Internal Audit and Compliance Quarterly Newsletter
|
|
|
|
March 2023
Dear University of Miami Coral Gables/Marine Campus Colleagues,
Thank you for engaging with us! The Office of Audit and Advisory Services, in collaboration with University Compliance Services, continues to support and advance the mission of the University, providing our quarterly newsletter as a resource for the University community. We work with you to foster strong internal controls.
We are proud to successfully partner with faculty and staff members, while maintaining independence and objectivity, as we work together to enhance the University’s controls and processes. We recognize there is always room for improvement in any operation, and we welcome any suggestions that you may have as to how our offices can better serve students, faculty, and staff members.
Thank you,
Blanca Malagon, VP, Audit and Compliance
|
|
|
Risk and Internal Control
|
|
|
|
Risk in any institution involves the unintended loss or underperformance of assets. The root causes of risks are conditions or events that may or may not be controllable. The loss of assets can be caused by intentional or unintentional acts, failures to act, or human error. Underperformance can be driven by operational disruption, reputational harm, human failure, or failure to capitalize on opportunities.
Internal and external factors that cause risks can include the following:
- Errors – unintentional discrepancies
- Irregularities – intentional discrepancies, also known as fraud
- Variability – natural and expected in any process
- Unusual and infrequent events or variations
- Opposing interests – competitors, business partners, employees, stakeholders
Risks are controlled—not eliminated—through prevention and detection of the occurrence of conditions or events. Risks are not fully controlled or controllable, and therefore "residual risk" remains in any system of internal control. The day-to-day risk, control activities, and residual risks are managed throughout the organization while significant organizational risk is managed at the higher levels.
Audit and Advisory Services works with management to mitigate risks and determine the overall acceptable level of risk that remains uncontrolled, or residual. We serve the organization where needed to identify opportunities to strengthen the internal control environment and minimize risk for the University.
Audit and Advisory Services is currently performing an annual Internal Audit Risk Assessment that will be used as a basis for the University Audit Plan.
Learn more about types of audits and advisory services.
|
|
|
Conflict of Interest (COI) in Research/UDisclose Webinar and Q&A Session
Join the upcoming COI/UDisclose webinar and Q&A session conducted via Zoom on Friday, April 28, 2023, at 2 p.m. Registration is available through ULearn (visit ulearn.miami.edu and keyword search: UDisclose system), along with the schedule of future training webinars.
The discussion will quickly review the University's new policy that requires our community members to disclose interests to the University. Participants will identify the steps to achieve and maintain compliance with the policy, namely the required training and disclosure of interests associated with Institutional Responsibilities. A demonstration of the new UDisclose system will allow users to become familiar with how to designate a proxy and submit their outside interests to the University.
If you have specific questions, or if you would like to arrange a presentation for your group on the University's COI policy and how to use the UDisclose system, please contact Disclosures & Scholarly Activities Management (DSAM) at: dsam@miami.edu.
|
|
|
University Compliance Updates
|
|
|
Foreign Influence Policy Notification
Undue foreign influence is an issue of significant concern for state and federal agencies. As a result, we are proactively implementing a new policy to prevent any transactional activity with foreign companies, and/or certain foreign governments, their agents, or entities that are:
- debarred, proposed for debarment, and/or declared ineligible or voluntarily excluded from participation in business transactions by any state of Florida or federal government departments and/or agencies;
- named on the State of Florida's list of "scrutinized companies;" and/or,
- named on the federal "exclusions list."
This policy is complementary to the existing Supplier Onboarding and Export Control policies already in place, and it follows a similar procedure for implementation. Failure to satisfy the elements of this procedure will trigger cessation by the University of Miami of any ongoing discussion, negotiation, or business-related activity involving the entity. This policy ensures that the University does not unintentionally conduct business—including research, scholarship, and/or creative endeavors—with entities who may pose risk to our academic integrity and impact.
For more information, please review the policy.
Updating UDisclose Profiles Annually
The University of Miami's COI policy requires that you complete COI training and disclose your outside interests to the University, on an annual basis. You may have received a notification that your training is due soon. Please follow the link provided to access your Disclosure Profile in the UDisclose system and follow the steps below to complete this action item:
- Click the Edit Disclosure Profile
- Navigate to the Instructions and Policies page. (Click the link in the upper left corner of the smart form.)
- Review and acknowledge the training. (Populate the checkbox at the bottom of the page.)
- Click Continue.
While in the system, you are welcome to resubmit your Disclosure Profile to ensure that you do not have to re-access the system again until next year. Please note, you must update your disclosures with any changes or newly acquired interests within 30 days.
