An Arizona Auditor General’s report on the University of Arizona’s internal control over financial reporting for fiscal 2025 says the university’s global campus overstated revenue by more than $250,000 or 0.13%, and that the UA misspent $78,000 when a former employee wasn’t removed from the payroll system after resigning.
The audit report also found the UA’s and its global campus’ control processes over IT systems and data weren’t sufficient, and that some miscellaneous UA expenses weren’t documented properly.
Auditor General Lindsey Perry said the October 2025 report's sole scope was UA’s internal control over its financial reporting, and did not consider the effectiveness of its overall internal control.
Finding #1: Ex-employee paid
A former UA employee, whose role involved working on a federally funded research and development grant project, resigned in June 2023, and the UA continued to pay his salary and additional employee-related expenses through the next one year and 10 months. The total net loss to the university was $78,114.
“While the issue was isolated, the university recognizes the importance of reinforcing preventive and detective controls to mitigate the risk of similar occurrences in the future,” said UA’s Chief Financial Officer John Arnold in a response, with fellow administrators, included in the audit report.
The causes for the lapse included: UA’s College of Agriculture, Life and Environmental Sciences’ only human resources employee was transferring to a new position and failed to inform other employees to process the individual’s resignation; UA’s human resources processes were decentralized and oversight was inconsistent; and the principal investigator of the grant project didn’t ensure that employees paid from federal grant money were working on a project, the report found.
The UA has made efforts to reclaim unrecovered amounts from the ex-employee by filing an Arizona Department of Revenue lien on the person's state tax refund, among other steps.
The university also conducted a review of all the college’s employees during the months of April and May 2025 and determined that no other former employees were paid past their resignation dates.
Finding #2: Overstated revenue percentage
UA Global Campus, the university’s online university, miscalculated its 90/10 revenue percentage for fiscal year 2025. A federal law primarily for for-profit institutions says they need to accrue at least 10% of revenue from non-federal sources, while 90% can come from federal student aid such as Pell Grants or Stafford loans. The miscalculation was by 0.13% or $257,801.
Public universities, including the UA, Arizona State University and Northern Arizona University, receive a combination of state and federal funding and tuition to operate on.
UAGC’s overstatement of its 90/10 revenue percentage was reported in the university’s initial financial statement disclosure, and occurred because the global campus lacked written policies for its revenue calculation review. However, as of September 2025, UAGC was reclassified as a public institution under the UA and hence won’t be required to adhere to the 90/10 revenue process.
The audit report’s recommendations for UAGC’s finance division included developing and using written policies to review and test the accuracy of its calculation processes.
Finding #3: Control over IT, data
UA’s and UAGC’s control procedures weren’t “sufficiently developed, documented, and implemented to respond to risks associated with its information technology (IT) systems and data,” said the audit report. The procedures didn’t “help prevent or detect unauthorized or inappropriate access to its IT systems and data,” and this could lead to “the loss of confidentiality or integrity of systems and data,” it said.
Arnold and his administrators wrote in response that the UA has been improving its enforcement process for employees who don’t complete their IT security training since early 2025. Individuals who don’t do so will have their access to most university systems removed until their training is complete.
“Additionally, the university will make the necessary policy adjustments and improvements to our authentication procedures and processes so that logical access to our systems is restricted," the UA officials said.
Finding #4: Miscellaneous expenses
UA spent $8,295 on entertainment, food and beverages and other costs through purchasing cards without complying with its policies of documenting the public purpose behind each purchase and their benefit to the university, the audit found.
The purchases included 40 tickets to an NBA basketball game, a laptop computer and Bluetooth equipment for a UA professor, a retirement party for a UA employee, 20 Target gift cards given to middle school students during a College of Public Health event, and five custom-made footballs for the Honorary Football Captain Program.
Arnold and administrators said the UA revised and published a new policy on purchasing card violations in January 2026, which improves compliance requirements and includes potential suspension for unresolved compliance issues.
The University of Arizona
