Board of Regents members Thursday expressed displeasure that three state institutions that were the subject of a follow-up audit on computer security had implemented few recommendations from the original audit.

A Legislative Division of Post Audit report, following up on a 2005 audit, found that Kansas University had implemented five of 33 recommendations. Both Kansas State and Emporia State universities also failed to implement several recommendations.

Regent Gary Sherrer asked whether there was some kind of policy that would be appropriate to ensure that institutions were following up on recommendations.

While regents balked at micromanagement, some suggestions included quarterly reports involving summaries of progress and a written plan of action at the beginning of an audit response that universities would be accountable to.

Regents directed staff to come up with policy options and will vote on the matter at a future meeting.