Please ensure Javascript is enabled for purposes of website accessibility
University of Baltimore officials told state auditors that the computer security concerns uncovered in a recent audit are being addressed. (File photo)

UB’s computer network not always secure, audit says

State auditors told the University of Baltimore that some of its accounting procedures were inadequate and that its computer network was not always secure.

UB officials said they have addressed most of the issues identified in the audit — which was released Wednesday and which examined the university’s fiscal operations and information technology systems during the period from July 2010 to July 2013.

The state Office of Legislative Audits’ report found that the protocols for issuing student refunds — which were usually related to financial aid — were too lax. Employees in charge of identifying those students owed a refund were also responsible for recording the refund in UB’s payment records and for signing off on the funds with the accounts payable unit.

Auditors recommended that supervisors be required to sign off on refunds and that additional measures be put in place to verify that the refunds are accurate.

UB said it had fixed both of those issues.

Additionally, auditors identified issues regarding inadequate control of revenue collections in the bursar’s office, such as allowing too many employees to have access to a vault. University officials said those issues, too, were remediated by purchasing a new, two-compartment vault and making other changes.

However, university officials still have more to do to address the problems with IT security.

Auditors found that UB’s firewall did not always adequately protect the university’s computer network. They found numerous ways that students or other third parties could access portions of the network, potentially placing critical functions at risk or compromising private information.

The audit did not specify what kinds of information might have been accessible.

Auditors also said that at least 117 active computers at UB were not fully protected by anti-malware software. They recommended putting additional measures in place to ensure that such software was installed and up-to-date on all university computers.

UB officials said it had addressed half of the computer-related issues while auditors were still on-site, and that another four will be resolved by December. The rest will be fixed by April of next year at the latest, they said.

About Alissa Gulin

Alissa Gulin covers health care, education and general business at The Daily Record.