Records Retention and Destruction with the Closure and Opening of Campus Buildings
As you purge files in preparation for a move, please consider whether the documents are a “public record” before discarding. The University is required to maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements. The Virginia Public Records Act establishes uniform procedures to manage and preserve public records throughout the Commonwealth. State agencies are required to:
- Identify public records – A public record is any information produced, collected, received, or retained that documents a transaction or activity of University business. A record is determined by content, not format, so the medium on which the information is recorded has no bearing on the determination. The content of a document determines whether it is a public record and how it is to be retained.
- Evaluate your records - The retention period is based on the value of the information and the Library of Virginia Records Retention and Disposition Schedules. Public records are required to be retained for the length of time determined in the schedules which can be found on the Trible Library web page link at http://cnu.libguides.com/recordsmanagement. Retention considerations include:
- Historical Value – records that document the history, i.e. minutes, policies, agency histories, plat maps, and annual reports.
- Administrative Value – records are necessary for the day-to-day operations of an office, to conduct current or future business functions, i.e. correspondence, studies, and reports.
- Legal Value – records have mandated retention by statute or regulation, i.e. leases, deeds, student records, medical records, and court case files.
- Fiscal Value – records document an office’s fiscal responsibilities, i.e. receipts, payments, transfers, and encumbrance of University funds.
- Prepare for destruction - Destruction of public records requires written approval by the University Records Managers, Doris Archer or Susan Barber, using the Certificate of Records Destruction RM-3 Form. The form and instructions are located at the Trible Library link http://cnu.libguides.com/recordsmanagement. A sample RM-3 Form can be found at the link http://library.cnu.edu/recdestsample.pdf. The retention period for the records must have expired and all investigations (including requests under FOIA), litigation, and required audits must be completed for authorization of disposition to be granted. An RM-3 Form is only required when destroying public records that are the copy of record. A copy of record is the official copy for reference and preservation. It may be an original or reformatted version. Destroying materials that are not public records, such as copies, personal items, and reference materials does not require reporting on a RM-3 Form.
- Methods of destruction – The nature of the information and the format of the records dictate the method by which they should be destroyed. When records contain personal identifying information, such as name, date of birth, social security number, driver’s license number, bank account numbers, etc. or sensitive proprietary information, they must be destroyed in a responsible manner in order to prevent unauthorized access. (For the detailed definition of identifying information, see Code of Virginia 18.2-186.3 (C)). Public records containing personal identifying information, regardless of media type, must be shredded, pulped, incinerated, made electronically inaccessible or erased so as to make the information unreadable or undecipherable by any means. Destruction should be completed within six months of the expiration of the records retention period. Responsible destruction should be used for any record containing personal identifying information whether it is the official public record or extra copy. Record destruction must be performed in a secure manner, ensuring that records to be destroyed are transported securely and destroyed completely. If your preference is incineration, Monty Alcock, Warehouse Manager, will ensure proper destruction and will verify completion with his signature on the RM-3 Form. All methods of destruction require the signature of the person who performed it and the destroy date recorded on the RM-3 Form. Public records that do not contain personal identifying information may be destroyed by placing paper documents in a trash or recycling bin, or simply deleting electronic data, but still requires documentation on the RM-3 Form.
- Final completion – A completed RM-3 Form serves as evidence of proper disposal when records are subpoenaed as evidence, audited, or investigated. By documenting the disposal of records and submitting the original signed form to the Records Managers, in the Trible Library, the integrity of the University is protected. The Records Managers will send the original RM-3 Form to the Library of Virginia to be retained for 50 years. A copy will be retained by the Records Managers and it is suggested that departments retain a copy for their records as well for three years.
Your help is needed to ensure that CNU’s public records are preserved, maintained and accessible throughout their life cycle. Thank you for your due diligence over this important aspect of records management.
