Skip Repetitive Navigation Links
California State Auditor Logo COMMITMENT • INTEGRITY • LEADERSHIP

Clery Act Requirements and Crime Reporting
Compliance Continues to Challenge California’s Colleges and Universities

Report Number: 2017-032

Use the links below to skip to the section you wish to view:




Audit Results

Four Institutions Did Not Accurately Report Their Crime Statistics

None of the four institutions we visited that reported criminal offenses—Azusa, Bakersfield, Humboldt State, and San José State—fully complied with the requirements of the Clery Act and federal regulations. All four institutions reported statistics that were inaccurate to varying degrees, and all but Azusa failed to report certain crimes. Table 1 shows the Clery Act crimes that these four institutions reported for 2016, the latest year included in their 2017 annual security reports.7 To determine whether they reported Clery Act crimes accurately, we tested the information on 15 to 30 of the Clery Act crimes that each institution reported for 2016.8 To determine whether the institutions failed to include Clery Act crimes in their annual security reports, we reviewed 30 additional crimes that occurred at each institution.

Table 1
Four Institutions’ Enrollment and Their Reported Clery Act Crime Statistics for 2016
Institution
Azusa Bakersfield Humboldt State  San José State 
Enrollment 10,020 22,466 8,503 32,154
Clery Act Criminal Offenses
Aggravated assault 1 2 12
Arson 2 1 5
Burglary 48 13 2 32
Motor vehicle theft 10 18 28
Murder and nonnegligent manslaughter
Manslaughter by negligence
Robbery 1 9
Rape* 3 1 6 6
Fondling* 2 1 22
Incest*
Statutory rape* 2
Subtotals 64 35 12 116
Clery Act VAWA Offenses
Domestic violence 1 3 15
Dating violence 1 2 1 10
Stalking 6 3 1 8
Subtotals 8 8 2 33
Clery Act Hate Crimes
Hate crimes 2 2 4
Clery Act Arrests
Drug abuse arrests 7 159
Liquor law arrests 63
Weapons law arrests 1 6 22
Subtotals 7 1 6 244
Clery Act Disciplinary Actions
Drug abuse disciplinary actions† 28 174… 44
Liquor law disciplinary actions 122 2 100 229
Weapons law disciplinary actions 10 9
Subtotals 160 2 283 273
Clery Act Unfounded Crimes
Unfounded crimes 2 1 2
Totals 241 49 307 670

Sources: The 2016 crime statistics each institution reported in its 2017 annual security report and the Community Colleges Chancellor’s Office’s fall 2016 student count, the CSU’s fall 2016 enrollment, and Azusa’s October 2016 enrollment.

Note: The crime statistics shown do not reflect any adjustments for the errors we found in our testing of 2016 crime statistics.

* Institutions are required to disclose statistics on four types of sex offenses in their annual security reports: rape, fondling, incest, and statutory rape. Before July 2015, institutions reported these four sex offenses under two categories: forcible and nonforcible sex offenses.

Institutions must report statistics for violations of drug laws that result in students being referred for disciplinary action. For example, if a student is found with an illegal drug substance on campus and is referred for discipline instead of being arrested, the institution would include this as a drug abuse disciplinary action.

Our review found that the four institutions reported a significant number of inaccurate crime statistics. As Table 2 shows, we found a total of 42 reporting errors, including 11 Clery Act crimes that the institutions did not report (underreporting), 25 crimes that they incorrectly reported as Clery Act crimes (overreporting), and six crimes that they categorized incorrectly (misreporting). When institutions inaccurately report crime statistics, interested parties—such as current and prospective employees and students—may draw incorrect conclusions about safety on campus.

As Table 2 shows, Bakersfield, Humboldt State, and San José State did not report all of the crimes the Clery Act requires. For example, Humboldt State did not report when a suspect intentionally committed arson, San José State did not report when an individual was in possession of a stolen vehicle, and Bakersfield failed to report a robbery. The institutions acknowledged their errors in underreporting these specific incidents. For instance, Bakersfield’s Clery Act coordinator informed us that he did not report the robbery because he forgot to request statistics from Bakersfield’s local law enforcement agency. According to the Clery Act coordinator, Bakersfield does not have an established procedure or written agreement with the local law enforcement agency to collect statistics. He acknowledged that a detailed memorandum of understanding (MOU) with the local law enforcement agency would help clarify responsibilities between the two entities, and he also created a calendar notification as a reminder to request the necessary information in future years.

Table 2
Errors in the Clery Act Crime Statistics Four Institutions Reported for 2016
Institution
Azusa Bakersfield  Humboldt State  San José State  Total
Total Clery Act crimes reported for 2016 241 49 307 670 1,267
Total number of crimes we tested* 60 47 45 60 212
Total reporting errors we identified 7 14 7 14 42
Underreporting: Clery Act crimes not included in annual security report 11
Clery Act crime was not reported 3 2 4 9
Criminal act was not included in all of the required crime categories 1 1 2
Overreporting: Crimes erroneously reported as Clery Act crimes 25
Criminal act was not a Clery Act crime 2 8 3 3 16
Crime did not occur in a Clery Act location† 5 1 1 2 9
Misreporting: Clery Act crimes reported incorrectly 6
Crime reported as the wrong type of Clery Act crime 3 3
Location reported as the wrong type of Clery Act location† 1 2 3

Source: California State Auditor’s analysis of the Clery Act crime statistics the four institutions reported for 2016.

* To determine whether the institutions reported Clery Act crimes accurately, we tested the information on 15 to 30 of the Clery Act crimes each institution reported for 2016. To determine whether the institutions failed to report crimes that they should have reported, we reviewed 30 additional crimes at each institution.

The Clery Act requires institutions to disclose where Clery Act crimes occurred using four location categories: on‑campus, on‑campus student housing facilities, on public property within or immediately adjacent to the campus, and in or on noncampus buildings or property that the institution owns or controls.

Crime Categories for Reporting Clery Act Crime Statistics

  1. Criminal offenses are incidents of murder, manslaughter, rape, fondling, incest, statutory rape, robbery, aggravated assault, burglary, motor vehicle theft, and arson.
  2. Hate crimes are any Clery Act criminal offenses or any incidents of larceny‑theft; simple assault; intimidation; or destruction, damage, or vandalism of property that are motivated by bias.
  3. VAWA offenses are incidents of domestic violence, dating violence, and stalking.
  4. Arrests and referrals for disciplinary action are violations that involve drugs, liquor, and weapons laws.

