Compliance Matters Newsletter

IN THIS ISSUE ...

Compliance Week Recap:

Did you miss Compliance week?  Keep reading for a recap of the week and the winners of our great prizes.

Holiday Phishing Attacks

Be on the lookout for these potential attacks!

Guest Corner: Internal Audit 

Come meet our Associate Vice President for Internal Audi

COMPLIANCE WEEK RECAP

On November 6 – 10, 2023, the Compliance Office celebrated our annual Ethics and Compliance Week observation.   The Week was a chance for all employees to learn about compliance and ethics and have a little fun too. 

The Week started with a dedicated website announcing a Jeopardy game, a word find and an athletic compliance challenge.   Each day, Compliance Bytes featured an important Word of the Day.  The Director of Compliance participated in the Morning Blend for the Faculty Hub with a presentation on “Sexual Misconduct and Your Role as a Faculty Member”.  If you missed the presentation, the Hub has archived the talk.  The week ended with a compliance table at the Benefits Fair.

Prize Alert

For all those that participated in the activities and games, thank you!!   If you are curious as to who won the prizes, see below

Richmond Swag Bundle – Ingrid Lasrado

Women’s Basket Ball tickets – Kristen Ball

Men’s Basketball tickets – Kathy Ziegenfus

Richmond Sweatshirt – Bryan Moyer

Basketball signed by both men’s and women’s basketball coaches – Danise Stetson  

 Done but Not Gone

Although Ethics and Compliance Week is over, it doesn’t mean that resources are gone.  Check out the Compliance website:  Richmond.edu/compliance for helpful information and resources.

HOLIDAY PHISING ATTACKS

Between Thanksgiving and New Year’s Day, cybercriminals are especially active.  As we are thinking about family, time off, and gifts, we may pay less attention to the many emails we receive, order confirmations, promotional offers and e-cards.  This is when cybercriminals try to lure you into action.  Don’t be a victim.  Check out these helpful tips:

Gift card scams

Many holiday scams involve buying and selling fake gift cards or tricking you into paying someone with a gift card. If you receive an urgent call or email asking for payment via gift card, assume it is a scam. According to the Federal Trade Commission (FTC), real businesses and government agencies will never request gift cards as payment. If you purchase gift cards in a store, carefully examine the PIN to ensure it hasn’t been altered, and get a receipt so that you can verify the purchase in case the card is lost or stolen.

Charity scams

Hackers often take advantage of people’s goodwill by creating fake charities, such as GoFundMe campaigns. Before donating money or sharing any information, do your research — double-check that the URL and charity details are legitimate.

Online Shopping

As more folks opt for the convenience of online shopping, it’s important to consider these best practices to stay safe this season.

• Use secure Wi-Fi
  Shopping online while using public Wi-Fi at places like restaurants, hotels and airports is risky. If you need to make purchases on the go, connect to a virtual private network or use your phone as a hotspot for secure shopping.
• Think before you click
  If you receive a sales offer via email or text that seems unbelievable, it could be a phishing scam. Keep an eye out for the classic signs of phishing, like typos and grammar mistakes, suspicious links and unusual email addresses. To verify an offer, go directly to the company’s website rather than clicking a link.

• Consider payment options
  Because most credit card companies offer more consumer protections, credit cards are a safer form of payment than debit cards. Fraudulent debit card charges can also take 30-60 days to be reversed, during which time your account may be frozen. Consider using a virtual credit card number or third-party payment service such as Amazon Pay, PayPal, Google Pay or Apple Pay to avoid entering your credit card information directly.

GUEST CORNER:  Internal Audit

By Du’Neika Easley, Associate Vice President for Internal Audit

Du’Neika Easley, Associate VP of Internal audit has been with the University since 2012. After spending almost three years in the Office of Planning & Budget, she transitioned to Internal Audit. She is a Certified Public Accountant with 20 years of auditing experience.

1. What is Internal Audit’s role at the University of Richmond?

Internal audit provides independent, objective reviews of the University’s business processes, as the third line of defense in managing risk. We gather information throughout the audit process and make recommendations to improve internal controls and compliance with University policies or other regulations.

1. How does Internal Audit determine which areas to audit?

Each year Internal Audit develops a project plan to review areas of potential risk. Risks are assessed through conversations with leadership, data from the University’s Enterprise Risk Management process, and trends in higher education. The Board of Trustee’s Audit and Compliance Committee approves the final plan.

