Operations, Audit and Risk Committee Meeting April 18, 2024 - Board of Visitors - Christopher Newport University

Board of Visitors

Operations, Audit and Risk Committee Meeting April 18, 2024

The Operations, Audit and Risk Committee met on Thursday, April 18, 2024 at 3:00 p.m. in the Freeman Center, Room 201 with Chair Christy Morton presiding.

Present from the Committee

  • Mrs. Christy Morton, Chair
  • Mr. Brentley Archer
  • Mrs. Terri McKnight (remote by phone)
  • Ms. Kelli Purdy Meadows, CPA
  • Mrs. Lindsey Carney Smith, Esq
  • The Honorable Ronald L. Tillett

Ms. Terri M. McKnight, participated remotely by phone from Mexico. Remote participation permitted due to personal travel to Mexico pursuant to Code of Virginia § 2.2-3708.3(B)(4).

Other Board Members Present

  • Mr. William Estrada, Esq.
  • LTC (R) Boris G. Robinson

Others Present

  • President William G. Kelly
  • Mr. Quentin Kidd, Provost/Executive Vice President and Chief Academic Officer
  • Mrs. Jennifer Latour, Vice President for Finance and Planning/Chief Financial Officer
  • Ms. Faith Belote, Director of Internal Audit
  • Dr. Bob Colvin, Vice President for Strategic Initiatives
  • Ms. Adelia Thompson, Vice President for Advancement, External Engagement and the Arts
  • Mr. Kevin Hughes, Vice President for Student Affairs
  • Mr. Larry “Chip” Filer, Vice President for Facilities and Campus Operations
  • Ms. Lisa Duncan Raines, Vice President for Enrollment, Student Success and Institutional Effectiveness
  • Mrs. Ashleigh Andrews, Chief People Officer and Sr. Associate Vice President
  • Mrs. Sarah Herzog, Chief Financial Officer and Associate Vice President
  • Mr. Justin Davenport, Chief Information Officer
  • Ms. Wendy Wilde, Information Security Officer
  • Other CNU faculty and staff members

Chair Morton called the meeting to order and welcomed everyone in attendance. She thanked everyone for being there and gave a special welcome to Faculty Senate member Willy Donaldson.

Approval of February 9, 2024 Minutes

Chair Morton asked if everyone had a chance to review the Operations, Audit and Risk Committee minutes from February 9, 2024. There being no comments, edits or suggestions, Chair Morton called for a motion to approve the minutes as presented. A motion was provided and seconded and the minutes were approved by unanimous vote of the committee.

Chair Morton introduced Ms. Ashleigh Andrews, Chief People Officer and Sr. Associate Vice President to provide on update on the next steps for Title IX.

Title IX Next Steps

Ms. Andrews reported the Title IX Next Steps committee made some recommendations for next steps for Title IX to the President and his cabinet. These recommendations are built upon the work of the Title IX Review committee. After review and approval from the President and his cabinet, the following recommendations will be implemented. The recommendations include a new position to be created for a confidential advocate which will be established in the Office of Student Affairs. This position will be a confidential resource for students. Adjustments to training and education will continue and will be offered to faculty, staff and students. Investigations and decision making on reports of Title IX violations will be outsourced as this is an increasingly common approach. Lastly, a search for a new Director of Institutional Compliance and Title IX Coordinator is underway.

Ms. Morton thanked Ms. Andrews for her report and introduced Mr. Kevin Hughes, Vice President for Student Affairs to provide an update on the campus incident.

Campus Incident Report

Dr. Hughes reported that President Kelly had asked for an after-action report on a weapons discharge incident that happened on campus during the predawn hours on November 28, 2023, that resulted in damage to the David Student Union. Dr. Hughes reported that signs have been posted in the residential halls stating that this is an alcohol and weapons free zone. There is a legislative bill HB454 that bans weapons on state property but it has been vetoed. However, the Board of Visitors have authority to prohibit firearms and unauthorized storage of weapons in vehicles. Additionally, there are restrictions for students in the residence halls for possession and brandishing a weapon. There is also a Department of Human Resources Policy 2.35, Civility in the Workplace. Dr. Hughes stated the Policy Committee consolidate all of the policies into one place. Also, Christopher Newport University is the only University that does not have a weapons regulation in place. We are working to rectify that and will be researching what other Universities are doing for their regulation and create our own to bring to the Board of Visitors for review and approval. The regulation will help to criminalize the action being taken. There will first be a notification (possibly at the June meeting) and then Adoption of the regulation (at the September meeting).

Chair Morton thanked Dr. Hughes for the report and introduced Ms. Wendy Wilde, Information Security Officer to provide the following report:

Annual Information Security Report

Ms. Wilde reported the Information Security program is designed to protect information and critical resources from a wide range of threats to ensure business continuity and minimize risk. Significant improvements have been made to the Information Security Program since their last report to the Board of Visitors on April 13, 2023. Following a GLBA (Gramm-Leach-Bliley Act) assessment performed by CampusGuard in February 2023, several high risk items were identified and prioritized for remediation in 2024. Improvements and updates were completed in the areas of information security policies, standards, guidelines and procedures, university data governance, departmental risk assessments, disaster recovery and incident response.