Source: OPE handbook, 2016 edition.

Moreover, Bakersfield and Humboldt State each underreported one crime that they should have included in multiple Clery Act crime categories. According to the OPE handbook, institutions should count crimes more than once under certain circumstances to help to fully inform stakeholders of all types of criminal activity affecting safety. As the text box shows, Clery Act crimes fall within four categories of offenses: criminal offenses, hate crimes, VAWA offenses, and arrests and referrals for disciplinary action. When a crime can be included in more than one of these categories, the OPE handbook directs institutions to count them in each applicable category. For example, Bakersfield accurately reported as a criminal offense a rape committed by a victim’s former boyfriend; however, it failed to also report the incident as a VAWA offense. According to Bakersfield’s Clery Act coordinator, he did not understand that he was required to count criminal and VAWA offenses separately. Similarly, although Humboldt State accurately reported a robbery involving an imitation assault rifle—which is illegal on university grounds—as an on‑campus weapons arrest, it did not also report the incident as a robbery. Humboldt State’s Clery Act coordinator acknowledged her oversight in omitting this statistic. By not reporting crimes accurately within all of the appropriate Clery Act categories, the institutions understated the types of crimes that occurred on their campuses.

In addition, as Table 2 shows, some of the errors we noted involved overreporting crimes. For example, Humboldt State erroneously reported a petty theft as an unfounded crime, which the OPE handbook defines as a crime that was false or baseless. According to the OPE handbook, an institution should only report an unfounded crime when it meets all of the following conditions: the crime was reportable under the Clery Act, it occurred in a Clery Act location, it was thoroughly investigated by sworn or commissioned law enforcement personnel, and the investigation found the report of the crime to be false or baseless. Because petty theft does not meet the definition of a Clery Act‑reportable crime, Humboldt State should not have reported this incident, which the Clery Act coordinator at Humboldt State subsequently acknowledged as an oversight.

Additionally, all four institutions overreported crimes by reporting crimes that did not occur within Clery Act locations, which we define in the Introduction. For example, Azusa should not have reported five crimes that occurred during a conference held at another private institution. According to the OPE handbook, institutions should only include crimes in their noncampus statistics when the institutions own or control the locations where the crimes reportedly occurred. Because Azusa did not lease or own the location of the conference, it should not have reported these crimes. Azusa’s Clery Act coordinator explained that he believed Azusa had rented or controlled the location of the conference. However, that was not the case, and the private institution that owned the location demonstrated to us that it included these crimes in its own crime statistics.

Finally, Table 2 shows that Bakersfield and San José State misreported some crimes by inaccurately reporting the locations where they occurred or by reporting them in the incorrect Clery Act crime categories. For example, because a crime occurred in a campus parking area that San José State owns, the institution should have reported the crime as occurring in an on‑campus location; however, it misreported that the crime occurred on public property. Although San José State’s Clery Act coordinator acknowledged our interpretation of the reporting requirement, he explained that a U.S. DOE analyst informed him that San José State should report all crimes that occur in its parking structures as occurring on public property. However, the OPE handbook directs institutions to report crimes as occurring in on‑campus Clery Act locations if they occur in locations the institutions own and control that are reasonably adjacent to their main campuses.

Although the four institutions informed us that they take steps to review the accuracy of their crime statistics and to adhere to Clery Act guidance, the fact that they all had errors in their reporting of crimes suggests the need for them to improve their processes. For example, the Clery Act coordinator at Humboldt State explained that she reads every crime report that the university police department creates, determines if the incidents are Clery Act crimes, records the case numbers of the Clery Act crimes in a monthly generated list, then totals the Clery Act crime statistics at the end of the year. However, Humboldt State—like San José State and Bakersfield—still failed to report a number of crimes. In contrast to the other institutions, Azusa did not underreport any Clery Act crimes, likely as a result of its thorough review process, although it did overreport some crimes as previously noted. Specifically, when Azusa creates its crime reports, it attaches a cover page to each that identifies whether the crime is reportable under the Clery Act and, if it is, describes the type of crime and why it is reportable. Subsequently, three different security personnel review the cover page, with the lieutenant who is responsible for the institution’s Clery Act reporting conducting the final review. The lieutenant records in a tracking spreadsheet the crimes that are reportable under the Clery Act and uses it to generate Azusa’s annual security report. We identified Azusa’s process as a best practice to help ensure institutions do not underreport their Clery Act crimes.

Institutions could increase their compliance with the Clery Act by establishing and following written procedures to ensure that they thoroughly review the accuracy of the crime statistics they include in their annual security reports. The four institutions informed us that they perform some review of their crime statistics; however, at the time of our audit, only one—Azusa—had written procedures that described in detail its review process. After we notified the other institutions of this shortcoming, they stated they would develop written procedures and explained some actions they had already taken or planned to take to improve the accuracy of their Clery Act reporting. San José State’s Clery Act coordinator informed us that he now reviews crime reports after their creation to identify whether the crimes are reportable under the Clery Act; he also meets monthly with certain campus personnel to verify he is not missing any Clery Act crimes. He stated that in previous years, he had reviewed all of the crime reports at one time to determine whether the crimes were reportable, which was overwhelming given his full‑time duties as a captain on the university’s police force. Further, San José State’s vice president of finance and administrative services explained that the institution intends to hire a full‑time Clery Act director as soon as possible. Similarly, Humboldt State officials informed us that the institution had appointed a Clery Act director and created a Clery Act compliance team that now meets on a monthly basis to review Clery Act crime statistics for accuracy. Finally, the director of Bakersfield’s department of public safety informed us that the institution plans to notify its community of the reporting errors we identified in its crime statistics. Additionally, the fact that Azusa overreported some crimes leads us to conclude that its procedures for categorizing crimes could be stronger. Without written procedures that clearly describe their review processes, institutions are less likely to review their crime statistics adequately and consistently each year.

