The University of Texas of the Permian Basin
Institutional Compliance Program
Annual Report
For the Year Ended August 31, 2009
Section I – Organizational Matters



Quarterly meetings of the Institutional Compliance Committee were held on November
25, 2008, February 24, 2009, May 21, 2009 and August 27, 2009.
Two changes in membership on the Institutional Compliance Committee were completed
with a change in the Faculty Senate representative and a change in the AVP for Graduate
Studies and Research.
There were no changes in the Compliance staff which includes a Compliance Officer and
an Assistant Compliance Officer / Internal Auditor.
Section II - Risk Assessment, Monitoring Activities and Specialized Training
(Performed by Responsible Party)
High-Risk Area #1: Information Security
Responsible Party: Roy Mendozo, Information Security Specialist
Key “A” risk(s) identified:
Inadequate information security program impacting confidentiality and / or integrity of
data
Key Monitoring Activities:
Ongoing monitoring of email for confidential content. All inbound and outbound
email messages are examined. Emails containing social security numbers averaged 62
per month in FY 2008 compared to 15 per month in FY 2009. Emails containing credit
card numbers averaged 19 per month in FY 2008, compared to one per month in FY
2009.
Specialized Training:
Annual Information Security Awareness training is required of all UTPB information
resource users. An updated Information Security Awareness Training module was made
available to faculty and staff in November 2008. As of the end of August 2009, training
was completed by 429 of 691 users (62%). A weekly reminder was sent to all who had
not completed the requirement. A report of training remaining to be completed was
provided quarterly to the Institutional Compliance Committee. In August 2009 new and
returning faculty (150) received information security training during faculty orientation.
High-Risk Area #2: Research
Responsible Party: Karen Smith, Interim Assistant Vice President for Graduate Studies
and Sponsored Research
Key “A” risk(s) identified:
 Failure to follow laws, policies and procedures related to animal and human
subjects research
 Noncompliance with Time and Effort reporting
Key Monitoring Activities:
1

Reviewed 170 animal and human subject research protocols. Approved 132
without revisions and required 30 to complete revisions prior to approval. Eight
were not approved.
 Review of Effort Certification reports completed by principal investigators of
federal grants revealed exceptions caused by the method of processing casual
appointment payments through payroll. A change was made in procedures to
prevent the exceptions. Four other exceptions were noted and corrected.
 A staff member was hired to serve as ECRT functional leader. The employee
was trained on use of ECRT software, and then trained PI/Directors.
Specialized Training:
In the first quarter of FY 2009 a special presentation on Human Subjects Research was
made by Dr. Jim Plvarnik, Michigan State University, to faculty and students. Ninetyfour attended. Specialized time and effort training was provided by the Office of Human
Resources to individuals paid by external funds with a completion rate of 93% (50 of 54).
High-Risk Area #3: Safety and Security
Responsible Party: Tom Hain, Chief of University Police and Vice President for Student
Services
Key “A” risk(s) identified:
 Failure to follow policies and regulations regarding safety and security
Key Monitoring Activities:
 Falcon Alert established to make emergency notifications. One alert was issued,
there were no failures.
 Emergency blue towers with lights and phone lines were tested three times. Four
towers had intermittent failures one time per month. Problems related to phone
line reception and light bulbs burning out. Repair was completed.
 A siren system was installed for emergencies on campus. Initial testing revealed
the need to adjust the speakers. Adjustments were made and there were no test
failures.
 Tests of campus physical safety were conducted with six incidents reported.
Work orders were issued to correct the issues that caused the failures.
 Student referrals from housing and the police department related to alcohol and
drug offenses were monitored. As a result, additional awareness/prevention
programs were established.
Specialized Training:
Training was held for the RAs in housing and orientation leaders related to alcohol and
drug use. Six full time staff and 38 student RAs and orientation leaders were trained.
During the period June through August, 380 students were trained on alcohol and drug
use prevention during Freshman Orientation.
High-Risk Area #4: Endowment and Gift Compliance
Responsible Party: Kay Bivens, Institutional Advancement Director
Key “A” risk(s) identified:
 Failure to comply with Federal regulations and donor requirements
Key Monitoring Activities:
 Gift entry Validation sheets were reviewed by the Institutional Advancement
Director before completion of the donor’s gift file. 100% of the gifts during the
year were checked for accuracy. Only minor errors in coding were discovered
and they were immediately corrected. The errors were a result of a new staff
member in the position responsible for coding the transactions.