For any technical issues with the UDisclose system, please contact the Office of the Vice Provost for Research & Scholarship (OVPRS) at: 305-243-2314 or OVPRShelpdesk@miami.edu.
For any questions about UM's COI policy and disclosure requirements, please contact the UDisclose helpline at: 305-243-0877 or dsam@miami.edu.
|
|
|
Data, Access, and Security Tips
|
|
|
|
University employees working remotely should do so securely; below are some tips for safe remote work:
- Use a safe and trusted network. Do not use Wi-Fi offered in public places. (Plus, while on campus, connect securely to the UMiamiWireless network for Coral Gables and Marine faculty and staff.)
- Update the software on your devices often.
- Ensure that you have anti-virus installed and it is up-to-date.
- Use strong and varied passwords for all your devices and logins.
- Store your data on University cloud storage solutions.
- Never leave your device unattended.
- Use the University's VPN when accessing UM resources and data.
- Use multi-factor authentication (MFA) wherever possible.
Learn more by visiting the University of Miami's Information Security Office Before You Connect page.
|
|
|
Policy Updates – PolicyStat
|
|
|
|
PolicyStat is a central location for accessing University policies. We would like to bring all updates and newly added policies to your attention. For further detail on any of the following policies, please visit PolicyStat at: umiami.policystat.com.
| PolicyStat ID |
Title |
Last Revised |
Change |
| 13270508 |
Emergency Medical Assistance |
3/9/23 |
Updated |
| 13227068 |
Enrollment Tracking Using REDCap |
3/7/23 |
Updated |
| 13222810 |
SBIR/STTR Policy |
2/28/23 |
Updated |
| 13218770 |
Student Rights and Responsibilities Handbook |
2/28/23 |
Updated |
| 12333684 |
Credit Card Processing & Security |
2/27/23 |
Updated |
| 13115536 |
University of Miami Student Center Complex Policies |
2/20/23 |
Updated |
| 13134035 |
Restricted Business Activities Involving Foreign Companies/Organizations in the Federal Exclusions List or the Florida Scrutinized Companies List |
2/16/23 |
New |
| 12273305 |
Petty Cash Policy |
2/7/23 |
Updated |
| 12649054 |
UM Fleet Safety/Vehicle Management |
2/1/23 |
Updated |
| 13039505 |
Openness in Research Policy |
1/30/23 |
Updated |
| 13033497 |
Student Rights and Responsibilities Handbook |
1/26/23 |
Updated |
| 13022856 |
Enrollment Tracking Using REDCap |
1/25/23 |
Updated |
| 12957848 |
OVPRS Communication-Level Standards Policy |
1/24/23 |
New |
| 12930613 |
Effort Reporting Policy |
1/10/23 |
Updated |
| 12229742 |
Continuity Planning |
12/6/22 |
Updated |
| 12786662 |
Estate & Gift Planning Program |
12/6/22 |
Updated |
| 12754153 |
Travel Policy |
12/1/22 |
Updated |
|
|
|
Internal Controls Self-Assessment
|
|
|
|
Our internal controls self-assessment is a valuable tool to help identify internal control gaps and assist in departmental management and audit preparation. The self-assessment consists of a series of "yes" or "no" questions. "Yes" indicates adequate controls in an area, while "no" indicates potential control gaps that should be addressed. Please reach out to Audit and Advisory Services with any questions or for an opportunity to help assess your area.
The self-assessment can be accessed here. For questions not addressed in the self-assessment, please contact us.
|
|
|
University Hotline
The University Hotline is a comprehensive and confidential reporting tool to address fraud, abuse, and misconduct related to University policies and procedures, and concerns about violations of irregularities or improprieties. The University Hotline is available to any individual who wishes to report a concern, and one can choose to remain anonymous while doing so.
The University Hotline is not 911 or an emergency service, and is not intended to be used as a vehicle for resolving workplace disagreements or addressing communication issues between employees and their managers. These types of concerns should be handled with your supervisor or with your HR Client Services representative. In addition, there are various reporting tools available for students (undergraduate, graduate/doctoral, medical) to "Report a Concern" via the Student Affairs Dean of Students website or the MSOM Office of Graduate Studies website. See the NavexGlobal/EthicsPoint FAQ's for additional information.
University employees who report an activity in good faith that may be in violation of a law, rule, or regulation are protected against retaliation by the University's Whistleblower Protection Statement.
To make a Hotline report: Visit university-hotline.ethicspoint.com or call 877-415-4357.
|
|
|
|