Of the Two Institutions That Reported No Criminal Offenses, One Failed to Report All Clery Act Crimes

Although two of the institutions we reviewed reported that no criminal offenses occurred in 2015 on their campuses, we determined that one of these institutions did so incorrectly. In our 2012 audit report and 2015 audit report regarding institutions’ compliance with the Clery Act, we surveyed a selection of institutions that had participated in certain federal financial aid programs and had reported no criminal offenses. The 2015 survey asked whether the institutions adhered to various Clery Act requirements, such as requesting information about crimes from off‑campus entities and making their students and employees aware of their security policies and annual crime statistics. For our current audit, we identified 250 institutions in California that reported no 2015 criminal offenses, and we performed an in‑depth analysis of two of these institutions to determine whether they had met Clery Act requirements. We selected Berkeley City College and West LA, in part because both institutions have enrollments of more than 5,000 students and are located in cities with significant numbers of reported crimes. Consequently, we expected that these institutions would have experienced some amount of criminal activity that would be reportable under the Clery Act. Although West LA accurately reported no criminal offenses, we found that Berkeley City College failed to report two Clery Act crimes: an incident of rape and an incident of stalking, both of which occurred on or around the Berkeley City College campus.

Berkeley City College’s 2017 annual security report did not include the two crimes because Peralta Community College District (Peralta), of which Berkeley City College is a member, did not adequately obtain Clery Act crime statistics from the Berkeley Police Department (Berkeley Police). According to Peralta’s vice chancellor of general services, Peralta is responsible for creating a consolidated annual security report for the district, which includes collecting crime statistics from local law enforcement agencies for its colleges. Because Berkeley City College operates under a contract that Peralta has with a private security company that is not a law enforcement agency, the Berkeley Police responds to crimes on its campus. Although the Berkeley Police responded to the two incidents in question and processed the crime reports, Peralta did not include these crimes in Berkeley City College’s statistics. According to the Berkeley Police crime analyst responsible for compiling Clery Act crimes, the last time she received a request pertaining to Berkeley City College for Clery Act‑related crime statistics was in 2013. We determined that Peralta requested the crime statistics from the wrong operational area of the Berkeley Police, faxing its request to the department’s records division rather than to the crime analyst. As a result, Peralta did not include the two crimes in Berkeley City College’s annual security report.

Additionally, the Clery Act requires that all applicable institutions issue timely warnings for certain Clery Act crimes that they consider to represent serious or continuous threats to students and employees, an example of which could be a rape on or near the institution’s property. However, because it was not aware of the rape incident that it did not report, Berkeley City College was not able to issue a timely warning to its students and employees. If Peralta had requested the Clery Act crimes from the crime analyst, it would not have underreported the rape and stalking incidents for 2015, and it could have ensured students and employees received timely alerts of these crimes.

Peralta did not have a clear understanding of where to direct its request for crime statistics because its MOU with the Berkeley Police is significantly out of date and lacks specific procedures for sharing crime statistics. The Education Code requires each community college governing board to adopt rules requiring its respective institutions to create and make available to the public written agreements with local law enforcement agencies regarding operational responsibilities. Although Peralta entered into the written agreement on behalf of Berkeley City College, its most recent MOU with the Berkeley Police became effective in July 1999—nearly 20 years ago. The MOU contains outdated points of contact and addresses, and it outlines the process for requesting crime statistics at a very high level only. According to Berkeley City College’s director of business and administrative services, the institution did not update the MOU because it did not identify a need to do so. However, an updated MOU between Peralta and the Berkeley Police would clarify and detail the process for requesting Clery Act crime statistics from the Berkeley Police, thereby enabling the district to avoid underreporting errors in the future. Peralta’s vice chancellor of general services informed us that he would ideally like to update the MOU annually, or at least every three years.

In contrast, we found that West LA accurately reported no criminal offenses for 2015. Unlike Berkeley City College’s use of a private security company, West LA has a Los Angeles County Sheriff’s Department (LA Sheriff’s Department) substation on its campus that is responsible for the campus’s general law enforcement and security services. The LA Sheriff’s Department is also responsible for compiling and reporting West LA’s Clery Act crime statistics, a task that one of its crime analysts performs. We examined West LA’s crime reports and its communications with the nearby Culver City Police Department—the only local law enforcement agency that is close to West LA’s campus—and did not identify any errors in its 2015 statistics. The accuracy of this information may be due to the experience of the deputy sheriffs on campus, who have received Clery Act training that the private security guards at Berkeley City College do not receive. The involvement of the LA Sheriff’s Department in responding to potential crimes and in compiling and reporting crime statistics has likely minimized the probability of errors, thus allowing current and prospective students and employees an accurate understanding of campus safety.

Five of the Six Institutions We Reviewed Failed to Develop or Disclose All Required Policies

When we reviewed the 2017 annual security reports for the six institutions we visited, we found that only Azusa had fully disclosed all of the information that the Clery Act and federal regulations require. We identified 58 policies that federal law and regulations require institutions to have in place and, in most instances, disclose in their annual security reports. For example, institutions are required to develop and include statements of policy in their annual security reports addressing their procedures for disciplinary action in cases of alleged domestic violence, dating violence, sexual assault, or stalking. As Table 3 shows, Azusa was not missing any disclosures and did not have any incomplete disclosures, whereas Berkeley City College had 13 disclosures that were missing or incomplete. Appendix C lists all of the disclosure requirements and identifies whether the institutions we visited fulfilled them.

Table 3
Missing or Incomplete Clery Act Disclosures by Institution
Institution Quantity Percentage*
Azusa  0%
Bakersfield  6 10
Berkeley City College 13 22
Humboldt State  5 9
San José State  7 12
West LA 3 5

Sources: California State Auditor’s analysis of the institutions’ policies and 2017 annual security reports.

* We identified 58 policies that federal laws and regulations require institutions to have in place and, in most instances, disclose in their annual security reports.

A number of the institutions’ missing disclosures related to VAWA policies.Specifically, we identified that VAWA added 12 policy statements, effective March 2014, that institutions must include in their annual security reports. These policies fall into three areas: campus law enforcement and crime prevention, campus sex offense programs and procedures, and processes used in cases involving alleged sex offenses. In our 2015 report, we found that five of the six institutions we reviewed failed to disclose fully at least one of these 12 VAWA policies. We concluded that these omissions might have occurred in part because VAWA had only recently required institutions to disclose these policies and institutions might not yet understand fully the disclosure requirements. However, our current review of six different institutions also found that most failed to disclose fully the required VAWA policies. As Table 4 shows, only Azusa included all the required VAWA policy statements in its annual security report, while the other five institutions each failed to disclose fully two or more of the 12 VAWA policies. Representatives from the five institutions shared that they did not intentionally omit these VAWA‑specific disclosures in their annual security reports. However, given that the institutions created these 2017 annual security reports three years after VAWA’s enactment, we believe that they had adequate advance notice to ensure they included all necessary VAWA disclosures.

