Helpful Links
Our auditors use a variety of resources during audit planning to ensure we are researching current information for risk identification, risk mitigation, opportunities for fraudulent activity, authoritative guidance and internal control best practices. This is a list of agency and business resources that we find to be very helpful and, in most situations, they make access to their information available to the public.
The resources listed here are excellent for researching or implementing a new process or system, or to measure an existing process or system for assessing the possibility of internal control issues or ways to increase efficiency.
Board of Regents Policy and University Regulation
Regent policies are intended to be broad and flexible with details of administration
and implementation expressed in the related regulations that are promulgated by the
èƵ president.
Statewide Accounting and Administrative Manual
The purpose of the University of èƵ Accounting and Administrative Manual is:
• To develop consistency within the University System in the application of accounting
principles and major administrative processes,
• To aid in the preparation and processing of accounting transactions,
• To accumulate a summary of accounting and administrative procedures for reference
purposes, and
• To provide rules and processes to comply with various regulations and external requirements.
This manual is issued under the authority of the Vice President for Finance and Administration
in accordance with Regents' Policy P05.02.010.
UA in Review
UA in Review is developed by the UA Institutional Research and Analysis Department
using data stored in the UA Decision Support Database (DSD). This system-wide publication
containing graphical and analytical information combines information from UA administrative
information systems such as the historical èƵ database, SIS and the BANNER
enterprise management system.
Association of College and University Auditors (ACUA)
The Association of College and University Auditors (ACUA) is a professional organization
comprised of audit professionals from all over the globe. ACUA strives to continually
improve the internal operations and processes of the individual institutions we serve,
through continued professional development and the dissemination of individual internal
audit experiences in an open forum with friends and colleagues.
National Association of College and University Business Officers (NACUBO)
The National Association of College and University Business Officers is an organization
founded in 1962 to build a common professional framework between different professionals
nationwide. Its main goal is to “define excellence in higher education, business,
and financial management.” The organization offers a flagship magazine, “Business
Officer” that addresses current and emerging issues in various areas as they relate
to higher education administration. The NACUBO website also offers access to online
and CDROM based training as well as a government relations area where important government
rules and new regulations pertaining to the industry are promptly displayed.
University Risk Management and Insurance Association (URMIA)
The mission of the University Risk Management and Insurance Association is to advance
the discipline of risk management in higher education. URMIA is the preeminent source
of innovative and effective risk management ideas and solutions to the challenges
facing institutions of higher education in the pursuit of their academic, social,
and economic goals.
URMIA Goals:
• To protect the reputation and resources, both human and financial, of institutions
of higher education through the incorporation of sound risk management practices into
all aspects of their operations.
• To make available the best and most complete risk management information for institutions
of higher education.
• To provide excellent professional development opportunities for risk management
professionals in higher education.
National Council of University Research Administrators (NCURA)
The National Council of University Research Administrators serves its members and
advances the field of research administration through education and professional development
programs, the sharing of knowledge and experience, and by fostering a professional,
collegial, and respected community.
Higher Education Compliance Alliance
The Higher Education Compliance Alliance was created to provide the higher education
community with a centralized repository of information and resources for compliance
with federal laws and regulations. Spearheaded by the National Association of College
and University Attorneys (NACUA), the Compliance Alliance is now comprised of 26 participating
associations representing a broad cross-section of higher education interests. These
associations share a joint commitment to providing high quality resources on a diverse
range of compliance topics as a service to the higher education community at large.
Many of the resources on this website are freely available.
EDUCAUSE
EDUCAUSE helps those who lead, manage, and use information technology to shape strategic
IT decisions at every level within higher education. EDUCAUSE programs and services
focus on analysis, advocacy, community building, professional development, and knowledge
creation to support the transformative role that IT can play in higher education.
The website provides a library, topic-specific series of briefs called 7 Things You
Should Know About, research information, industry news, and survey information.
Association of Certified Fraud Examiners (ACFE)
Association of Certified Fraud Examiners was established in 1988 as a professional
fraud preventing organization. The Certified Fraud Examiner certification is offered
through this organization as well as a comprehensive list of training material available
in the areas of fraud prevention and fraud detection. The organization’s membership
spans the globe. In the aftermath of Sarbanes Oxley and the corporate accounting scandals
of the early 2000’s, this organization’s popularity in the profession has dramatically
increased.
Society of Corporate Compliance and Ethics (SCCE)
The SCCE is dedicated to improving the quality of corporate governance, compliance
and ethics. SCCE’s roles include:
• Facilitating the development and maintenance of compliance programs;
• Providing a forum for understanding the complicated compliance environment; and
• Offering tools, resources and educational opportunities for those involved with
compliance.
Privacy Rights Clearinghouse
Privacy Rights Clearinghouse is a California nonprofit corporation with 501(c)(3)
tax exempt status pending. It has a two-part mission -- consumer information and consumer
advocacy. It was established in 1992 and is based in San Diego, California. The PRC
is primarily grant-supported and serves individuals nationwide.