Director of Internal Audit
The Mission of Internal Audit
The mission of Internal Audit at Christopher Newport University is to provide independent, objective assurance and consulting services designed to add value and improve the University's operations. It helps the University accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the University's risk management, control, and governance processes.
Scope of Work
The scope of the Internal Audit Department is to determine whether the University's network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
Risks are appropriately identified and managed.
Interaction with the various governance groups occurs as needed.
Significant financial, managerial, and operating information is accurate, reliable, and timely.
Employees' actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
Resources are acquired economically, used efficiently, and adequately protected.
Programs, plans, and objectives are achieved.
Quality and continuous improvement are fostered in the University's control process.
Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
Opportunities for improving management control, process efficiency and effectiveness, and the University's image may be identified during audits. They will be communicated to the Audit Committee and the appropriate level of management.
The Director of Internal Audit shall report administratively to the University President and functionally to the Audit Committee of the Board of Visitors.
All internal audit activities shall remain free of influence by any element in the organization, including matters of audit selection, scope, procedures, frequency, timing, or report content to permit maintenance of an independent and objective mental attitude necessary in rendering reports.
The Director of Internal Audit and the audit staff shall have no direct operational responsibility or authority over any of the activities they review. Accordingly, they shall not develop or install systems or procedures, prepare records, or engage in any other activity which would normally be audited. They shall not direct the activities of any University employee not employed by the internal audit function except to the extent that such employees have been appropriately assigned to audit teams or to otherwise assist the internal auditors.
The Internal Audit Director and the audit staff should sign an annual conflict of interest statement to allow the disclosure of any situation that may impair their objectivity and allow the reaffirmation of Christopher Newport University's policies on conflicts of interest.
The Director of Internal Audit and staff of the internal auditing department have responsibility to:
- Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Audit Committee for review and approval as well as provide periodic updates.
- Implement the annual audit plan, as approved, including any special tasks or projects as deemed appropriate and requested by management and the Audit Committee.
- Provide information on the status and results of the annual audit plan and sufficiency of department resources.
- Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, and external audit).
- Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
- Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
- Issue periodic reports to the Audit Committee and management summarizing results of audit activities.
- Keep the Audit Committee informed of emerging trends and successful practices in internal auditing.
- Provide a list of significant goals to measure the performance of the internal audit function and report results to the Audit Committee.
- Assist in the investigation of significant suspected fraudulent activities within the University and notify management and the Audit Committee of the results.
The Director of Internal Audit and the staff of the internal audit function as defined above are authorized to:
- Have unrestricted access to all functions, records, property, and personnel.
- Have full and free access to the Audit Committee.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish the audit objectives.
- Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.
Standards of Audit Practice and Ethics
All audit work meets the International Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors. The department is expected to consistently demonstrate high standards of conduct and ethics as well as appropriate judgment, independence, and discretion. Members maintain a professional image and protect auditee confidences and confidential information.
- Association for Institutional Research
- U.S. University Directory
- Chronicle of Higher Education
- National Association for College and University Business Officers (NACUBO)
- State Council of Higher Education for Virginia (SCHEV)
- Library of Virginia - Records Management
- Code of Virginia Searchable Database
- Code of Federal Regulations
- Educause Information Resources Library
Auditing and Accounting Links
- Association of College and University Auditors (ACUA)
- Institute of Internal Auditors (IIA)
- The Department of the State Internal Auditor (DSIA)
- The Information Systems Audit and Control Association & Foundation (ISACA)
- American Institute of Certified Public Accountants (AICPA)
- Governmental Accounting Standards Board (GASB)
- Association of Certified Fraud Examiners (ACFE)
- AuditNet Resource List
Information Systems Links
- Virginia Information Technology Agency (VITA)
- National Institute of Standards and Technology (NIST) Computer Security Resource Center
The Office of Internal Audit
Christopher Newport University
1 Avenue of the Arts
Newport News, VA 23606
Administration Building, 3rd floor
Rooms 317 & 321