The University of Texas of the Permian Basin
Institutional Compliance Program
Quarterly Report
For the Quarter Ended February 28, 2009
Section I – Organizational Matters
 A meeting of the Institutional Compliance Committee was held February 24, 2009.
 There were no changes in membership on the Institutional Compliance Committee during
the quarter.
 There were no changes in the Compliance staff.
Section II - Risk Assessment, Monitoring Activities and Specialized Training (Performed by
Responsible Party)
High-Risk Area #1: Research
Responsible Party: J. Tillapaugh, Asst. Vice President for Graduate Studies and
Sponsored Research
Key “A” risk(s) identified:
 Noncompliance with Time and Effort reporting
 Failure to follow laws, policies and procedures regarding use of animal and
human subjects.
Key Monitoring Activities:
 The Responsible Party reviewed the Effort Commitment & Certification reports
that were completed by principal investigators of Federal grants for the months of
December 2008 and January 2009. The review identified one incorrect salary
reported in December, two incorrect PIs listed in December and January and one
incorrect base salary in January. Corrections are in process.
 A part-time staff member has been hired to serve as ECRT functional leader.
 The Responsible Party reviewed 32 protocols, approved 22 without revisions and
approved 10 with revisions.
Specialized Training:
Specialized training began for non-federal PIs and staff on all externally funded
projects. This training will be on-going. An ECRT/Huron representative held a
workshop for UTPB and UTEP staff February 5-6, 2009 regarding the new
software for Time and Effort tracking.
High-Risk Area #2: Institutional Advancement
Responsible Party: Kay Bivens, Director of Institutional Advancement
Key “A” risk(s) identified:
 Failure to comply with Federal regulations and donor requirements
Key Monitoring Activities:
 Checked a sample of transactions on Statement of Accounts reconciliations. Two
transactions were recorded with incorrect object codes. Corrections were made.
Specialized Training:
The staff person coding the transactions is newly-hired. One-on-one training is
used to train new staff.
1
High-Risk Area #3: Information Resources
Responsible Party: Roy Mendoza, Information Security Specialist
Key “A” risk(s) identified:
Inadequate information security program impacting confidentiality, availability and / or
integrity of data.
Key Monitoring Activities:
 Ongoing monitoring of email for confidential content. All inbound and outbound
email messages are examined. Emails containing social security numbers have
averaged twelve per month to date in FY 2009. Emails containing credit card
numbers have averaged two per month.
Specialized Training:
Annual Information Security Awareness training is required of all UTPB
information resource users. An updated Information Security Awareness Training
module was made available to faculty and staff during November 2008. As of the
end of February, training has been completed by 359 of 695 users (52%). A
weekly reminder is now being sent to all who have not completed the requirement.
A report of training remaining to be completed will be provided to the Director of
Information Resources.
Section III – Monitoring and Assurance Activities (Performed by Compliance
Office/Designate)
High-Risk Area: Failure to follow financial reporting standards and UT System
guidelines for budgeting and financial reporting
Assessment of Control Structure: Opportunity for enhancement
 Monitoring/Assurance Activities Conducted: Tracking of findings from AFR
Financial audit for Fiscal Year 2008. Three of the findings were considered
significant deficiencies and other recommendations were made for improvement.
It was determined that the VPBA and Director of Accounting will meet every
other week with the Asst. Compliance Officer / Internal Auditor to discuss
progress on implementation of the audit recommendations. A schedule of
findings and progress on the implementation on each will be used as a tool for
tracking. In addition, an action plan for each of the significant findings was
prepared for the President by the Director of Accounting, with review by the
Compliance Officer and the Asst. Compliance Officer / Internal Auditor.
 Monitoring/Assurance Activities Conducted: Compliance Officer and Asst.
Compliance Officer / Internal Auditor meet weekly with the President, Provost
and Director of the Office of Accounting to review current financial position and
potential actions that could impact year end results and financial rating status.
 Training Provided: Training for budget heads and support staff regarding
proper reconciliation of statements of account was initiated during the first
quarter. The Internal Auditor attends each session to stress the importance of
proper reconciliation procedures and to answer questions about expectations for
proper documentation. Sixty-five of ninety-four identified to receive the training
(69%) had achieved completion by February 28, 2009.
2
High-Risk Area: Financial Aid
Assessment of Control Structure: Opportunity for enhancement
 Monitoring/Assurance Activities Conducted: The State Auditor’s Office A133 limited scope audit of financial aid continued through the quarter. A draft
report was received during the quarter and responses to the findings were
provided. The findings and responses were reviewed by the Asst. Compliance
Officer / Internal Auditor.
Section IV – General Compliance Training Activities
Seven modules of General Compliance training administered through Training Post were
assigned to all continuing employees. New employees were assigned twelve General Compliance
modules. December 15, 2008 is the date set by the Institutional Compliance Committee for the
assigned training to be completed. As of February 23, 2008, 2,081 of the 2,360 modules assigned
or 88.2% were completed. Follow-up reminders from the appropriate executive staff will be used
to remind staff to complete the assigned modules. A conversion to Adobe Connect for delivery
of general compliance training is in process beginning February 2009.
Section V – Action Plan Activities
The following Action Plan items were implemented during the quarter just ended:
 The Compliance Officer is in the process of collecting individual certification letters from
all budget heads and responsible parties that provide assurance and/or note exceptions to
compliance activities and programs within each area.
 Provided the 1st Quarter compliance reports for high risk areas to the Compliance
Committee for review.
 Distributed an email notice to all faculty and staff that the annual campus-wide
compliance awareness survey is available for their completion in Survey Monkey.
 Provided the first quarter report for FY 2009 to the U.T. System Compliance Office.
 Held a meeting of the Institutional Compliance Committee during the quarter.
 Provided articles for inclusion in the employee newsletter that highlight various
compliance topics and educate the UTPB community regarding the Compliance Program.
 The Assistant Compliance Officer provided resource information during training
provided to Budget Heads and Administrative staff in sessions provided by the university
trainer on the statement of accounts reconciliation process.
 Training on the Time and Effort certification process was transferred to the Office of
Human Resources from Information Resources for monitoring of training completion.
 Conversion of Training Post modules to Adobe Connect was started during the quarter by
the trainer in the Office of Human Resources.
 Received and investigated or forwarded to appropriate administrators compliance
inquiries received through various means including the “888” hotline, internal phone,
email and in person. Provided an update on the inquiries to the Compliance Committee
in February 2009 at their regularly scheduled meeting.
3