4600, E-mail: marketing@purdue.edu
© 2010 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact Purdue Marketing and Media at marketing@purdue.edu.