Audits are not the most welcome thing. Nobody likes an audit. But, with SJSU in the midst of a huge migration from proprietary e-mail systems like Lotus Notes and Exchange to Google Provided Gmail there have been some major changes that should be looked at. The user authentication method (UAM) used by the old systems was distributed and administrated by staff employees in organizational units (OUs) who had administration capabilities limited to employees in their own OU. The UAM for Gmail at SJSU is SJSUOne.
Password resets for SJSUOne campus wide are routinely done by student assistants. SJSUOne is the same UAM that has been used for the SJSU wireless network and the current security protocols were designed with less secure needs in mind (like the wireless network) than authentication to every employee at SJSU's e-mail.
Somebody who has expertise and real authority (and ability to change things if they need to be changed) needs to take a hard look and decide if SJSU's SJSUOne security protocols are tight enough to be used for a system that will authenticate the e-mail of the university president, the head of HR, SJSU's counselors, deans, managers, faculty and every other employee of San Jose State University.