Summary

Our operational audit for the fiscal year ended June 30, 2006, disclosed the following:

Finding No. 1:        The University’s competitive procurement threshold exceeded the limit established by Board of Governors Rules.

Finding No. 2:       University personnel did not always comply with University policies when entering into written contracts.

Finding No. 3:       Although the University had implemented a security awareness program, University records did not demonstrate that all appropriate personnel had been apprised of the importance of preserving the integrity, availability, and confidentiality of the data entrusted to them.

Finding No. 4:       The Northwest Regional Data Center did not utilize service level agreements as a formal mechanism to specify roles and responsibilities, service level expectations, and mitigation procedures.

Finding No. 5:       The Northwest Regional Data Center disaster recovery plan lacked key provisions essential for ensuring a timely and orderly resumption of operations, should an interruption in information technology services occur.