Universities

This audit found that Web-based applications at Arizona State University, the University of Arizona, and Northern Arizona University are vulnerable, and the universities have not fully implemented information technology (IT) security programs. Auditors were able to access sensitive information, including a database containing 10,000 names and social security numbers. The universities need to address the security of their Web-based applications and implement comprehensive IT security programs. In addition, the universities should establish timelines for implementing the audit recommendations and report their implementation progress to the Arizona Board of Regents.

University capital projects include new construction, renovation, or improvement of new buildings, facilities, or infrastructure, and major capital projects are those that cost $2 million or more. State support for Arizona State University’s (ASU), the University of Arizona’s (UA), and Northern Arizona University’s (NAU) research goals, enrollment growth, and other factors has fostered capital development. Between fiscal years 2005 and 2007, Arizona’s universities spent approximately $754 million for new academic and research facilities, and another $253 million for renovating and improving existing facilities. Arizona’s universities primarily rely on issuing their own public debt—usually revenue bonds and certificates of participation (COPs)—to finance capital projects. As of June 30, 2007, they had approximately $869 million in revenue bonds and $935 million in COPs outstanding. The universities have also partnered with third parties to pay for major capital projects, entering into 18 such arrangements between 2002 and 2007. Thirteen of the projects involve nonprofit corporations that can issue tax-exempt revenue bonds, while the other projects involve local government and/or for-profit business entities.

ASU, UA, and...