Print-friendly Version of Section 5.A. | Return to top
Print-friendly Version of Section 5.B. | Return to top
Print-friendly Version of Section 5.C. | Return to top
The University Purchasing Directors of Southern Illinois University are authorized to rent from others, as necessity warrants, properties that in their opinion will help to satisfy the requirements of the administrative, educational, and auxiliary operations of the University. The University Purchasing Directors may negotiate lease contracts in which the University is the lessee subject to approval by the President prior to final execution of the document. The University Purchasing Directors may negotiate leases of University properties to others and give notice to vacate subject to approval by the President. (3/13/03, 04/14/11)
Prior approval by the Board of Trustees is required before the commitment of funds can be made for requisitions for fixed improvements projects or annual needs by subdivision of work for renovation, repair, and maintenance activities where the entire project cost or annual need by subdivision of work is $500,000 or more. The Board of Trustees shall approve the project, the budget, and major changes to the budget, defined as changes of 10 percent. The Board shall receive the bids and award all contracts. (12/08/11)
Prior approval by the Board of Trustees is not required if the fixed improvement project involving a commitment of less than $500,000, provided that the President's approval is obtained for projects of $100,000 or more. (9/14/00, 2/12/09, 12/08/11)
The Board authorizes the University Purchasing Directors to petition the State Purchasing Officer to suspend or the Chief Procurement Officer to debar a vendor from submitting future bids for violation of the Procurement Code and/or the Rules of the Chief Procurement Officer of Public Institutions of Higher Education. (12/08/11)
Procurement of Search Firm Services
The services of an external hiring search firm shall be retained by the University only as specified in this policy. A search firm may be retained to assist the Board of Trustees in the recruitment, selection, and hiring of a President or Chancellor. For all other positions, the Board of Trustees authorizes the President to retain an external hiring search firm to assist in the recruitment, selection, and hiring when a justifiable need is established and approved by the President based on any of the following qualifying criteria.
1. The position to be filled is of such a specialized nature or scope that use of an external search firm provides a more cost effective use of University resources.
2. The position to be filled requires a level of professional search expertise exceeding that available internally to the University.
3. The position to be filled is of such a critical nature or scope that it must be filled immediately, time being of the essence.
4. The diversity of the applicant pool will be significantly enhanced by services provided by an external hiring search firm. (11/08/12)
Print-friendly Version of Section 5.E. | Return to top
Print-friendly Version of Section 5.F. | Return to top
Print-friendly Version of Section 5.G. | Return to top
Print-friendly Version of Section 5.H. | Return to top
Print-friendly Version of Section 5.I. | Return to top
Print-friendly Version of Section 5.J. | Return to top
Information Security Plan Charter
Information Systems Privacy & Statement of Ethics
Southern Illinois University takes justifiable pride in the electronic information systems provided to its faculty, staff, and students. These resources include computer systems, software, data sets, and communications networks. Members of the University community may use these resources only for purposes related to their studies, instruction, the discharge of duties as employees, official business with the University, or other University-sanctioned activities. Any other use, unless specifically authorized, is prohibited. Access to the University's electronic information systems is a privilege to which all University faculty, staff, and students may be granted access to varying degrees. Certain responsibilities accompany that privilege; understanding them is important for all users. Those within the University community who make use of these resources are subject to high standards of ethics to insure the privacy, security, and proper use of data. Recognized as a primary educational, research, and administrative asset, the University's electronic information systems should be protected from unauthorized modification, destruction, disruption or disclosure-whether accidental or intentional.
User Responsibility for Security of Stored Information
The user is responsible for correct and efficient use of the tools each electronic information system provides for maintaining the security of stored information.
Confidentiality of Stored Information
Computing and networking resources may be used only in accordance with accepted University practice. Examples of inappropriate and unacceptable use of computing and networking resources include, without limitation:
Violation of the policies described herein for use of computing resources will be dealt with seriously. Violators are subject to disciplinary procedures of the University and, in addition, may lose computing privileges. Illegal acts involving the University's computing and networking facilities may also be subject to prosecution by local, state, and federal authorities.
Each campus shall:
The campus Information Security Officers, or their designates, shall meet annually to review the SIU System Information Security Plan and suggest modification as required.
Each campus shall maintain an information security plan that, at minimum, addresses the following:
Maintain acceptable or responsible use guidelines that include or address:
Ensure that workforce members receive training regarding:
Maintain Standards and guidelines for the classification of information the University creates, receives, maintains, or transmits.