Table 4
Compliance With VAWA Policy Disclosure Requirements by Institution
Institutions and Number of Required Policies They Included in Their 2017 Annual Security Reports
Type of Required VAWA Policies Total Required Policies Azusa Bakersfield Berkeley City College Humboldt State San José State West LA
Policies concerning campus law enforcement and crime prevention 1 1 1 1 1 1 1
Policies regarding campus sex offense programs and procedures 6 6 5 5 4 3 4
Policies regarding processes for cases of alleged sex offenses 5 5 3 2 4 5 5
Total fully disclosed   12 9 8 9 9 10
Total not fully disclosed   3 4 3 3 2

Sources: California State Auditor’s analysis of the six institutions’ 2017 annual security reports and revisions to United States Code, Title 20, Section 1092(f) as a result of VAWA (Public Law 113‑4).

Note: We identified that VAWA added 12 policy statements, effective March 2014, that institutions must include in their annual security reports.

Categories of Policies and Processes Institutions Must Develop and Disclose

Source: California State Auditor’s analysis of the Code of Federal Regulations, Title 34, Section 668.46, and United States Code, Title 20, Section 1092(f).

Further, none of the institutions—with the exception of Azusa—fully provided descriptions of a number of other security policies and processes that the Clery Act and federal regulations require. These policies and processes fall into nine categories, as the text box shows. None of the five institutions fully disclosed all policies regarding campus sex offense programs and procedures. For example, Berkeley City College, San José State, and West LA failed to fully disclose descriptions of educational programs that promote awareness of rape, acquaintance rape, domestic violence, dating violence, sexual assault, and stalking. Further, Bakersfield, Berkeley City College, and San José State did not disclose certain policies regarding campus emergency response and evacuation procedures: each omitted a statement about documenting emergency tests, such as campus evacuations, by including descriptions of the exercises, their dates and times, and whether they were announced.

Two of the institutions that did not have or publish certain Clery Act policies—Humboldt State and San José State—are universities in the CSU system and use an annual security report template that the CSU’s Chancellor’s Office developed; however, we found this template to be incomplete. For instance, the template does not include information on avoiding potential attacks and recognizing warning signs of abusive behavior. Consequently, when providing descriptions of its programs in its 2017 annual security report, San José State failed to disclose information on risk reduction and on safe and positive options for bystander intervention. In addition, the template does not include a policy statement on processes to test the institutions’ emergency and evacuation procedures. That policy statement must disclose that tests may be announced or unannounced and that the institution will publicize its emergency response and evacuation procedures at least once per calendar year. The CSU’s assistant vice chancellor of strategic initiatives and support services stated that the CSU Chancellor’s Office is revising its template to ensure it is current by working with its legal department, an internal Clery Act expert, and the Clery Center—a national nonprofit organization that is dedicated to helping institutions meet the standards of the Clery Act. The CSU Chancellor’s Office expects to complete the template revisions after its review in consultation with its legal counsel. Regardless of the completeness of the template, institutions in the CSU system are responsible for disclosing the required policy statements in their annual security reports.

Similarly, three of the institutions that did not provide all required policy disclosures are community colleges that rely on their districts’ assistance in creating their annual security reports. Although the Clery Act requires institutions to have these policies in place, California’s community college districts are overseen by boards of trustees, which establish policies for all of the institutions in their districts. Two of the districts for the institutions we reviewed have created their own templates for the annual security reports and provided them to their institutions for development of their annual security reports. For example, West LA uses a template that the Los Angeles Community College District developed. West LA’s vice president of administrative services told us that the district’s template is a useful resource even though it is not comprehensive. She noted that West LA, along with other campuses in the district, has advocated for additional resources from the district for Clery Act compliance because the institution does not have a designated Clery Act coordinator, and she explained that the district is currently working on providing additional resources to its campuses, including West LA. Similarly, Bakersfield also uses a template that its district, Kern Community College District, created in 2015. Kern Community College District’s risk manager explained that the template has been a productive use of district and campus resources, given the limited resources at the campuses to create their own reports. Nevertheless, these templates did not prevent the institutions from omitting policies required by the Clery Act from their annual security reports.

In contrast, Berkeley City College does not produce its annual security report; rather, as we describe previously, Peralta creates an annual security report that includes Berkeley City College along with the district’s other three institutions. When we informed Peralta’s vice chancellor of general services that the district did not include all of the policies required in its 2017 annual security report, he explained that there is a lack of sufficient training to ensure district staff have a comprehensive understanding of the requirements for the reports. He also noted that in 2012 Peralta replaced its former general counsel, who was responsible for ensuring that all policies were included in the reports, with contracted counsel who does not perform this service. The vice chancellor of general services stated that he is planning to have staff at Berkeley City College and Peralta’s other institutions attend Clery Act training in 2018. To ensure similar omissions do not occur in the future, Berkeley City College should review the policies pertaining to it that are contained in the annual security reports that Peralta prepares.

The five institutions informed us that they would address the missing and incomplete policy disclosures in future annual security reports and implement those policies not currently in place. For example, Berkeley City College’s president plans to collaborate with Peralta’s vice chancellor of general services to address the missing policies. Further, Humboldt State’s chief of police expressed that Humboldt State is dedicated to ensuring full compliance with Clery Act requirements and that it will update its current annual security report to address the issues we identified. The missing and incomplete policy disclosures among the five institutions’ annual security reports impede students and other stakeholders from being able to compare campus safety at different institutions. For example, VAWA policies help ensure that victims of sexual violence have access to adequate treatment and information regarding support services, but institutions’ failure to disclose VAWA policies may result in victims being unaware that the services are available. Moreover, institutions that fail to make these disclosures risk incurring federal financial penalties, as we describe in the Introduction.

Of the six institutions, only Azusa fully complied with the Clery Act in 2017 by ensuring that it included all of its policies and procedures in its annual security report, fully disclosed all VAWA policies in its report, and had in place the needed policy disclosures outside of the annual security report. Azusa’s compliance likely can be attributed to the fact that it has taken ownership for creating its own annual security report, which includes fully understanding the Clery Act’s requirements, rather than relying on another entity to prepare the report or provide it with a template to use for preparing the report. Further, Azusa’s Clery Act coordinator informed us that as part of his annual preparation of the report, he follows guidance from the OPE handbook to ensure that the university is aware of all applicable Clery Act policies, procedures, and disclosures. The OPE handbook provides a comprehensive checklist of the policies that institutions must include in their annual security reports.