Risk Assessment Process

1. What is a common misconception people often have about Internal Audit?

There are two common misconceptions. The first being that our goal is to find errors. While this may occur it’s not the goal. The audit process is designed to be collaborative and support our auditees in addressing concerns. The second misconception is that we “approve” or define the appropriate internal controls. On the contrary, we only make recommendations. Management is responsible for determining which controls to implement based on a number of factors including feasibility and resources.

1. What other services does internal audit offer?

Internal audit is available to provide advice on policies, procedures, and process changes. As previously mentioned, we must remain independent, but we offer our industry knowledge to support management in making decisions.   We are always just a phone call or email away!

IN THIS ISSUE ...

Political Activity on Campus

A description of what political activity is allowed

Don’t Forget Compliance Education

Reminders for your training

Compliance and Ethics Awareness Week

Mark your calendars!

Guest Corner: John Craft

Recognizing Cybersecurity Month

Political Activity on Campus 

Watch television or surf the web for just 10 minutes these days and you can’t miss the fact that we are deep in political campaign season.

You might not know that the University is prohibited by law from participating, directly or indirectly, or intervening in political campaigns.  This restriction is essential to the University maintaining its status as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

However, there are situations when the University’s facilities and resources can be used in connection with political campaigns.  You can find detailed information on these exceptions in the Policy on Political Campaign Activities on Campus. 

Please remember that this policy does not apply to or restrict in any way the discussion of political issues, teaching of politics or campaign-related subjects, or academic research involving political issues, or campaigns.

Don’t Forget Compliance Education!

If you haven’t yet already done so, don’t forget to complete your compliance training.  All Faculty and Staff and Administrators are assigned annual training in the areas of Cybersecurity, Harassment and Discrimination Prevention and FERPA (Family Educational Rights and Privacy Act) if you access to student educational records.

Your training invites will come from Kris Henderson, Director of Compliance, and you can find the training on Talent Web on the Human Resources website (hr.richmond.edu) 

If you have any questions, reach out to khender3@richmond.edu

Compliance and Ethics Awareness Week!

Mark your calendars for November 5-11, 2023 for the University’s observance of National Compliance and Ethics Awareness Week.

The week is a chance for faculty and staff to learn about compliance on campus and to celebrate our collective efforts to make UR a wonderful place to work. 

The week will bring online activities and compliance officer appearances – all with opportunities to win some fun prizes.

We look forward to your participation!

GUEST CORNER:  Cybersecurity Awareness Month

By John Craft, Director of Information Security

October is Cybersecurity Awareness Month, and this is a great time of year to think about securing your digital life.  In this age of ever-increasing reliance on technology in our daily lives, securing your data and devices is of the utmost importance. Think about how many times you use technology in your daily life.  It may be that trip to the coffee shop or grocery store, getting gas, registering for an event, or just sending a message to your friends or family through email or social media.  All of these could be impacted if you do not remain aware of cybersecurity risks and take steps to protect yourself.

Research estimates that a successful cyber-attack occurs every 39 seconds and that by 2025 cybercrime will cost the world $10.5 trillion annually.  Statistics like those are very daunting and might easily discourage you.  However, you are very unlikely to be a victim of cybercrime if you follow some fundamental best practices for your information security.

1. Use multifactor authentication (MFA) whenever it is available for your accounts. MFA has been proven to stop 99.9% of account compromise attacks.  Don’t delay, enable MFA!
2. Don’t reuse your passwords. If your password is compromised, every account that uses that password is at risk.  Make sure you are using strong, unique passwords for every account.  UR makes this simple by offering all students, faculty, and staff a FREE LastPass Premium account. Just search for “LastPass” on the UR website for instructions on how to get this.
3. Update your systems and applications. Vulnerabilities are regularly discovered in the software on our systems and applications. Make sure you are applying security updates regularly to ensure a bad actor cannot take advantage of unpatched vulnerabilities.
4. Think before you click. Never click on a link in an email or an untrusted website without thinking about the circumstances. Phishers try to impersonate someone you trust or instill a false sense of urgency to make you click without thinking.  So, stop and ask yourself “Do I trust this link?” before clicking.  That simple process can save you from a world of grief if you fall for a phishing scam. Always remember – if it sounds too good to be true, it most likely is not!
5. Back up your critical data. Everyone has heard of the dangers of ransomware. Having a secure backup of your data, protected by MFA, can help you sleep better at night knowing that you can always restore your data if needed.
6. Monitor your credit reports. What used to be a difficult and time-consuming process has become much easier in recent years. Ensure that you take the time to annually review your credit report with the major credit bureaus. Information security has a page dedicated to protecting yourself from identity theft at https://is.richmond.edu/infosec/securityawareness/tips/idtheft.html.