Maintain standards and guidelines for the procurement of computing resources. Ensure that systems handling protected information are compliant with relevant requirements of applicable law and this Information Security Plan.
Securing Systems, Hardware, Data, and Software
Maintain standards for the equipment, applications, and devices deployed to ensure predictable operability and security of those devices. These standards are mandatory for computing resources involved in the processing and storage of protected information.
Ensure significant changes to computing resources are managed to establish that changes are reasonable and necessary; do not introduce unintended risk to the confidentiality, availability, or integrity of data; and are executed as planned.
Ensure workstations are configured, maintained, and employed in a manner to ensure the confidentiality, integrity and available of the information they contain.
Ensure information system software is regularly tested and updated to reduce risk of system vulnerability exploitation and malfunction.
Ensure information systems and data are adequately protected from malware or other destructive computer programs.
Maintain reasonable and appropriate protection for physical computing resources. Access to data centers, network closets, remote points of presence, etc. shall be appropriately restricted. Physical locations containing high-risk information assets shall receive additional protections. i.e. access logging, proximity badge access, video surveillance, etc.
Maintain standards for the backup, retention, recovery, and protection of critical data.
Maintain standards for reuse, destruction and disposal of computing devices and information. Disposal of physical assets and data must be done in accordance with applicable laws, regulations, and policies.
Maintain standards for the proper handling, tracking and disposal of protected information regardless of medium to prevent inadvertent disclosure.
Maintain network standards that include:
Ensure employees, contractors, vendors or any affiliates with access to computing resources or information assets are appropriately vetted by the appropriate University officials, managers, supervisors, and data stewards.
Ensure timely termination of user access to information systems, as appropriate, to protect the confidentiality and integrity of those systems.
Provide users the least privilege access to information systems necessary and appropriate to conduct University business need and perform University job duties.
Require individually assigned accounts and strong passwords to ensure access to information systems is appropriate and adequately logged.
Ensure remote network and application access is appropriate to individual users’ roles and responsibilities.
Business Continuity and Disaster Recovery Planning
Ensure business systems and business processes are prioritized by mission impact to establish criticality in the event of catastrophic failure. Assign appropriate backup and redundancy processes to critical systems. Maintain and regularly test a disaster recovery plan.
As appropriate, maintain procedures to ensure that critical University processes can continue in the event an information system is unavailable.
Information Risk Management
Regularly undertake a formal analysis of the risks and vulnerabilities associated with the security of protected information contained in or accessed through University computing resources.
Investigate, document, report, and remediate information security incidents as appropriate and required.
Maintain an inventory of systems and processes that store, process, manipulate or access protected information.
Ensure that exceptions to guidelines, policies and standards developed pursuant to this Information Security Plan are formally approved, documented and regularly reviewed in recognition of the balance between the rigidity and structure of standards with the necessity of effective operations and the limitations of available resources and technology.
 Information that is protected from release by state and/or federal law/regulation or would require SIU to provide notice to individuals and/or government agencies if information is lost, stolen or compromised; examples include protected health information (PHI/HIPAA), credit card numbers (PCI), banking information (GLBA), and protected student information (FERPA)
Print-friendly Version of Section 5.K. | Return to top
Print-friendly Version of Section 5.M. | Return to top
Pursuant to Section 3(h) of the Act (5 ILCS 140/3), Southern Illinois University has promulgated policies governing access to public records of the University in conformity with the Act. The purpose of the policies are to provide timely access to public records in the possession of the University while, at the same time, protecting legitimate privacy interests and maintaining administrative efficiency within the requirements of the State Records Act. 5 ILCS 160/1 et. seq.
The requester shall include the following information in a request:
The FOIA Office(r) shall respond to all written request for public records other than requests for commercial purposes, within five (5) business days after receipt of the request, and within 21 business days after receipt of a request for commercial purposes, unless otherwise authorized by this policy or law. The calculation of the time period for response begins on the first business day after the public body receives the request.
Generally, public records will be available for inspection at the FOIA offices designated above in Section 3 between the hours of 8:00 a.m. and 4:30 p.m., Monday through Friday, except on State holidays and other University closures.
The requestor shall be notified in writing within five (5) business days after receipt of the request when and where the records will be available for inspection.