The Information Security Officer (ISO) conducted online and in person Information Security Awareness training and conducted twelve Phishing Simulation training exercises to in-scope departments. Additional training was also conducted for Role Based Security Training (RBST), Gramm-Leach –Bliley Act (GLBA), Security Incident Response tabletop exercises, Disaster Recovery exercises and PCI-DSS (Payment Card Industry Data Security Standard) compliance. The Information Security team conducted a Business Impact Analysis (BIA) and Risk Assessments (RA) for the following departments: Admissions, Advancement, Banner, Business Office, CHECS (Center for Honor Enrichment and Community Standards), Financial Aid, IT Services, Registrar and Student Records Systems.

Report from the Chief People Officer

Ms. Ashleigh Andrews provided an update on the Compensation Study that began in 2022. The compensation study currently is focusing on Instructional Faculty Salaries. In 2022 the compensation study began for classified and hourly employees and 46% of staff received a pay increase from the findings of this study. In 2023, the same consultant, Gallagher was used for a compensation study for Administrative Professional Faculty and 44% received an increase. Prior to this, the last compensation study was completed in 2010. The goal of the study was to make Christopher Newport University more competitive in the market and improve retention among employees. Positions were compared to other higher education positions and also positions within the private sector. The Compensation Study for Instructional and Faculty Salaries has been completed and 276 positions were reviewed with 164 positions (59%) receiving an increase. The proposed implementation date will be August 25, 2024. The next steps will be to await the Board of Visitors approval of the University budget, develop a transparent communication plan and develop a strategy to maintain market competitiveness.

Chair Morton thanked Ms. Andrews for her report and said she is happy we are continuing to focus on this effort and our employees. She then introduced Ms. Faith Belote, Director of Internal Audit to provide her report.

Internal Audit Report

Mrs. Faith Belote, Director of Internal Audit, reported on the status of the Annual Audit plan for Fiscal Year 2023-2024. The Slate Access Controls audit is complete. The current state of the Free Application for Federal Student Aid (FAFSA) application process has delayed financial aid disbursements nationwide. As our Financial Aid Office has primary administrative responsibility for awarding scholarships as well the Endowed Student Scholarships audit will be postponed until their resource availability is sufficient. A Minors on Campus Safety review will be conducted as advisory/consulting services. Initial planning of the Identity and Access Management audit has begun. Planning is underway for the annual information technology risk assessment. The IT risk assessment results will be presented at the June meeting.

The Slate Access Controls audit report was presented in the board materials. Five open audit points are targeted for completion by October 4, 2024. The Endowed Faculty Professorships audit points are a work in progress with five points due for completion August 1, 2024. The Network Firewalls audit is complete. Six Student Accounts audit points are closed, with one point targeted for completion by July 1, 2024. The remaining four points for the Faculty Recruitment and Succession Planning audit are targeted for completion by June 1, 2024. The OSIG Cybersecurity audit non-disclosure agreements and rules of engagement were finalized and fieldwork began on April 12.

A new model internal audit charter has been released by the Institute of Internal Auditors (IIA). Independence, organizational position, and reporting relationships will be reviewed and updated during a full analysis to ensure compliance with the new Global Internal Audit Standards. A board resolution is anticipated at the September meeting.

Lastly, a staffing update was provided, and Ms. Belote reported the IT Auditor, David Ralph, has been promoted to Senior IT Auditor effective March 25. The recruitment search for the Senior Internal Auditor is in progress with a limited pool of applicants under review. A cooperative state contract has been identified for use if co-sourcing staff resources become necessary.

Chair Morton thanked Ms. Belote and her staff for the comprehensive report.

Closed Session

Chair Morton asked for a motion to convene in a closed meeting under the Freedom of Information Act, as amended, Section 2.2-3711 (A)(9) Gifts, Bequests and Fundraising. The motion was made by The Honorable Ron Tillett and seconded by Mr. Brentley Archer with all in favor and the committee went into closed session at 3:43 p.m.

Return to Open Session

The committee returned to Open Session at 3:55 p.m. and Chair Morton asked Ms. Wissinger for a role call certifying that only public matters were discussed that were identified in the motion by which the closed meeting was called. All committee members certified to the above by roll call: Mr. Brently Archer, Mrs. Lindsey Carney Smith, Ms. Terri McKnight, Ms. Kelli Purdy Meadows, and the Honorable Ronald L. Tillett.

Appointments to the Administrative and Professional Faculty (Informational Only)

Acting Chair Morton stated that Appointments to the Administrative and Professional Faculty are informational only and this report shows employees who have been hired since the committee last met.

There being no further business, the meeting adjourned at 3:57 p.m.

quick edit report a problem