Committee on Audit and Compliance Aug 31st Liveblog


3:00PM – Audit/Compliance is always hard to liveblog because it is a very technical committee.  but we’ll give it a shot.   The Committee passed an action item – giving Pricewaterhouse Cooper the engagement to update and relook at our broken payroll system.  Apparently our payroll system is so broke nowadays, that there are campuses whose systems will collapse if not replaced in a number of years, and systems that are so old, only one person on the campus knows how to work the system.

Audit/Compliance also passed their annual compliance report, which you can find and dissect at http://www.universityofcalifornia.edu/regents/regmeet/aug10/a3.pdf

The quick highlights were that there were two campuses missing Compliance Officers, which was a problem, and they were supported by UCOP compliance and audit work.

4PM – The UC also has gained, this summer, the first insurance policy that covers the entire UC system’s cyberrisk (all our IT infrastructure).  The insurance policy is meant to be a “carrot” on the campuses so units will want to house their servers centrally on a campus, so they could get insurance coverage for their data.  Regent Makarechian notes that the insurance policy may be so broad that the UC may never win a filing on these terms, UCOP respnods that this is 1) better than our current insurance coverage and 2) helps centralize IT and pushes best practices 3) and will probably cover the much of the breaches that have happened in the past.  The premium (annual, i believe) will be 500k dollars, to cover all of the UC IT systems.

Advertisements

3 responses to “Committee on Audit and Compliance Aug 31st Liveblog

  1. there also were comments by David Ernst about how his efforts with CIOs would help be a push pull for campuses to act more egalitarian with each other – I could not hear his full comment because his microphone broke up – did you happen to hear his comment on that?

  2. also, why don’t the regents use

    http://www.uctv.tv/

    and archive their meetings so that they can be viewed anytime online?

  3. So what if compliance people are not available…the question that needs to be addressed before filling the open posts is, “Do we really need to fill these positions at this time? Who else, that is currently employed, can also do the job of compliance?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s