The University of Arizona

News from the DCIO - 04/26/2010

Good Afternoon!
Welcome back to the news from the DCIO portion of our new Intranet Site! We heard some pretty positive feedback around the site, and as a result are looking to add some new features soon, such as RSS Feeds, etc. In the meantime, thanks for coming back to get the news for the week from my perspective!
Financial Audit 2009-10
About this time every year, the Auditor General (AG) ( arrives on campus to conduct the annual financial audit.   Why is that important? Well, the Financial Audit is the review of the financial statements for the University of Arizona resulting in the publication of an independent opinion on whether or not those financial statements are relevant, accurate, complete, and fairly presented. These opinions matter very, very much as we go out for loans, bonds, etc. in support of funding here at the University. So each year, this is a serious and focused effort on behalf of the University.  More and more we see information technology included in the audit because of the systems we support (in this case FRS and PeopleSoft Human Capital).  
This year (the audit is for Fiscal Year 2009-10, ending June 30, 2010) we knew there would be intense scrutiny around the new HCM system since payroll makes up over 65% of our financial statements. So, we have been preparing for some time around the areas we knew from experience might be focused on:
·         Physical Access
·         Logical Access
·         Web Application Security and Change Management controls (Software Life Cycle Development)
·         Risk Assessment and Management
·         Network Security
·         Disaster Recovery and Business Continuity
Michele, Cathy, Derek and I attended Financial Audit entrance meeting on Friday (04/23).   This is the meeting where the AG introduces the scope of the audit for both the financial and the information technology areas. From that meeting we know they will focus on two primary areas:
·         Web Application Security and Change Management controls (Software Life Cycle Development)
·         Logical Access
Both of these areas fall into Cathy Bates’ organization, so she will be the primary contact, lead and organizer for this audit.    You can expect that she will be fairly busy over the next few months, and will need quick responses from specific areas of Mosaic and UITS as she learns more.   Cathy will coordinate any meetings or information exchange with the AG.
Responsibility Centered Management
You may have heard people on campus talking about Responsibility Centered Management (RCM) and how it will impact central and academic units.    Some of you may have attended a SPBAC ( presentation by the University of Minnesota and learned more.   This topic is getting a lot of conversation on campus, and particularly within IT units as we understand more about how IT might be funded differently on campus.   I thought it would be good to share what we know so that you can come up to speed with the conversations and papers on this topic.
In May, 2008 the Provost charged a committee "to investigate how we might think differently about how tuition flows back to academic units in a more coordinated and incentivized way.” Through this charge, RCM came to be discussed as a new way to think about our finances.   You can learn much more at the Provost site (, and I promise to post more here as we learn more.
Incident Command Training
Checkout the new posting under Documents & Presentations – you will see a slide show about UITS Incident Command (IC).   It was developed for the purpose of educating different constituents around our UITS Incident Command structure – but I thought it might be useful inside UITS as well, especially if you haven’t been involved personally in and IC event.
That’s it for now, I continue to encourage you to send comments and suggestions on topics that you feel would be worthwhile for the organization to hear about.