2
Specialized Training:
 Individual training was provided for the Administrative Assistant regarding
proper coding for transactions
High-Risk Area #5: Intercollegiate Athletics
Responsible Party: Steve Aicinena, Athletic Director
Key “A” Risk(s) identified:
 Failure to disseminate and follow NCAA rules and regulations
Key Monitoring Activities:
 Daily monitoring by the athletic compliance officer occurs for the possibility of
NCAA violations. The monitoring took place through observation of coaches’
activity, practice logs, discussions with athletes and review of self reports.
Weekly logs and miscellaneous phone records are examined on a periodic basis.
When violations were noted, one-on-one training was completed with the
individuals who should have prevented the violations. Self reports were filed
with the conference and NCAA. Letters of reprimand were given to coaches and
placed in their files. All violations detected were the result of misinterpretation
of rules and/or lack of understanding or due to administrative error.
Specialized Training:
 A compliance seminar was held for coaches and employees regarding changes to
NCAA rules and the Departmental Compliance Plan. Eleven of the twelve
employees (92%) attended.
 Coaches were required to pass the NCAA Coaches Certification Exam in order to
recruit off campus.
 Rules changes were distributed and a coaching exam was required for head
coaches.
High-Risk Area #6: Handbook of Operating Procedures
Responsible Party: Carla Nelson, Assistant to the President
Key “A” Risk(s) identified:
 Failure to ensure the accuracy and uniformity of the Handbook of Operating
Procedures
Key Monitoring Activities:
 The HOP committee completed review and revision of all parts of the handbook.
UT System Office of General Counsel reviewed and approved all parts, as well
as the UT System Associate EVC for Academic Affairs and the Associate EVC
for Student Affairs. The HOP Committee continues to meet regularly to provide
a mechanism for constant review and updating of the handbook.
Specialized Training:
 The revised HOP is available on the UTPB website as well as a hard copy for
viewing in the President’s Office.
High-Risk Area #7: Conflict of Interest
Responsible Party: Chris Forrest, Vice President for Business Affairs
Key “A” Risk(s) identified:
 Failure to comply with laws, rules and policies regarding Conflict of Interest
Key Monitoring Activities:
 The entire file of submitted Conflict of Interest forms received to date was
reviewed and missing forms identified. Follow up through direct contact with
employees took place in order to obtain the missing forms.
3
Specialized Training:
 Budget heads were informed during Budget Head training of the mandatory
Conflict of Interest certification process.
Section III – Monitoring and Assurance Activities (Performed by Compliance /
Audit Office)
High-Risk Area: Research
Assessment of Control Structure: Opportunity for Enhancement
Monitoring/Assurance Activities Conducted:
 Internal Auditor monitored implementation of recommendations in Audit of
UTS163 – Guidance on Effort Reporting Policies issued in August 2007.
 An audit of the Joint Admissions Medical Program (JAMP) was completed
during the quarter. None of the findings were considered significant.
High-Risk Area: Financial Aid
Assessment of Control Structure: Opportunity for enhancement
Monitoring/Assurance Activities Conducted:
 An A-133 limited scope audit of Financial Aid was completed by the State
Auditor’s Office during the year. Audit in the area of Disbursements to or on
behalf of students resulted in a finding of Material Weakness and Material NonCompliance. Internal Audit monitored progress during the remainder of the
fiscal year toward implementation of all recommendations. Reports were made
to the Audit Committee and UT System on progress made.
High-Risk Area: Financial Reporting
Assessment of Control Structure: Opportunity for Enhancement
Monitoring/Assurance Activities Conducted:
 As a result of significant audit findings regarding compliance with UT System
Policy UTS142.1 related to account reconciliation by departments, training on
the System policy and monitoring by the Office of Accounting, Internal Audit
assisted in training for all budget heads and administrative staff involved in the
account reconciliation process. 100% of identified staff completed the training.
 The monitoring policy developed by the Office of Accounting for review of
statement of account reconciliations was reviewed prior to submission to UT
System
 Forms to be used for Sub-certification by department heads to comply with UTS
142.1 were reviewed by Internal Audit.