Five of the Six Institutions We Reviewed Did Not Have Complete or Updated Daily Crime Logs

The Clery Act requires institutions with campus police or campus security departments to maintain written daily crime logs of all crimes reported to them, including both Clery Act crimes and crimes that are not reportable under the Clery Act, such as petty theft. The institutions must enter all crimes in the logs within two business days of the reports being made to the campus police or security departments, unless disclosure of such information is prohibited by law or would jeopardize the confidentiality of the victims. According to the OPE handbook, the institutions must make these daily crime logs available on campus for public inspection in either hard‑copy or electronic format for the most recent 60‑day period. However, we found problems with the daily crime logs of five of the six institutions we reviewed.

Berkeley City College did not maintain a crime log until June 2017 because it did not have a policy for doing so. Its director of business and administrative services could not explain the absence of the crime log and indicated that in the past, the institution collected incident reports in a binder. Berkeley City College does not use a records management system, and it does not have a policy related to the required daily crime log. The institution’s agreement with its security company does not make any references to a crime log or an obligation of the security company to maintain one. According to the institution’s current security supervisor, who began working at the campus in June 2017, he took the initiative to create the daily crime log based on his previous experience in law enforcement and his familiarity with the Clery Act’s requirements. However, the campus community at Berkeley City College did not have access to a daily crime log until that time. When institutions do not maintain daily crime logs, members of their communities cannot obtain up‑to‑date information about crimes that could affect them unless the institution distributes a notification.

Although Azusa, San José State, and West LA maintained crime logs, each of their logs was missing at least one crime. As part of our review of a selection of the crimes that each institution included in its annual security report, we determined whether the institution had recorded those crimes in its daily crime log. The daily crime logs at Bakersfield and Humboldt State included all of the incidents we reviewed. In contrast, West LA erroneously excluded one of the 15 crimes we reviewed—a reported domestic violence case from January 2016—from its log. An LA Sheriff’s Department sergeant could not explain why the log did not include that case. Similarly, Azusa’s daily crime log did not include two of the 30 crimes we reviewed.9 Azusa’s communications supervisor for the department of campus safety stated that an issue with an old record‑keeping program caused the omission of one incident, which involved stalking. Azusa’s Clery Act coordinator noted that he did not consider the second incident, which involved trespassing, to be a crime; in other words, he did not believe that there was enough evidence to support the inclusion of this incident in the daily crime log. However, given that the crime report states that Azusa discovered clothing and cannabis residue at the scene of the reported crime, we believe sufficient evidence exists that someone entered and occupied the building in question without the consent of the institution. San José State also inadvertently failed to include one of the 30 crimes we reviewed—a reported battery case from November 2016—due to human error.

Azusa, San José State, and West LA do not use their automated record‑keeping systems to maintain their crime logs, which may have contributed to each missing at least one entry from its log. At Bakersfield and Humboldt State, the institutions’ law enforcement or public safety departments use records management systems to track all crime reports, and these systems automatically populate their crime logs. In contrast, Azusa, San José State, and West LA use manual processes. Further, although Azusa and West LA have procedures for updating their daily crime logs, these procedures do not require secondary reviews to ensure that staff have appropriately updated the logs. San José State has procedures that require a secondary review; however, according to the Clery Act coordinator, it experienced a human error during a manual update of the log. Until these institutions either implement automated connections between their records management systems and crime logs or require secondary reviews of crime log entries, they risk not complying with the Clery Act.

Finally, three institutions—Bakersfield, Berkeley City College, and San José State—did not update their crime logs to include crime reports from their local police departments as the Clery Act requires. The Clery Act requires that institutions log reported crimes regardless of how much time has passed since the crimes occurred, and it also requires institutions to make a reasonable, good‑faith effort to obtain crime statistics from local police departments at least once a year, when compiling their crime statistics. Therefore, institutions must update their crime logs with crimes they learn about from local police departments. Azusa, Humboldt State, and West LA included in their crime logs crimes reported by their local law enforcement agencies, or the agencies did not report any additional crimes. However, Bakersfield, Berkeley City College, and San José State lacked procedures directing their staff to include such crimes in their daily crime logs. As a result, although San José State and Peralta—on behalf of Berkeley City College—requested crime reports from local law enforcement agencies to include in their Clery Act crime statistics, neither institution entered those crimes in their crime logs. Specifically, for the most recent year we reviewed, Berkeley City College did not include two crimes in its crime log, and San José State did not include 332 crimes in its crime log. Further, although Bakersfield’s Clery Act coordinator indicated that he had updated the institution’s crime log with information from the local law enforcement agency in the past, he forgot to do so in 2016 and missed one crime. The incomplete crime logs for Bakersfield, Berkeley City College, and San José State raise concerns about the thoroughness of information that these institutions provide when students and employees request information on reported crimes.

To Fully Implement Our 2015 Recommendations, Two Systemwide Offices Need to Improve Certain Aspects of Their Guidance

In our July 2015 report, we concluded that without additional guidance at the systemwide level, institutions might continue to report inaccurate crime statistics or fail to adequately disclose security policies in their annual security reports. We explained that because of the similarities in the issues we identified in our 2015 report and in our four previous reports, we believed that California institutions’ compliance with the Clery Act could improve with additional guidance from their systemwide offices. As a result, we recommended that each systemwide office for the State’s public institutions develop and issue written policies and procedures to provide additional guidance and oversight to its institutions on how to comply with the Clery Act. During our current audit, we found that although the systemwide offices have undertaken efforts to increase institutions’ compliance with the Clery Act, the CSU Chancellor’s Office and UCOP need to take additional steps to fully implement the recommendations from our previous report.

