Compliance and Integrity
This office stands on three pillars: 1) strengthening integrity culture, 2) mitigating compliance risks, and 3) improving issue response. Together, these components enable us to ensure compliance with applicable laws, regulations, and policies, while advancing the university’s strategic goals.
- All members of the university are responsible for building a culture of integrity, which includes ethical conduct and compliance with applicable laws, regulations, and policies. We enable stakeholders to embrace a culture of integrity and accountability throughout the university.
- University leaders are responsible for owning their compliance risks and ensuring integrity in their colleges or units. We will assist leaders by enabling them to identify and manage their compliance responsibilities, including promotion of ethics and integrity.
- Faculty and staff are responsible for understanding their legal and policy obligations. We will assist all members of the university by ensuring appropriate compliance training and by responding to questions and concerns, including those raised through the university’s anonymous reporting line, EthicsPoint.
- Develop a Code of Values for the university, as directed by the Board of Trustees; support with appropriate training, including expectations for university leaders.
- Conduct a survey of integrity culture and develop benchmark measures to identify challenges, gauge progress, and compare ourselves to peer institutions.
- Establish strong governance processes to support compliance and integrity, including compliance reporting to unit-level committees responsible for compliance, the University Risk Management Committee, and the Legal, Risk, Audit and Compliance Committee of the Board of Trustees.
- Clarify roles and responsibilities for compliance, including individuals in embedded compliance units; identify resource gaps limiting the success of compliance efforts.
Mitigating Compliance Risks
- University leaders are responsible for compliance with all applicable laws, regulations, and policies. We work with university leaders to identify and substantively mitigate top compliance risks.
- Support appropriate central processes in the university, including the university policy process.
- Build consistent core compliance processes for the university to ensure the identification, assessment, and mitigation of compliance risks. (See Figure below)
- Ensure the ongoing mitigation, tracking and reporting of material compliance risks.
- Develop core compliance processes to support ongoing mitigation efforts, including:
- Partner with the Office of Legal Affairs to maintain a Regulatory Inventory of all material laws and regulations applying to the university;
- Conduct an annual Compliance Risk Assessment by determining the materiality of requirements and the effectiveness of current controls;
- Develop Annual Compliance Plans for the university and key units to ensure operational ownership and proactive mitigation planning for all top compliance risks;
- Develop, review, update, and implement compliance policies;
- Establish comprehensive university oversight of training processes to ensure the delivery of efficient, effective, and appropriate training to all members of the university community;
- Work with key university stakeholders to ensure the establishment of sufficient operational controls to comply with key legal and regulatory requirements;
- In collaboration with Internal Audit, develop risk-based testing and monitoring of the controls necessary to meet legal and policy requirements; and
- Ensure appropriate issue response by clarifying roles, responsibilities, and standards for compliance issues, including regular reporting to the University Risk Management Committee and the Legal, Audit, Risk and Compliance Committee of the Board of Trustees.
- Build or simplify university processes critical to the mitigation of top compliance risks, including:
- The university process for approving and revising policies;
- An early warning process to identify regulatory and operational changes critical to meeting the university’s compliance requirements external to the university;
- The conflicts of interest disclosure process; and
- The Clery Act disclosure process.
- Ensure appropriate response to top compliance issues, whether originating externally or internally, to enable accurate, timely and fair resolution of each issue.
- Improve reporting for senior leaders and the Board of Trustees on compliance issues to support appropriate accountability and ensure completion of necessary corrective actions.
- Develop core processes to support university leaders in responding to top compliance issues. Those processes include:
- Track and manage all public records requests to ensure appropriate and timely response to all such requests received by the university;
- Create consistent standards for the conduct and reporting of investigations across the university;
- Manage EthicsPoint, the university’s anonymous reporting line;
- Develop a framework to ensure proper response to regulatory contacts and enforcement subpoenas; and
- Track and analyze Internal Audit findings, to identify common root causes and leverage this valuable partner in mitigating compliance risks.