The University of Texas of the Permian Basin
Institutional Compliance Program
Annual Report
For the Year Ended August 31, 2008
Section I – Organizational Matters



Quarterly meetings of the Institutional Compliance Committee were held on September
18, 2007, January 24, 2008, April 24, 2008 and August 8, 2008.
One change in membership on the Institutional Compliance Committee was completed at
the beginning of the fiscal year with a change in the Faculty Senate representative.
There were no changes in the Compliance staff which includes a Compliance Officer and
an Assistant Compliance Officer / Internal Auditor.
Section II - Risk Assessment, Monitoring Activities and Specialized Training
(Performed by Responsible Party)
High-Risk Area #1: Information Security
Responsible Party: Keith Yarbrough, Director of Information Resources
Key “A” risk(s) identified:
 Unauthorized Information disclosure through password access obtained by deceiving
user
 Inadequate protection of confidential information including Social Security Numbers
 Lack of training on information security
Key Monitoring Activities:
 Monitored 100% of inbound and outbound e-mail messages for confidential content
including Social Security Numbers and credit card numbers. The monitoring
indicated that .08 percent of inbound messages and .05 percent of outbound messages
contained potentially confidential information. Offending users were notified of the
potential violations. Repeat offenders were reported to their supervisor and the
Compliance Office.
 Conducted ongoing monitoring of network traffic for potentially threatening traffic.
The Nitro security appliance automatically responded to a number of network threats.
None were considered critical.
Specialized Training:
A training program regarding information security awareness was developed for users
that require access to our systems. The first training sessions were held in July 2008. By
the end of the fiscal year, 159 of 543 employees (29%), 50 of 50 new faculty (100%) and
65 of 65 continuing faculty (100%) completed the training. Efforts will continue in the
next fiscal year to provide the training to all remaining faculty and staff.
High-Risk Area #2: Animal and Human Research
Responsible Party: J. Tillapaugh, Assistant Vice President for Graduate Studies and
Sponsored Research
Key “A” risk(s) identified:
 Inappropriate use of animal and human subjects, research subjects and materials
 Inadequate training about Federal reporting requirements
Key Monitoring Activities:
1

Reviewed 261 Human Subject Research Protocols. Approved 195 and required
62 to complete revisions prior to approval. Four were not approved.
 Three sponsored animal research projects were submitted and authorized.
 The Institutional Animal Care and Uses Committee (IACUC) conducted a
comprehensive review of animal research and of laboratory facilities. Four major
deficiencies and several minor ones were identified, according to standards of
external accreditation organizations. Steps were taken on all of the major and
minor problems for correction by July 31, 2008.
Specialized Training:
Trained 261 of 261 (100%) staff and students in Human Subject research requirements of
the National Institutes of Health (NIH). UTPB purchased a new software license for
Animal Subject training that allows 31 individuals annually to be trained starting in FY
2009.
High-Risk Area #3: Research Time Reporting
Responsible Party: J. Tillapaugh, Assistant Vice President for Graduate Studies and
Sponsored Research
Key “A” risk(s) identified:
 Noncompliance with new Federal reporting requirements such as Time and
Effort
Key Monitoring Activities:
 Monthly reviews occurred on Effort Certification for federal external grant funds
expending salary and wages
 Certification occurred for the first six months of FY 2008 after February 28,
2008, according to UTS policy. A few errors were discovered and adjustments
were made before the certification date. One hundred percent of identified
transactions were examined.
 Certification for the last six months of FY 2008 will occur after materials for
August are received
 The Tier II Risk Assessment for Research was reviewed and revised.
Specialized Training:
Training on Time and Effort Reporting was completed for 13 of 13 (100%) of Principal
Investigators (PIs) for federal grants. Training for PIs of non-federal external funding
was completed for 8 of 16 (50%). Training materials have successfully been transferred
to Adobe Connect for delivery of future training.
High-Risk Area #4: Endowment and Gift Compliance
Responsible Party: Kay Bivens, Institutional Advancement Director
Key “A” risk(s) identified:
 Failure to comply with Federal regulations and donor requirements
Key Monitoring Activities:
 Gift entry Validation sheets were reviewed by the Institutional Advancement
Director before completion of the donor’s gift file. 2,015 of 2,015 gifts (100%)
were reviewed. Ten errors in coding were identified and corrected as a result of
the reviews.
Specialized Training:
 Individual training was provided for the Administrative Assistant regarding
proper coding for transactions
 Training regarding compliance with Federal regulations and donor requirements
was held for 32 of 35 (91%) of individuals identified as eligible for the training.
2
High-Risk Area #5: Emergency Procedures
Responsible Party: Tom Hain, Chief of Police
Key “A” Risk(s) identified:
 Failure to have a campus-wide emergency plan
 Failure to inform students, faculty and staff of the emergency plan procedures
Key Monitoring Activities:
 A Draft emergency procedure plan was developed and presented to
Administrative staff for approval.
Specialized Training:
 Upon final approval of the emergency plan, training will be held for all
appropriate parties.
High-Risk Area #6: Unsafe Student Behavior
Responsible Party: Dr. Susan Lara, Vice President for Student Services
Key “A” Risk(s) identified:
 Unsafe student behavior including drug and alcohol use
Key Monitoring Activities:
 Early Alert system established for reports of concerns about students’ behavior.
Alcohol and drug abuse reports increased from the previous year
 Alcohol and drug awareness programs were reviewed.
Specialized Training:
 Increased cooperation with Police Department and trained 13 of 13 police staff
members (100%)
 Collaboration with housing to provide awareness
High-Risk Area #7: Intercollegiate Athletics
Responsible Party: Steve Aicinena, Director of Intercollegiate Athletics
Key “A” Risk(s) identified:
 Ineligible students participating in practice and competition
 Lack of comprehensive training program on NCAA rules
 NCAA rules and regulations not disseminated to appropriate individuals
Key Monitoring Activities:
 Reviewed and updated eligibility checklists, team roster deletions, squad lists and
individual student-athlete files to re-verify eligibility for practice and competition
 Created new or reviewed and revised existing forms and guides to assist coaches
and student athletes comply with NCAA requirements. Compliance with the
documents will be part of the monitoring program.
 Forwarded NCAA and Conference updates to related institutional departments
Specialized Training:



Athletic Director held training for staff, coaches and faculty athletic
representative. Sixteen of twenty-one (76%) participated in the training.
Coaches were required to pass the NCAA Coaches Certification Exam in
order to recruit off campus.
Held student-athlete compliance orientation on completion of NCAA and
institutional athletically-related documentation.
3
Section III – Monitoring and Assurance Activities (Performed by Compliance /
Audit Office)
High-Risk Area: Research
Assessment of Control Structure: Opportunity for Enhancement
Monitoring/Assurance Activities Conducted:
 Internal Auditor monitored implementation of recommendations in Audit of
UTS163 – Guidance on Effort Reporting Policies issued in August 2007.
 The Institutional Compliance Committee reviewed and approved the Action Plan,
Monitoring Plan, Effort Commitment and Certification Policy, and Training Plan
developed to move toward compliance with UTS 163.
High-Risk Area: Inadequate financial information to establish current position and
close out prior year; Bad financial rating status: Failure to achieve budget assumptions
Assessment of Control Structure: Opportunity for enhancement
Monitoring/Assurance Activities Conducted:
 VPBA/Compliance Officer, Asst. Compliance Officer/Internal Auditor, meet
weekly with the President, Provost and Director of the Office of Accounting to
review current financial position and potential actions that could impact year end
results and financial rating status.