The CSU Chancellor’s Office recently developed and implemented written policies and procedures directing institutions to undertake specific activities to help ensure their compliance with the Clery Act. Specifically, in March 2017, the CSU Chancellor’s Office issued an executive order that provides direction to the campuses on how to implement the Clery Act and specifies certain activities they are required to undertake to comply with the Clery Act. For example, the order required each campus president to designate a Clery director who is responsible for directing, collaborating, and coordinating Clery Act reporting and compliance for the campus. Further, each campus must form a cross‑departmental, Clery Act‑compliance team that is led by the Clery director or designee and includes the police chief, athletic director, housing director, and other specific individuals. This team will assist the Clery director in collecting information and required crime statistics, as well as in developing, writing, reviewing, and ensuring the accuracy of the annual security report and including all of the required campus policies. In addition, the CSU Chancellor’s Office has contracted with the Clery Center—a national nonprofit organization that is dedicated to helping institutions meet the standards of the Clery Act—as a resource for its institutions.

Although the 2017 executive order includes robust guidance in most areas, the CSU Chancellor’s Office needs to improve the direction it provides to institutions regarding their daily crime logs. In particular, although the executive order directs institutions to maintain daily crime logs, it does not specify that the crime logs must contain all reported crimes within the institutions’ jurisdictions regardless of whether they are reportable under the Clery Act, including those crimes obtained from local law enforcement agencies. This direction is important because—as we discuss previously—San José State did not include in its crime log those crimes that the local law enforcement agency reported to it that occurred within its jurisdiction. According to the assistant vice chancellor of strategic initiatives and support services, the CSU Chancellor’s Office will provide and update procedural guidance regarding institutions’ maintenance of daily crime logs.

Like the CSU Chancellor’s Office, UCOP implemented a systemwide Clery Act policy to address campus safety and security reporting; however, it delayed its implementation of that policy until recently. In our 2015 report, we found that UCOP provided assistance and training to its campuses regarding the Clery Act and that it was in the process of developing a systemwide policy that would specifically address Clery Act requirements and reporting. At that time, UCOP told us that it expected to finalize the policy in early 2016. However, it subsequently reported that it planned to finalize the policy by January 2017, and it did not actually implement the policy until December 2017—more than two years after we recommended that it finalize and implement it. According to UCOP’s systemwide deputy audit officer (deputy audit officer), UCOP delayed implementation because of changes to the Clery Act, miscommunications during the vetting process, and the need for additional time for certain stakeholders to review the policy before recommending it for approval.

In addition, although the policy requires periodic reviews to ensure the campuses’ compliance, it includes only limited direction to help UC campuses avoid the types of errors we identified in our previous reports. The UCOP policy specifies that the systemwide office and campus auditors will conduct periodic audits to confirm compliance with the new policy and any related local procedures, and the deputy audit officer explained that UC will perform these audits based on an annual risk assessment. However, unlike the guidance developed by the other systemwide offices, the UCOP policy does not contain specific references to laws and regulations detailing required disclosures under the Clery Act. Instead, the UCOP policy simply states that each campus’s Clery Act coordinator is responsible for gathering all data and policies necessary for the campus’s annual security report. This lack of specific guidance is problematic because in our previous reports, we found that not all UC campuses we reviewed had fully disclosed the required security policies and statements in their annual security reports. When we spoke with the deputy audit officer about the lack of specificity in UCOP’s policy, he noted that it would be reasonable for UCOP to update its policy to include more specific direction on how campuses should comply with the Clery Act.

Similar to UCOP, the Community Colleges Chancellor’s Office only recently implemented guidance regarding Clery Act compliance and reporting. Its delay is particularly concerning given that there are 119 community colleges and that in our 2015 report we concluded that the Community Colleges Chancellor’s Office did not provide its institutions with formalized policies, procedures, or recommended internal controls to increase their compliance. The Community Colleges Chancellor’s Office acknowledged at that time that it could have done more to provide guidance but stated that it did not have the resources to give the requirements of the Clery Act the attention they deserved. The Community Colleges Chancellor’s Office took over 2.5 years to implement its policy, which it published in February 2018, after we began inquiring about the status of the policy as part of our current audit work. Because federal regulations require institutions to distribute their annual security reports to all enrolled students and current employees by October 1 of each year, these 119 institutions lacked access to guidance for the annual security reports they published in 2015, 2016, and 2017, despite our July 2015 recommendation. The Community Colleges Chancellor’s Office general counsel informed us that the individual previously assigned to finalize the policy was not able to complete the task for unknown reasons.

Unlike UCOP’s policy, the Community Colleges Chancellor’s Office’s policy contains sufficient guidance. Specifically, it includes some helpful references to relevant laws, regulations, and the OPE handbook to assist its institutions in seeking additional information regarding the Clery Act’s requirements. Without this specific guidance, the community colleges were at a greater risk of reporting inaccurate crime statistics and providing incomplete information to current and prospective students and employees regarding safety on campus.

Recommendations

Institutions

To ensure that they do not underreport crime statistics in their annual security reports, Bakersfield, Humboldt State, and San José State should create and begin following written procedures by August 2018 that clearly describe the Clery Act crime identification processes they will follow. These processes should include maintaining contemporaneous lists of Clery Act crimes that occur.

To ensure that they do not overreport or misreport their crime statistics, Bakersfield, Humboldt State, and San José State should develop and begin following procedures by August 2018 to review and adhere to applicable guidance related to the Clery Act, including the OPE handbook, when categorizing the Clery Act crimes they report.

To ensure that it does not overreport its crime statistics, Azusa should strengthen its procedures by August 2018 to review and adhere to applicable guidance related to the Clery Act, including the OPE handbook, when categorizing the Clery Act crimes it reports.

To ensure Bakersfield requests and reports Clery Act crimes from local law enforcement, the institution should by August 2018 create and begin following a procedure, in conjunction with a written agreement with local law enforcement, to obtain crime statistics for the annual security report.

To ensure that it accurately reports Clery Act crime statistics, Berkeley City College, by working with its district, should by August 2018 enter into an updated MOU with the Berkeley Police that outlines the process for compiling crime statistics and defines the responsibilities of both parties.

To ensure that their respective districts provide them with policies and processes that the Clery Act and federal regulations require, Bakersfield, Berkeley City College, and West LA should each develop and begin following a policy by August 2018 requiring that they periodically review their districts’ annual security reports or templates, as well as district policies. To the extent that they identify any inaccurate information or missing policies, these institutions should work with their districts to make updates as necessary.

Bakersfield, Berkeley City College, Humboldt State, San José State, and West LA should develop and implement procedures by August 2018 that they will regularly review and adhere to applicable guidance related to the Clery Act to ensure that they develop or disclose all required policies.

