Framework for Integrity

The University authorized the Financial and Information Security Team (FIST) to provide a University framework of the effective management for financial and other information, financial controls, cyber security, and enterprise risks, through promotion of a culture of integrity, continuous improvement, and assurance. Within this framework:

1.         Each department and/or function at the University incorporates a philosophy of “Continuous Improvement” into critical decision-making.

2.         The University acknowledges and supports the prevention, detection, monitoring, testing and correction of problems and concerns as a means to continuously improve the integrity, efficiency and effectiveness of our operations. 

3.         “Continuous Improvement” is a journey, not a destination.

4.         Audits present opportunities for improvement and assurance, not punishment.  Prevention and detection audit controls are essential elements of the continuous improvement process.

5.         A “Continuous Improvement” culture supports a constantly improving cyber program for:

            a)         assessing data security risks, both technological and “securing the human”
            b)        establishing appropriate controls and safeguards
            c)         monitoring and testing controls

6.         A "Continuous Improvement" culture promotes ongoing improvements in the legal compliance framework, processes and controls needed to ensure that university operations are conducted in compliance with legal and regulatory requirements.         

7.         A “Continuous Improvement” culture regularly engages in Enterprise Risk Management (ERM) that involves:

            a)         risk assessment and analysis – “where are we today?”
            b)        open dialogue about risk tolerance
            c)         development of plans to address risk gaps and lowering likelihood and/or impact of risk events

8.         A “Continuous Improvement” culture ensures the provision of appropriate resources for activation and enablement of assessments, plans and activities.