Title: OACR audit focus
Full Citation
Permanent Link: http://ufdc.ufl.edu/UF00087344/00031
 Material Information
Title: OACR audit focus
Physical Description: Serial
Language: English
Creator: Office of Audit & Compliance Review, University of Florida
Publisher: Office of Audit & Compliance Review
Place of Publication: Gainesville, Fla.
Publication Date: June 2010
 Record Information
Bibliographic ID: UF00087344
Volume ID: VID00031
Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.


This item has the following downloads:

June%202010 ( PDF )

Full Text

^^^^^ U FLORIA

.R Audit Focus

A quarterly newsletter from the Office of
Audit & Compliance Review

Brian Mikell, Chief Audit Executive

Fru in th WokPlc

Inside this issue:

we'ree on the \Web at:

rals from other university offices
and state agencies. The OACR
also is responsible for the over-
sight of the University of Florida's
compliance hotline. The OACR
has contracted with an independ-
ent third party, The Network, to
manage the compliance hotline.
The Network is a technology-
based company that aids its cli-
ents in the collection of confiden-
tial and sensitive information.
The compliance hotline is a key
component of the compliance
process for the university and
provides a mechanism for the re-
porting of issues, complaints and
allegations, and other university-
related concerns, including sus-
pected fraud, by either telephone
or internet web page.

Tolfre 0-87-55 -5356

A definition of fraud is a decep-
tion made for personal gain. It is
an intentional misrepresentation,
concealment or omission of ma-
terial fact done with the purpose
of deceiving another which
causes detriment to that person
or institution.

It is important to maintain
awareness of fraud in the work
place and to have good internal
controls to mitigate the opportu-
nity to commit fraud. Some in-
ternal controls points to consider
are as follows:
* Segregation of duties
* Physical safeguards
* Review and monitoring of ac-
* Proper authorizations
* Proper documentation and
* Follow established proce-
The OACR receives complaints
and allegations of fiscal impro-
prieties from a variety of internal
and external sources, including
direct correspondence and refer-


Avenu Roo21
P.O. Box 113025

Tel:" (352) 392,a-13i91

Je,"ff I Capeh

We're io tW t:

Asset management recently sent
an email reminder to campus re-
garding the risk involved when
surveying a copier, trading a cop-
ier or returning a leased copier to
the vendor.

Newer digital copiers have hard
drives which save images of all
documents copied. When sending
a copier to surplus property or to
the vendor, please remember to

Are your computer workstations
and network secure and free of
known security vulnerabilities?
The UF Office of Information Se-
curity and Compliance (ISC) of-
fers a free service for authorized
IT workers called the Nessus Self
-Service Vulnerability Scanner.

This service is an "on demand"
scanning solution to help UF net-
work managers determine
whether or not the computers on
their network are securely con-
figured. The scanner will check
for network accessible software
vulnerabilities, detect client-side
vulnerabilities, determine patch
level, enumerate installed soft-
ware, and audit security policies.

Nessus is a popular vulnerability
scanner used in over 75,000 or-
ganizations world-wide. Many of
the world's largest organizations

treat these copiers the same as
computers and "wipe" the hard
drive. Otherwise, sensitive and
confidential information such as
social security numbers, student
records and patient records may
be released and you may be re-
sponsible for breaching UF's confi-
dentiality policies as well as State
of Florida and the federal govern-
ment policies.

are realizing significant cost sav-
ings by using Nessus to audit busi-
ness critical enterprise devices
and applications.

The Information Security and Com-
pliance team has made it easy for
UF network managers to use Nes-
sus to report the status of the
computers on their networks.
With a few simple steps, a single
computer or an entire network can
be scanned producing a detailed
report of vulnerabilities along with
recommendations for corrective

Unit administrators should check
with their IT support staff to en-
sure that scans are being per-
formed on a regular basis.

For more information, contact
John Sawyer of IT security and
compliance at isawyer@ufl.edu.

UF Slf-Service Vulnerability Scanner I

I Wht's ew?

University of Florida Home Page
© 2004 - 2010 University of Florida George A. Smathers Libraries.
All rights reserved.

Acceptable Use, Copyright, and Disclaimer Statement
Last updated October 10, 2010 - - mvs