The University will notify the requester of the availability of the records for inspection within five (5) business days after receipt of the request or as extended pursuant to the Act.
The written notification shall admonish of the requester of the following:
Copies of public records shall be provided to the requester only upon payment of any fees that are due. There shall be no fee charged, however, for the University's cost of searching and reviewing the requested records. The availability of the record and the amount of the fee being charged shall be communicated to the requester within five (5) business days of receipt of the request, unless more time is authorized under the Act or this Policy.
If a person's request for public records has been denied in whole or in part by the FOIA Office(r), that person may file a request for review with the Public Access Counselor of the Attorney General's Office no later than 60 days after the date of the denial. The request for review must be in writing, signed by the requester, and include (i) a copy of the request for access to records and (ii) any responses from the public body.
A person whose request has been denied by the University may file suit for injunctive or declaratory relief pursuant to Section 11 of the Act, in either the circuit court where the University's principal office is located or where the person denied access resides. All communications involving litigation and/or a court summons arising out of a denied request under the Act shall be transmitted to the President's Office, Chancellor's Office, or the Provost and Dean's Office as appropriate immediately upon receipt.(01/17/08, 02/11/10, 07/24/14)
Print-friendly Version of Section 5.N. | Return to top
Acknowledgement: Because many universities have been involved in drafting Identity Theft Protection Policies to be incompliance with changes in the laws, these policies may look similar. This policy was developed in accordance with Sections 114 and 315 of the Fair and Accurate Credit Transactions Act, the Fair Credit Reporting Act, and the Federal Trade Commission regulations and guidelines (16 CFR Part 68). Additionally, several other university policies were reviewed in creating this policy including: Purdue University, UCLA University, and Kalamazoo College.(5/7/09, 07/24/14)
Print-friendly Version of Section 5.O. | Return to top
It is the policy of Southern Illinois University to invest funds in a manner which will provide investment returns and security consistent with good business practices, while meeting the daily cash flow demands of the University, and conforming to all statutes governing the investments of funds. Funds of Southern Illinois University will be invested in accordance with the provisions of the Illinois Compiled Statutes, Chapter 30, Sections 235/0.01 ‑ 235/8, "The Public Funds Investment Act", the Policies of the Board of Trustees of Southern Illinois University, and covenants provided from the University's bond and Certificate of Participation issuance activities.
As provided in Illinois Compiled Statutes, Chapter 30, Sections 225 "The Public Funds Deposit Act," public funds of the University will be deposited in savings and loan associations, savings bank, or State or national banks in Illinois.
A. Overall Risk Profile
The three basic objectives of Southern Illinois University's Investment Program are:
1. Safety of invested funds;
2. Maintenance of sufficient liquidity to meet cash flow needs;
3. Attainment of the maximum investment returns possible consistent with the first two objectives.
The achievement of these objectives shall be accomplished in the manner described below:
1. Safety of Invested Funds
The University will insure the safety of its invested funds by limiting credit and interest rate risks. Credit risk is the risk of loss due to the failure of the security issuer or backer to meet promised interest or principal payments on required dates. Interest rate risk is the risk that the market value of portfolio securities will fall or rise due to changes in general interest rates. The physical security of the University's investments is also an important element of safety. Detailed safekeeping requirements are defined in Section IV of this policy.
a. Credit risk will be mitigated by:
i) Limiting investments to those specified in the Illinois Public Funds Investment Act, which prohibits investment in corporate bonds with maturity dates longer than 270 days from the date of purchase;
ii) Prequalifying the financial institutions with which we will do business; and
iii) Diversifying the investment portfolio so that the failure of any one issue or backer will not place an undue financial burden on the University.
b. Interest rate risk will be mitigated by:
i) Maintaining significant balances in cash equivalent and other short maturity investments as changing interest rates have limited impact on these securities’ prices;
ii) Establishing maturity diversification targets, as outlined in section B below, that are consistent with the expected cash flows of the University.
The University's investment portfolio will be structured in such a manner that securities mature at the same time as cash is needed to meet anticipated demands. Additionally, since all possible cash demands cannot be anticipated, the portfolio should consist largely of securities with active secondary or resale markets.
3. Investment Returns
Investment returns on the University's investment portfolio is a priority after the safety and liquidity objectives described above. Investments are limited to relatively low risk securities in anticipation of earning a fair return relative to the risk being assumed.