To ensure the completeness of its daily crime log, Berkeley City College should develop and implement a policy by August 2018 that describes its process for maintaining the log and ensuring that it is adequately maintained by its security guards.

To ensure that they include all criminal incidents in their daily crime logs, Azusa, San José State, and West LA should by December 2018 create and follow appropriate procedures, such as requiring supervisor review of entries or programming their records management systems to create the daily crime logs automatically.

Bakersfield, Berkeley City College, and San José State should create and follow procedures by August 2018 to ensure that they include all crimes in their daily crime logs as they become aware of those crimes, such as when they receive crime reports from local law enforcement agencies.

Systemwide Offices

To ensure that its campuses include all necessary policy disclosures in their annual security reports, the CSU Chancellor’s Office should revise its systemwide annual security report template by August 2018 so that it directs its campuses to specifically include each of the policies that the Clery Act and federal regulations require.

To help ensure its institutions maintain complete and accurate information about crimes that occur on their properties, the CSU Chancellor’s Office should issue a policy by August 2018 to specify the information its institutions should include in their daily crime logs.

To help prevent errors during the next Clery Act reporting cycle, UCOP should revise its Clery Act policy by August 2018 to include details on where institutions can find the specific disclosure requirements for their annual security reports.


Back to top





Other Areas We Reviewed

As part of the audit work required by Section 67382 of the Education Code, we reviewed the subject areas in Table 5. In the table, we indicate the results of our review and any associated recommendations we made that we do not present in other sections of this audit report.

