Fixed Assets Property Control

The University of South Alabama has a procedures manual which provides details related to the proper control and safeguarding of fixed assets/equipment. The manual details the departmental responsibility as well as the responsibility of the Purchasing department for “Equipment”, which is defined as any apparatus, instrument, appliance, item of machinery, or piece of furniture costing $5,000.00 or more and having a useful life of two or more years. Also included are tagging procedures, the requirement for a periodic inventory, as well as reference to the USA Property Control form which is to be used to document changes in equipment status. You can read more here.

May was Internal Audit Awareness Month

Thank you to those who participated in our first official celebration of Internal Audit Awareness Month! We enjoyed sharing a bit about ourselves and our profession, and especially meeting new folks, or those we have only met virtually!

Internal Audit Annual Risk Assessment

It’s that time of the year again…Risk Assessment time! In general, a risk assessment is the process used to identify risk factors that have the potential to negatively impact achievement of an organization’s goals or objectives. The Office of Internal Audit completes the risk assessment via a combination of interviews with senior leaders and managers, a Qualtrics survey, evaluation of industry specific risks, among other factors. The risk assessment is a key component in the creation of the annual audit plan. View our 2022 Risk Assessment Flyer to learn more about the process!

 Protection of Personal Data

Many USA offices and departments routinely utilize the personal data of members of the USA community (students, alumni, faculty, staff, contractors, patients, volunteers, etc.) in their daily operations for the furtherance of USA business, typically electronically, but also in hardcopy. In some cases, our personal data is stored in campus-managed servers; in other instances, USA contracts with 3rd party vendors to process our personal data, which includes the cloud-based storage of our data.

Like anyone else, these 3rd parties are vulnerable to cyberattack, ransomware, etc., which could result in the breach of our personal data. To assure a vendor offers reasonable protection against such a breach, we review our written agreements (contracts) with them, and their privacy policies, to determine if they are appropriately acknowledging their responsibility to protect our personal data and are in compliance with federal and state privacy laws.

For scenarios where we manage personal data here on campus, or in a relationship with aforementioned vendors, we absolutely have a shared responsibility to protect the data. Our responsibilities are addressed in our Confidential Data Protection Policy.