B. Maturity Diversification
The University's investment portfolio will be structured to provide that sufficient funds from investments are available every month to meet the University's anticipated cash needs. Subject to the safety provisions outlined above, the choice in investment instruments and maturities will be based upon an analysis of anticipated cash needs, existing and anticipated revenues, interest rate trends, and specific market opportunities.
Based on a review of the University’s cash flows, assets (excluding debt financing funds) will be invested according to the following schedule:
Approximate Average Maturity Range
Cash & Cash Equivalents
Less than one year; typically less than 30 days
Minimum $40 million
Up to 3 years;
$0 - $160 million
Up to 10 years
$65 - $125 million
The Treasurer will manage the investments to fall within the maturity ranges and target balances as listed in the table above. However, circumstances may occur that cause the allocations to temporarily fall outside the prescribed ranges.
C. Definition of Funds
Funds for the purpose of this policy are all University funds which are available for investment at any one time. Funds include those in the University's general operation and debt financing activities.
Investments shall be made with judgement and care ‑ under circumstances then prevailing ‑ which persons of prudence, discretion and intelligence exercise in management of their own affairs, not for speculation but for investment, considering the probable safety of their own capital as well as the probable income to be derived.
The standard of prudence to be used by investment officials shall be the "prudent person" standard and shall be applied in the context of managing an overall portfolio.
This section of the Investment Policy identifies the types of instruments in which the University may invest its funds.
A. Eligible Securities
Southern Illinois University will make investments under the Public Funds Investment Act (Illinois Compiled Statutes Chapter 30, sections 235/0.01 ‑ 235/8). This affords the University a number of investment opportunities including:
Southern Illinois University will diversify its investments by security type, issue and maturity in order to reduce overall portfolio risks while striving to meet or exceed the benchmark average rate of return. Obligations of the United States of America, its agencies, and its instrumentalities are eligible without limit. No more than one-third of Southern Illinois University’s funds may be invested in short term obligations of corporations.
C. Collateralization Requirements
In accordance with the State Finance Act (30 ILCS 105/6a-1), deposits that exceed the amount of federal deposit insurance coverage shall be collateralized using eligible securities as listed in the Deposit of State Moneys Act (15 ILCS 520/11). The collateral for various investments shall be held by third parties or in a separate trust department of a participating bank. The collateralization level must be in an amount equal to at least market value of that amount of funds deposited exceeding the insurance limitation provided by the Federal Deposit Insurance Corporation or the National Credit Union Administration or other approved share insurers.
D. Release of Collateral
Only the Treasurer and his designees shall be authorized to release securities pledged as collateral. All requests for the release of collateral shall be confirmed in writing.
Receipts for confirmation of purchase of authorized securities should include the following information: trade date, par value, rate, price, yield, settlement date, description of securities purchased, agency's name, net amount due, and third party custodial information. These are minimum information requirements.
The University will pool all operating cash for investment purposes to provide for efficiencies and economies in their management. Proceeds related to revenue bond and certificate of participation financing activities will be pooled to the extent allowed under the covenants.
III. SELECTION OF INVESTMENT ADVISORS, INVESTMENT MANAGERS, AND FINANCIAL INSTITUTIONS
A. Investment Advisors and Investment Managers
Investment advisors and investment managers who manage University funds must be registered with the Securities and Exchange Commission and carry adequate levels of insurance. The University will annually send a copy of the Investment Policy to investment advisors and investment managers who manage University funds. The University will follow the State’s Procurement Policy when issuing public Requests For Proposal in selecting its advisors and managers.
B. Qualification of Brokers, Dealers, and Financial Institutions
The University will only transact business with banks, savings and loan associations, and broker dealers who have been approved by the University.
IV. INTERNAL CONTROL PROCEDURES
A. Purchase of Securities
The Treasurer will delegate authorization to purchase investment securities to employees, as needed. A list of these authorized employees will be provided to each investment broker/dealer. A confirmation of the purchase of authorized securities will be provided to the Treasurer. All security transactions will be conducted “delivery versus payment.”
On occasion, there will be a need for the Treasurer to delegate authorization to a third party to purchase securities on behalf of the University. In these instances, a one-time delegation will be executed that clearly states the type of security, the amount to be purchased, the maturity date, and the purchase date.
