Tip of the Month
For security reasons, identification of non-functioning controls must be determined as quickly as possible. Notifications must occur if logging is turned off or vulnerability assessments are not being generated. Immediate escalation is also critical.
SC Magazine, September 2014, “When is a control not a control?”
Education & Training
Risks are those uncertainties that we must understand and manage in order for each of us to execute strategies and achieve our objectives and goals. Limited resources must be applied in a manner to achieve our strategic objectives and to manage the risks that may stand in the way of that achievement. This is the domain of Enterprise Risk Management. The foundation for any ERM program is the COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM Framework which may be viewed at the following site.
Internal Audit Staff are available at your request to provide training on internal controls, proper segregation of duties, information system internal controls, etc. Please contact the Internal Audit Office, firstname.lastname@example.org or email@example.com to discuss your training needs. The training agenda will be coordinated with you to ensure your training objectives are met.
Thefts may result from internal misappropriations or external events such as a robbery. Always remember that unnecessary risk should never be taken -- items in homes, offices, cars, etc. can be replaced. You can't!
Guidelines in the Event of Suspected Internal Theft
The responsibility for protecting University assets is shared by everyone. It is your responsibility to report suspected theft, negligence, misappropriations or carelessness to your Supervisor, Internal Audit, or Campus Police. Be alert and recognize control weaknesses that could result in a loss to the University. It is always better to prevent a loss than to recover one.
Guidelines in the Event of a Robbery
For detailed guidelines refer to the Purdue University Cash Handling Manual. A copy of this document should be on file with your Business Office or may be obtained from the Manager of University Collections. Remember that unnecessary risk should never be taken.
Remain calm and as soon as possible call 911
The "do's" for defusing situations are (1) do have a plan, (2) do be aware of warning signals, (3) do intervene early, and (4) do use calming techniques. The "don'ts" to remember are (1) don't sacrifice yourself for things, (2) don't put your hand unexpectedly on a disturbed or upset person, (3) don't challenge, dare, argue, or threaten the person, (4) don't use derogatory terms or talk as if he/she isn't there.