If you can integrate these fundamental practices into your digital lifestyle, you are much less likely to be a victim of cybercrime.

UR Information Security is planning several events to celebrate Cybersecurity Awareness Month.  For a full listing of these events go to our website at https://is.richmond.edu/infosec/events/index.html.  Of note this year, we are hosting a Capture the Flag (CTF) competition that is open to all students, faculty, and staff.  This competition will have fun challenges for users of all skill levels and let you think like a hacker! Come join the fun the first week of November!

In This Issue...

A Short Introduction

Saying hello and setting up expectations for our newsletter

What Exactly is Compliance?

An introduction to newcomers and a refresher to returning employees

Guest Corner: Maribel Street

Staying prepared for emergencies during the fall semester

Introducing Compliance Matters: What to Expect Here

Welcome to the Compliance Matters Newsletter, Volume One!  We’re excited to present to you the latest and greatest from Richmond’s Compliance Office. 

In this newsletter, you can expect to find the following:

• Tidbits and information about the Office of Compliance and compliance-related issues
• Reminders on compliance education and tools you’ll need
• Guest appearances from other Richmond colleagues

Regardless of who you are, compliance is an issue that effects everyone, at every level.   From faculty to students to staff, we hope this newsletter can be a source of information, clarity and interest as we pursue the highest standards of ethical conduct here at Richmond.

The Office of Compliance is a resource that is available to all Richmond departments.  Please reach out for questions or use the Helpline 804 287-1800 or the online reporting form.  

What Exactly is Compliance?

By Kris Henderson, Director of Compliance

Welcome to another academic year at Richmond.   I want to take this space to talk about what Compliance at Richmond is all about.   Richmond’s Compliance program is an ethics-based program not just a regulatory one.  What exactly does that mean?

Let’s start with a few definitions.

Compliance is the adherence to laws, regulations, policies and guidelines relevant to the University.  Our job is to provide guidance on understanding what’s required of each employee.  That’s why compliance education is so important.  You can’t follow a law, regulation or policy unless you know what it is.

Ethics is concerned with what is right and wrong.  Ethics goes beyond what the law requires. It involves doing the right thing and following both the spirit and not just the letter of the law.

Have you ever thought about why the speed limit on your local highway is what it is?   No matter what it is, 60 mph, 65 mph, 70 mph, a local “compliance” officer working with “business” stakeholders developed a policy regarding public safety that involved setting a speed limit and procedure for enforcement as well as discipline for violations.   That sounds like a strong compliance program.  But merely posting a standard, like a speed limit, does not ensure compliance. Wouldn’t it be great if everyone respected the standard because everyone knew it was the right thing to do and by following the standard it would make the organization a better place to work as well as being more effective?  That’s where a culture of ethics comes in working hand in hand with compliance.

Guest Corner: Emergency Preparedness

By Maribel Street, Director of Emergency Management 

In observance of National Preparedness Month, the Office of Emergency Management is hosting a month-long series of events during September. National Preparedness Month exists to raise awareness about the importance of preparing for disasters and emergencies that could happen anytime, both on and off campus. 

National Preparedness Month is a great opportunity for our campus to engage with emergency preparedness and safety, and we are thrilled to be part of that effort in welcoming everyone back to campus for the fall 2023 semester. This month’s activities include:

September 13^th 10-2pm Campus Forum – safety/preparedness fair with activities/info/swag/prizes

September 22^nd 7:30pm Westhampton Green - Disaster movie on the lawn (Student choice)

September 28^th 7pm Alice Haynes Room – Survival Cook Off Event

For more information on National Preparedness Month and to learn more about the Office of Emergency Management download the UR SpiderSafe app!