B. Safekeeping of Assets
All securities (except collateral) owned by the University will be held by its safekeeping agents. The University will contract with a bank or banks for the safekeeping of securities which are owned by the University as a part of its investment portfolio or which have been transferred to the University under the terms of any repurchase agreements. Safekeeping reports shall be provided.
C. Sale of Securities
The Treasurer will delegate authorization to initiate the sale of investment securities to employees, as needed. A list of these authorized employees will be provided to each broker/dealer. The proceeds of all sales transactions will be deposited into a University account.
D. Wire/ACH Transactions
Where possible, the University will use repetitive wire transfers and preformatted ACH transfers to restrict the transfer of funds to preauthorized accounts only. When transferring funds to an account using a non-repetitive wire or a non-preformatted ACH transfer, the bank is required to call back a second pre-established employee for confirmation that the transfer is authorized.
V. STRUCTURE AND RESPONSIBILITY
This section of the Policy defines the overall structure of the investment management program.
A. Responsibilities of the Finance Committee of the Board of Trustees
The Finance Committee of the Board of Trustees will, upon recommendation of the Treasurer:
a. the definition of maturity ranges;
b. the allocation of funds;
c. the setting of benchmarks for evaluating investment performance.
2. review quarterly investment reports.
3. approve the selection and assess the performance of investment managers.
B. Responsibilities of the Treasurer
The Treasurer is appointed by the Board of Trustees and is chief custodian of all funds held in the name of the Board of Trustees. The Treasurer is responsible for recommending, as necessary, financial policies and procedures to ensure compliance with State and Federal laws, Board Policies and University Guidelines. Investment oversight and banking relations are also responsibilities of the office. The Treasurer is responsible for providing the President and Board a quarterly report of cash and investment activities.
C. Investment Managers
The investment managers are accorded full discretion, within the limits set forth in this Statement of Investment Policy and investment guidelines, to (1) select individual securities, (2) adjust the maturity mix, where applicable, and (3) diversify their portfolios so as to limit the impact of large losses in individual investments on the total portfolio.
The investment managers will provide the Treasurer with a monthly report of investment activity and investment performance.
D. Ethics and Conflicts of Interest
Officers, employees and agents, including, but not limited to, investment managers, involved in the investment process shall refrain from personal business activity that conflicts with the proper execution of the investment program, or impairs their ability to make impartial investment decisions. They shall disclose any material financial interests that could be related to the performance of the University's investment portfolio. They shall also comply with all applicable Federal and State laws governing ethics and conflict of interest.
VI. PERFORMANCE EVALUATION
The Treasurer will perform periodic reviews of the cash and investment activity to ensure that the safety, liquidity and performance of the investment portfolio is appropriate.
The Treasurer will provide a quarterly report of cash and investment activity to the President and Board of Trustees.
The Finance Committee of the Board of Trustees will review the performance of each portfolio and Total Fund relative to appropriate benchmarks on a quarterly basis.
The following benchmarks are currently being utilized:
BofA Merrill Lynch Ready Asset
A monthly average of the daily yield on the BofA Merrill Lynch Ready Assets Trust.
BofA Merrill Lynch US 3-Month Treasury Bill Index
An index that is comprised of the rolling 3-Month Treasury Bill.
Barclays Capital Intermediate U.S. Government
A market value-weighted index of U.S. Treasury and Agency bonds with maturities between one and ten years.
A weighted-average return of the above portfolio benchmarks. The weights assigned to each benchmark are based on the actual monthly allocations to each portfolio.
Results will be evaluated relative to the above benchmarks and relative to the risks incurred in generating the results.
VII. STATEMENT OF INVESTMENT POLICY REVIEW
This Statement will be reviewed as governing Statutes are modified or when there is a material change in University circumstances that may warrant a new asset allocation policy. Absent these changes, this policy statement will be reviewed and modified, if appropriate, no less than every five years.
VIII. PUBLIC NOTICE
A. Investment Policy
Pursuant to the Public Funds Investment Act (30 ILCS 235/2.5(c)), the investment policy shall be made available to the public at the University’s main administrative office. Further, a copy of the investment policy will be posted on the web site of the Treasurer.
B. Investment Performance
Pursuant to the Accountability for the Investment of Public Funds Act (30 ILCS 237), the University will post monthly investment performance on the Treasurer’s web site by the 15th day following the end of the month.
C. GASB 3 and GASB 40
In reporting investments on its financial statements, the University follows the reporting requirements of GASB 3 and GASB 40.