The Board of Governors Compliance Committee Derry Harper and Lori Clark

1. The Board of Governors Compliance Committee Derry Harper and Lori Clark November 3-4, 2010, Audit and Compliance Committee Meeting www.flbog.edu

2. Our Philosophy “…the Board of Governors has reserved overall fiduciary responsibility for management of the university system. Part of that responsibility is to be able to demonstrate accountability. The organization needs to be able to demonstrate by empirical and objective evidence that it is achieving that goal.”–Chancellor Frank Brogan, January 28, 2010, Audit and Compliance Committee meeting

3. Board Of Governors Compliance Committee Board of Governors Audit and Compliance Committee Chancellor Board Compliance Committee Inspector General, Chair CHIEF FINANCIAL OFFICER INFO RESOURCE MANAGEMENT CORP SECY GENERAL COUNSEL ACADEMIC & STUDENT AFFAIRS CHIEF of STAFF FACILITIES HUMAN RESOURCES

4. Compliance Program Elements • Risk Assessment • Responsible Parties and Roles • Standards and Procedures • Program Oversight • Awareness, Education and Training • Lines of Communication • Monitoring and Auditing • Enforcement • Corrective Action

5. Our Philosophy • Step 1: Establish Compliance Program • Identify Project Owner or Champion • Establish a Steering Committee • Step 4: Establish Systematic Compliance Program • Develop Compliance Matrix • Training • Monitoring • Identify areas of non-compliance • Corrective Action Plan Process • Step 2: Identify Key Objectives • List Key Objectives • Prioritize Key Objectives • Step 3: Identify Key • Compliance Risk Areas • Brainstorm and assess high risk areas • Assign high risk areas to process owner

6. Board Compliance Plan - Phase 1 • Review all Board Regulations to identify Board responsibilities (ref. RCR Project) • Tool(s): RCR Database • Projected End Date: November 2010 • OIGC review of staff analyses of Board Regulations • Tool(s): RCR Database • Projected End Date: December 2010 • Verify compliance • Tool(s): RCR Database • Projected End Date: December 2010

7. Analyst Maturity Rating Scale RED – the regulation has inconsistencies or outdated information that must be corrected immediately. Yellow – Clarifications or improvements need to be made fairly soon. • OIGC Review: • Approved • Rejected • For Review Green – There are tasks to be done by either university or Board staff, and procedures are in place and working; no changes are needed. Blue – The regulation is informational only, and there are no tasks to be done.

8. OIGC Maturity Rating & Analysis • Generally Adequate - Controls are in place and functioning as designed. Opportunities may exist for improvement or significant improvement applicable to sub-objective controls. • Needs Improvement – There are designed controls but not always effective and/or other controls are needed. • Needs Significant Improvement – Some controls may exist, but they are not effective in achieving the primary objective within the scope of the audit.

9. Board Compliance Plan - Phase 2 • Review all Board Regulations to identify SUS responsibilities • Tool(s): RCR Database • Projected End Date: March 2011 • Validate and verify university compliance • Tool(s): RCR Database • Projected End Date: June 2011

10. Board Compliance Plan - Phase 3 • Identify statutory requirements (ex. S. 20.055, F.S., and S. 381.79, F.S.) for Board Office • Tool(s): RCR Database • Projected End Date: March 2011 • Verify Board compliance • Tool(s): RCR Database/Data Request System • Projected End Date: June 2011

11. WHAT’S NEXT? • Establish an SUS Compliance Program • Adopt a Board Of Governors and SUS Code of Ethics/Conduct ? • Establish an Enterprise Risk Management System?