Table 5
Other Areas Reviewed as Part of This Audit
Notification of the Annual Security Reports’ Availability
Regulations specify that each institution must distribute its annual security report by October 1 to all enrolled students and current employees. An institution can fulfill this requirement in a few ways, including by both posting the report to its website and emailing a notification to students and employees regarding its availability. To determine whether the six institutions we reviewed adequately notified current students and employees of the availability of their annual security reports, we reviewed relevant supporting documentation and their websites. Although we found that four of the six institutions adequately notified their campus communities of the availability of their annual security reports, two did not.
Humboldt State acknowledged that it did not send an email notification directly to students regarding the availability of its 2017 annual security report. Humboldt State’s Clery Act coordinator explained that when the university police department asked the marketing and communications department to send the notification that the 2017 annual security report was available to the campus community, the notification was sent only to current employees due to a miscommunication. The Clery Act coordinator confirmed that Humboldt State will properly notify students of the annual security report’s availability in 2018. 
Peralta claims that it notified students, on behalf of Berkeley City College, by email of the availability of the 2017 annual security report, but it could not substantiate its claim with sufficient documentation. Peralta’s Department of General Services requested the district’s Department of Public Information Communications and Media (Communications and Media) to notify students of the availability of the 2017 annual security report. However, the executive director of Communications and Media stated that he could not find any documentation demonstrating that it provided the notification to students.
Recommendations
Humboldt State should properly notify students of the availability of its annual security report. 
Berkeley City College should retain documentation of Peralta’s notification to its students demonstrating that Peralta appropriately notified the campus’s community about the availability of its annual security report. 
Discrepancies Between the Clery Act Crime Statistics in Institutions’ Annual Security Reports and in Their Submissions to the U.S. DOE
We compared the 2016 Clery Act crime statistics each institution included in its annual security report to the statistics it submitted to the U.S. DOE and found inconsistencies in the numbers for two of the six institutions. Specifically, the Clery Act crime statistics Bakersfield and Humboldt State published in their annual security reports did not match the statistics they submitted to the U.S. DOE. When institutions fail to report Clery Act crimes consistently, they risk misinforming key stakeholders, such as students and employees.
We found that Humboldt State published in its annual security report statistics in 19 crime categories that did not match what it submitted to the U.S. DOE. For example, Humboldt State included six 2016 on‑campus rapes in its annual security report, but it included only four 2016 on‑campus rapes in data submitted to the U.S. DOE. When we spoke with the Clery Act coordinator, she indicated that the differences were the results of human error. She explained that she and Humboldt State’s chief of police both made edits to the numbers in the annual security report and that the numbers might have changed during the preparation process. Humboldt State agreed it will update the numbers it submitted to the U.S. DOE as soon as possible.
Similarly, Bakersfield published statistics in nine crime categories that did not match what it submitted to the U.S. DOE. For example, Bakersfield included one 2016 noncampus domestic violence incident in its annual security report, but it submitted zero 2016 noncampus, domestic violence incidents to the U.S. DOE. The Clery Act coordinator at Bakersfield stated that the inconsistencies were due to a lack of oversight and clear direction on how to accurately submit Clery Act statistics on the U.S. DOE website. Bakersfield informed us that it will send a supplemental report with the correct numbers by June 2018 to the campus community and submit corrected numbers to the U.S. DOE as soon as possible.
Recommendations
To ensure they properly inform students and employees, Bakersfield and Humboldt State should notify their students and employees and update the U.S. DOE about the corrected Clery Act statistics as soon as possible.
To ensure that their annual security reports’ crime statistics and the statistics they submit to the U.S. DOE align, Bakersfield and Humboldt State should reconcile these statistics before publishing their reports or submitting the data to the U.S. DOE.
Compliance With State Law Related to the Clery Act
Within the Education Code, we identified 27 state‑mandated policies, some of which the affirmative consent law established, that community college districts and the CSU Chancellor’s Office are required to develop. These policies address similar issue areas as those addressed by the 58 Clery Act policies we present in Appendix C; however, state law requires these entities, rather than the institutions, to establish the policies. Some of the policies include creating an affirmative consent standard, requiring campus law enforcement agencies to have written agreements with local law enforcement agencies, and ensuring that Clery Act crime reports are disclosed to the appropriate law enforcement agencies. If the districts do not establish policies and protocols, their institutions may not have the guidance necessary to ensure students and staff have critical resources and information about campus safety. Our review found that the entities’ policies varied in their level of compliance with state law.
The districts of the three community colleges we visited—Kern Community College District, Los Angeles Community College District, and Peralta—failed to establish numerous required policies. For example, none of the districts adopted complete, victim‑centered policies and protocols regarding sexual assault, domestic violence, dating violence, and stalking. In order to meet the Education Code requirements, the districts agreed that they need to develop the missing policies. 
The CSU Chancellor’s Office was not fully compliant with one subsection of the Education Code that involves procedures for handling requests from the public for information about sexual assault incidents. Unless the CSU Chancellor’s Office clearly states within its policy how it will handle such requests, students may be unsure their information will be handled appropriately.
We also evaluated whether UCOP’s policies complied with the state mandates even though it is statutorily exempted from adhering to the mandates. Although UC would need to adhere to the mandates if its Board of Regents passed a resolution to implement them, UCOP’s senior counsel of education affairs stated that the Board of Regents has not passed such a resolution. We found that UCOP has not established policies that specifically address all provisions of two sections of the Education Code. 
UCOP does not have a policy that explicitly addresses how its campuses will respond to stranger and nonstranger sexual assaults. According to UCOP’s systemwide deputy audit officer, UCOP believes that its systemwide Clery Act policy sufficiently addresses both stranger and nonstranger sexual assaults because it considers both types of incidents to be reportable crimes under its policy. He also stated that UCOP’s systemwide sexual harassment and sexual violence policy addresses all forms of sexual assault. Nevertheless, those policies do not describe how its campuses should respond to sexual assaults specifically involving nonstrangers and whether the campuses should handle them differently from sexual assaults involving strangers. Regardless of UCOP’s official stance, its policies are not aligned with state law, as they do not describe how it will respond to sexual assaults of both types. 
UCOP also does not require its campuses to include offender characteristics, when known, in written records of noncriminal acts of hate violence or to collect, compile, and publish their reported occurrences of hate violence. According to UCOP’s senior counsel of education affairs, UC takes campus safety very seriously and complies with the spirit of what the Legislature hoped to accomplish—improving student and employee safety on campuses. She also stated that the campuses currently have practices in place designed to identify and address hate violence and that to the extent that hate incidents involve Clery Act crimes, the campuses collect and report the data in their annual Clery Act crime statistics. She further explained that UC makes available online an intolerance form that anyone in the system can use to report incidents that do not rise to the level of crimes. Although its campuses have methods of collecting information on hate violence, UC does not make available to the public a report compiling all occurrences of noncriminal acts of hate violence. We also determined that the UC’s intolerance form did not have a designated field for reporters to include offender characteristics. 
Although the UC is statutorily exempted from adhering to the state mandates in question, its campuses would be better positioned to promote safety among their students and employees if these requirements were in place. According to UCOP’s senior counsel of education affairs, UCOP is amenable to adjusting its current approaches to address these provisions, even in the absence of a formal resolution by the Board of Regents. Because other higher education institutions must adhere to these requirements, it would seem reasonable for UCOP to hold itself to the same standards and to provide detailed, victim‑centered policies and protocols. The systemwide deputy audit officer informed us, as a result of a resolution agreement with the U.S. DOE’s Office of Civil Rights, UCOP will be revising its sexual harassment and sexual violence policy in February 2019, at which time it will be able to adjust its policy regarding stranger and nonstranger sexual assaults.
Recommendations
To ensure that their campuses provide the necessary resources and information to students about campus safety, the three community college districts should by December 2018, develop all required policies related to campus safety in compliance with the Education Code. 
To ensure it is fully compliant with the Education Code, the CSU Chancellor’s Office should create and implement a procedure by December 2018 regarding the handling of requests for information regarding sexual assault incidents.
To ensure that it provides accurate and comprehensive information to its students and employees, UCOP should by December 2018 revise its intolerance form to allow for reporters to include offender characteristics and provide to the public complete information regarding the occurrences of noncriminal acts of hate violence. Additionally, UCOP should by February 2019 more clearly address both stranger and nonstranger sexual assault within its policies.
Follow‑Up With Institutions We Surveyed in Our 2015 Audit
In our July 2015 report, California’s Postsecondary Educational Institutions: More Guidance Is Needed to Increase Compliance With Federal Crime Reporting Requirements, Report 2015‑032, we conducted a survey in which a number of institutions indicated that they failed to post their annual security reports to their websites and did not make their students and employees aware of their annual security reports through email. As part of our current audit, we followed up with 17 of these institutions by reviewing their websites and other documentation to determine whether they were currently in compliance with the Clery Act. 
Although we found most institutions were in compliance, three were not. Palo Verde College and Lassen Community College posted their annual security reports online but did not notify students and staff through email of the availability of their annual security reports. Further, Downey Adult School did not post its annual security report on its website until late March 2018, after we brought this issue to its attention.
Additionally, we noted that Palo Verde College lacked some of the required policy disclosures in its 2017 annual security report, and Lassen Community College did not have any of the required policy disclosures in its 2017 annual security report.
The interim vice president of administrative services at Palo Verde College indicated that she was unaware that the institution was not in full compliance with the Clery Act. She stated that she would ensure that the institution was in full compliance during the next reporting cycle. 
The vice president of administrative services at Lassen Community College District stated that the institution had not fully complied with the Clery Act’s requirements in the past but would address this at the next governing board meeting. In fact, as of March 2018, the board had unanimously approved the steps necessary to bring Lassen Community College into compliance with the requirements.
The assistant principal for Downey Adult School explained that the institution believed that the previous director of financial aid had ensured compliance with the requirements of the Clery Act, and it was therefore unaware of the noncompliance. 

We conducted this audit under the authority vested in the California State Auditor by section 8543 et seq. of the California Government Code and according to generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives specified in the Scope and Methodology section of the report. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Respectfully submitted,

ELAINE M. HOWLE, CPA
State Auditor

Date:
May 10, 2018

Staff:
Laura G. Kearney, Audit Principal
Linus Li, CPA, CIA, Audit Principal
Jim Adams, MPP
Sean D. McCobb, MBA
Britani M. Keszler, MPA
Alex Maher
Jennifer E. Moore, MPH
Lily V. Nuñez, MPP

Legal Counsel:
Mary K. Lundeen, Sr. Staff Counsel

For questions regarding the contents of this report, please contact Margarita Fernández, Chief of Public Affairs, at 916.445.0255.




Footnote(s)

7 For the number of Clery Act crimes these institutions reported for 2014 and 2015, see Appendix B. Go back to text

8 We based the number of crimes we reviewed on the total Clery Act crimes that each institution reported. We selected 15 percent of Clery Act crimes that each institution reported, but not less than 15 crimes or more than 30 crimes. Go back to text

9 As we previously discuss, we reviewed between 15 and 30 crimes at each institution, with the exact number dependent on the total number of crimes the institution reported in 2016. Go back to text



Back to top