The PRC's goals are to:
• Raise consumers' awareness of how technology affects personal privacy.
• Empower consumers to take action to control their own personal information by providing
practical tips on privacy protection.
• Respond to specific privacy-related complaints from consumers, and when appropriate,
intercede on their behalf and/or refer them to the proper organizations for further
assistance.
• Document the nature of consumers' complaints and questions about privacy in reports,
testimony, and speeches and make them available to policy makers, industry representatives,
consumer advocates, and the media.
• Advocate for consumers' privacy rights in local, state, and federal public policy
proceedings, including legislative testimony, regulatory agency hearings, task forces,
and study commissions as well as conferences and workshops.
ISACA
ISACA provides practical guidance, benchmarks and other effective tools for all enterprises
that use information systems. Through its comprehensive guidance and services, ISACA
defines the roles of information systems governance, security, audit and assurance
professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the
CISA, CISM, CGEIT and CRISC certifications are ISACA brands respected and used by
these professionals for the benefit of their enterprises.
COBIT
COBIT 5 is the only business framework for the governance and management of enterprise
IT. This evolutionary version incorporates the latest thinking in enterprise governance
and management techniques, and provides globally accepted principles, practices, analytical
tools and models to help increase the trust in, and value from, information systems.
COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards
and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure
Library (ITIL») and related standards from the International Organization for Standardization
(ISO).
National Institute for Standards and Technology (NIST)
The National Institute for Standards and Technology is a non-regulatory agency founded
in 1901 within the U.S. Department of Commerce that, among many other services and
activities, issues guidance on computer security. These are issued through special
publications known as the NIST Special Publication 800 series. This series was established
in 1990 to provide a separate identity for information technology security publications.
SANS
The SANS Institute was established in 1989 as a cooperative research and education
organization. Its programs now reach more than 165,000 security professionals around
the world. A range of individuals from auditors and network administrators, to chief
information security officers are sharing the lessons they learn and are jointly finding
solutions to the challenges they face. At the heart of SANS are the many security
practitioners in varied global organizations from corporations to universities working
together to help the entire information security community.
SANS makes available at no cost the largest collection of research documents about
various aspects of information security, and it operates the Internet's early warning
system - the Internet Storm Center.
Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission
to promote the use of best practices for providing security assurance within Cloud
Computing, and to provide education on the uses of Cloud Computing to help secure
all other forms of computing. The Cloud Security Alliance is led by a broad coalition
of industry practitioners, corporations, associations and other key stakeholders.
Shared Assessments
Focus: Vendor Risk Assessment Process. Shared Assessments was created by leading financial
institutions, the Big 4 accounting firms, and key service providers to inject standardization,
consistency, speed, efficiency and cost savings into the vendor risk assessment process.
Shared Assessments provides resource documents, news articles and training opportunities
relevant to the industry.
Business Software Alliance (BSA)
BSA’s mission is to promote conditions in which the information technology (IT) industry
can thrive and contribute to the prosperity, security, and quality of life of all
people. BSA is interested in helping all software users ensure that fthey use only
fully licensed software and are educated about the ethical and digital security risks
associated with unlicensed software use. BSA provides free access to several in-depth
documents on studies they perform under the heading Recent Research. Whitepapers are
also available to non-members.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard is a standard developed by the major
credit card companies to help organizations fight credit card fraud and other security
threats related to the processing of credit card information on merchant systems.
This is a well defined standard to which merchants must periodically report compliance.
Small merchants conduct self-reporting while larger merchants utilize quality assessors.
Misreported information or violations of the standard can lead to large penalties.
In the case of data theft, which is determined to be the fault of the merchant, credit
card companies could fine the card processing company who could then pass the fine
to the individual merchant.
Council on Governmental Relations (COGR)
COGR provides advice and information to its membership and makes certain that federal
agencies understand academic operations and the impact of proposed regulations on
colleges and universities. The website provides Publications (under the Research heading)
on areas such as Financial Management, Effective Management Practices, Intellectual
Property, Export Controls, and Conflict of Interest.
Federal Demonstration Project (FDP)
The FDP is a program sponsored by the Government, University, Industry Research Roundtable
of the National Academies. Its purpose is to reduce the administrative burdens associated
with research grants and contracts. The webite offers a place to locate links to several
federal agencies, affiliated members, and a grant management program.
Defense Contract Audit Agency (DCAA)
The DCAA, while serving the public interest as its primary customer, shall perform
all necessary contract audits for the Department of Defense and provide accounting
and financial advisory services regarding contracts and subcontracts to all DoD Components
responsible for procurement and contract administration. These services are provided
in connection with negotiation, administration, and settlement of contracts and subcontracts
to ensure taxpayer dollars are spent on fair and reasonable contract prices. The DCAA
shall provide contract audit services to other Federal agencies as appropriate.
For the University of èƵ, the DCAA conducts audits on behalf of the èƵ’s cognizant agency Office of Naval Research.