High-Risk Area: Intercollegiate Athletics
Assessment of Control Structure: Well Controlled
Monitoring/Assurance Activities Conducted:
 An external Compliance Review of the athletics program was conducted in
March 2008. The review found some recommendations for improvement of the
program, but found no major areas of concern. Following the review, NCAA
Division II moved UT Permian Basin from provisional status to full membership.
High-Risk Area: Top Risk Areas
Assessment of Control Structure: Opportunity for Enhancement
Monitoring/Assurance Activities Conducted:
 The Asst. Compliance Officer and Athletic Compliance Officer reviewed draft
monitoring plans submitted for all top risk areas. Due to inconsistencies in the
format and documentation, a training session for designated responsible parties
was held. Revised monitoring plans were received and the review process was
started.
 The Tier I Risk Footprint and Tier II Risk Footprints for top risk areas were
reviewed and revisions were made as deemed necessary to reflect changes.
 The Top Risks were reviewed by the Compliance Committee. The list for
monitoring in FY 2009 was approved.
Section IV – General Compliance Training Activities
The University uses the Training Post computer-based training system for its general compliance
training. All new employees were required to complete twelve training modules for the basic risk
areas. All continuing employees were expected to complete six modules. For Fiscal Year 2008
4
the completion rate for all assigned general compliance training modules was 94.7% compared to
the 97.1% completion rate for Fiscal Year 2007.
In addition to the general training, general compliance issues were discussed with several groups
including the Athletic Department staff, School of Education, School of Business, and College of
Arts and Sciences faculty and staff, the Student Senate, and resident assistants in housing. The
Administrative Council was informed of current compliance topics at each meeting.
Computer software problems continue to limit the availability of the Training Post modules and
completion reports. Breeze software was purchased to replace the Training Post. Staff turnover
in Information Resources resulted in the loss of staff trained to work with Breeze. Addition of a
Trainer position in the Department of Human Resources will provide the opportunity to review
and enhance all training opportunities and to develop expertise in software to deliver training.
Section V – Action Plan Activities
The following Action Plan activities were completed during the year
 Surveys were completed by the Committee to assess the compliance program and the
compliance officers.
 A self-assessment survey of the program was completed by the Compliance Officer.
 Certification letters were requested from all budget heads and responsible parties that
provide assurance and/or note exceptions to compliance activities and programs within
each area. The Compliance Committee reviewed the results.
 The Assistant Compliance Officer participated in the UT System Institutional
Compliance Advisory Council and the Peer Review and Assurance Activities Committee.
 Meetings of the Institutional Compliance Committee were held each quarter.
 A campus-wide compliance awareness survey was completed and results were compared
to results from previous years.
 Compliance information was submitted for each UTPB Employee Newsletter.
 Training was held for responsible parties for top risks on preparation of monitoring plans
and quarterly reports.
 Monitoring plans for top risks were reviewed by the compliance officers and presented to
the Compliance Committee for review.
 The Compliance Committee started reviewing quarterly reports on top risk areas.
 The Tier I and existing Tier II risk footprints were reviewed by the Compliance
Committee and changes were made as deemed appropriate.


Continued to increase awareness of availability of confidential reporting
mechanisms for compliance and ethics issues.
The Committee received and reviewed compliance inquiry line reports and related
information regarding the ongoing operations of the Compliance Program.
In addition to planned activities, the UT System compliance staff performed a review of
the UTPB Compliance Program during the fiscal year. Recommendations for
enhancement of the institution’s program resulting from the review will be incorporated
into the FY 2009 Action Plan.
Due to time and staff constraints, action plan items for which completion was deferred to Fiscal
Year 2009 include: final approval by Executive Staff and distribution of the revised Compliance
Manual; completion of the process of identifying and accumulating information for inclusion in a
5
revised Compliance Manual for committee members to be used in orienting new committee
members and as a resource for continuing members; completion of the update of the
Management Responsibilities Handbook; completion of a timeline that will incorporate training
to be offered throughout the campus; and update of the Compliance web page. Conversion of
Training Post to a new delivery method will occur when the method of delivery is determined.
Section VI – Confidential Reporting
The Institutional Compliance Program provides the following mechanisms for reporting
compliance issues: a confidential “888” hotline, an internal telephone line, and an email address
that may be accessed directly or through the Compliance website. In addition, the Compliance
Officer or Assistant Compliance Officer may be contacted directly. In practice, calls or personal
visits that initially are made to the President or other individuals in the university are transferred
to the Compliance Officer or Assistant Compliance Officer in order to expedite the review and
reporting of the call. Sixty-eight compliance inquiries were reported during the 2007-2008 fiscal
year. Three inquiries were by internal hotline, seven by “888” hotline, eight by regular phone
line, five written, seventeen by email, and twenty-eight in person. Sixty-six inquiries have been
resolved and two are under continuing review.
The composition of the compliance inquiries was as follows:
Type
Improper Use of University
Property & Resources
Human Resources
Privacy
Miscellaneous
Fiscal Reporting/Audit
Total
Number
% of Total
11
14
5
35
3
68
16 %
21
7
52
4
100%
All reports are handled through a three-person triage team comprised of the Compliance Officer,
Assistant Compliance Officer and Director of Human Resources.
The 2008 Annual Report is submitted by:
_________________________________________________
Christopher R. Forrest, Ph.D.
Compliance Officer
Vice President for Business Affairs
_________________________________________________
W. David Watts, Ph.D.
President
Date Submitted: ___________________________________
6