The Board of Trustees Audit, Enterprise Risk Management and Ethics Committee met Thursday in the Main Campus Student Center room 253 to discuss its audit and top risks which face the university currently.
Wayne Poole, the director of Internal Audit, talked about the internal audit plan, and how the university is currently on track to complete the audit plan. There is a 70% productivity rate currently for the audit, which is what the board was looking for, Poole said.
“We do have some changes to the audit, the proposed changes are mostly removals. One of them have been cancelled because we really already worked through on the organization restructuring of the Research Compliance Model,” Poole said.
The other cancelled project was an automated journal voucher, which is a new process that is being implemented at ECU, Poole said.
These two programs are being replaced by four new programs called the Endowment Performance Review, the Enterprise Car Rental Contract, Grants and Contracts and Campus Recreation and Wellness Club Sports Drivers, Poole said.
Poole then went on to say that the state did an audit of the university and ECU passed.
Michelle DeVille, the Chief Integrity Officer, then talked about healthcare compliance within the university and noted that while the numbers may be low for education sessions about HIPAA, the numbers fluctuate based on new faculty and vary from month to month.
“Our reviews make up 40% of our office’s work. They sometimes are not stable due to many factors on hand. We review 10 charts per provider so our target of 43 provider reviews is actually 430 chart reviews that we do,” DeVille said.
DeVille said if a provider fails their review, they have a face-to-face meeting with the provider. There is additional education through email and the chairs of their department are also contacted, DeVille said.
DeVille said the office will most likely hit its target in the coming months. She said they failed to hit their targets over the past four months because she set the target high.
Deville said that her office has reviewed over 200 HIPAA reviews at ECU, and has implemented a stronger program for the division of health sciences for medical record access in order to tackle inappropriate access.
Sara Throndike, the vice chancellor for Administration and Finance, talked about the Enterprise Risk Management and how to properly handle some of the biggest risks the university faces.
The largest risks that were spoken about were the recruitment and retention of qualified staff as well as cyber threats and cyber security, such as phishing.
“The risks are the same as they were last year, advisory teams for each risk have been formed, and each risk has at least one owner that helps manage the teams,” Thorndike said.
According to the agenda for the meeting, there have been communication focus groups on campus in order to see what employees are seeking regarding how the university communicates with them.
The agenda additionally states the university is redesigning new staff orientation in order to focus heavily on the culture and community that the university tries to foster.
Mark Webster, ECU’s chief information security officer, talked about cyber risks that the university faces, including phishing emails or malicious bots.
“Some general stats concerning cyber security are 89% of emails sent to the university are blocked due to being spam or malicious emails. There have also been external queries into the university, we really do face global adversaries, and some of them are even state sponsored activities,” Webster said.
Webster said the Cyber Security Operations Center is additionally at work to try and protect sensitive data that the university may have.
Staff at ECU receive reports of possible vulnerabilities in order to address and try to manage the issues of cybersecurity, Webster said.
ECU has also begun to use multi-factor identification when signing into some services, Webster said. The use of multi-factor identification has become a priority of the UNC School System as a way to protect sensitive data.
“There has been some conversation about some very high rate systems, and we are trying to stay up on the latest technology.” Webster said.
Thorndike then talked about how they are impressed with ECU’s IT department and how other universities have begun to reach out to them in order to implement things like multi-factor authentication.