Section IV – General Compliance Training Activities
The University started the year using the Training Post computer-based training system for its
general compliance training, then converted during the year to Adobe Connect. All new
employees were required to complete twelve training modules for the basic risk areas. All
continuing employees were expected to complete seven modules. For Fiscal Year 2009 the
completion rate for all assigned general compliance training modules was 93.1% compared to the
99.5% completion rate for Fiscal Year 2008. Information Security Training for all paid
employees was also delivered through Adobe Connect.
4
In addition to the general training, general compliance issues were discussed with faculty and
staff when appropriate. The Administrative Council was informed of current compliance topics
at each meeting. New employee orientations were initiated during the year, including a segment
on general compliance as well as information security. Specialized training was provided to
target groups for topics including Statement of Account Reconciliation Procedures, Time and
Effort Reporting and use of ECRT software.
Section V – Action Plan Activities
The following Action Plan activities were completed during the year
 Surveys were completed by the Committee to assess the compliance program and the
compliance officers.
 A self-assessment survey of the program was completed by the Compliance Officer.
 Certification letters were requested from all budget heads and responsible parties that
provide assurance and/or note exceptions to compliance activities and programs within
each area. The Compliance Committee reviewed the results.
 The Assistant Compliance Officer participated in the UT System Institutional
Compliance Advisory Council (ICAC).
 Meetings of the Institutional Compliance Committee were held each quarter.
 A campus-wide compliance awareness survey was completed and results were compared
to results from previous years.
 “Compliance Corner” information was submitted for each UTPB Employee Newsletter.
 The Compliance web page was reviewed and updated.
 Quarterly reports for top risks detailing monitoring activities were received from
responsible parties and were provided to the Compliance Committee for review.
 Final approval was received for the revised Compliance Manual. Faculty and staff were
notified of the revision and a link to the manual by email.
 The Management Responsibilities Handbook was revised and approved.
 The Tier I and existing Tier II risk footprints were reviewed by the Compliance
Committee and changes were made as deemed appropriate.
 A training plan for FY 2010 for new and continuing staff members was adopted.
 The Compliance Officers continued to increase awareness of availability of confidential
reporting mechanisms for compliance and ethics issues.
 The Committee received and reviewed compliance inquiry line reports and related
information regarding the ongoing operations of the Compliance Program.
 Quarterly and annual reports were provided to U.T. System Compliance Office as
requested.
Due to time and staff constraints, action plan items for which completion was deferred to Fiscal
Year 2010 include: completion of the process of identifying and accumulating information for
inclusion in a revised Compliance Manual for committee members to be used in orienting new
committee members and as a resource for continuing members; completion of a timeline that will
incorporate training to be offered throughout the campus; completion of detailed risk assessments
for all top risk areas followed by review by the committee; and inspection of high-risk area risk
management plans and testing of quarterly monitoring reports by compliance staff.
5
Section VI – Confidential Reporting
The Institutional Compliance Program provides the following mechanisms for reporting
compliance issues: a confidential “888” hotline, an internal telephone line, and an email address
that may be accessed directly or through the Compliance website. In addition, the Compliance
Officer or Assistant Compliance Officer may be contacted directly. In practice, calls or personal
visits that initially are made to the President or other individuals in the university are transferred
to the Compliance Officer or Assistant Compliance Officer in order to expedite the review and
reporting of the call. Seventy-two compliance inquiries were reported during the 2008-2009
fiscal year. One inquiry was by web site, six by “888” hotline, six by regular phone line, two
written, thirty-three by email, and twenty-four in person. Sixty-five inquiries have been resolved
and seven are under continuing review.
The composition of the compliance inquiries was as follows:
Type
Improper Use of University
Property & Resources
Human Resources
Privacy
Miscellaneous
Fiscal Reporting/Audit
Total
Number
% of Total
19
12
3
20
18
72
26 %
17
4
28
25
100%
All reports are handled through a three-person triage team comprised of the Compliance Officer,
Assistant Compliance Officer and Director of Human Resources. One of the issues was
suspected fraud. The procedures in UTS118 were followed, including appropriate notification of
specified UT System officials.
The 2009 Annual Report is submitted by:
_________________________________________________
Christopher R. Forrest, Ph.D.
Compliance Officer
Vice President for Business Affairs
_________________________________________________
W. David Watts, Ph.D.
President
Date Submitted: ___________________________________
6