260 likes | 275 Views
Learn about compliance standards, risk identification, and mitigation strategies in higher education institutions. Explore various compliance models and structures to ensure operational efficiency and legal adherence.
E N D
NACUA Fall 2009 Workshop INSTITUTIONAL COMPLIANCE MODELS-STRATEGY AND STRUCTURE November 11, 2009 National Association of College and University Attorneys
IMPORTANCE OF COMPLIANCE STRATEGY AND STRUCTURE • Risk Identification and Minimization • External Expectations and Incentives • Reputation • Operational Efficiency and Quality Control National Association of College and University Attorneys
ENTERPRISE RISK MANAGEMENT • “Structured, consistent, and continuous process across the whole organization for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives.” (Institute of Internal Auditors) National Association of College and University Attorneys
IN OTHER WORDS . . . • “What could happen that might prevent the institution from achieving its plans, and what is being done to eliminate, reduce, or mitigate the risk?” National Association of College and University Attorneys
COMPLIANCESTANDARDS • Multiple sources for standards • External legal, auditor, or accreditation mandates (e.g., IRS, SOX, SACs, AGs, Rating Agencies) • Professional association, auditor, insurer, or other external “best practices” standards • Internal policies and procedures National Association of College and University Attorneys
FEDERAL SENTENCING GUIDELINES • Effective compliance program may result in substantial mitigation of assessed fines and penalties if criminal liability attaches to the organization • One key benchmark for measuring institutional compliance programs National Association of College and University Attorneys
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS(Federal Sentencing Guidelines) • (1) Standards and procedures in place to prevent and deter violations of law (or policy) • (2) Overall responsibility assigned to personnel with adequate resources and appropriate authority National Association of College and University Attorneys
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS • (3) Personnel with substantial authority are chosen with due diligence and are of high integrity • (4) Effective training programs and dissemination of information National Association of College and University Attorneys
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS • (5) Monitoring / Reporting mechanism / Effective follow up • (6) Consistent enforcement of standards through incentive and discipline • (7) Appropriate response to violations of law National Association of College and University Attorneys
HIGHER ED. COMPLIANCE MODELS • Centralized Coordination Model (e.g. U.Minn., U. Texas) • Single university-wide Compliance Officer • Leaders and administrators of various units within the university are liaisons with CO • Used at many large research institutions with multiple campuses and schools National Association of College and University Attorneys
HIGHER ED. COMPLIANCE MODELS (cont’d) • Other Centralized Models (e.g., Princeton, DePaul) • Institutional Compliance Director (sometimes existing audit official) PLUS Executive Compliance Committee National Association of College and University Attorneys
HIGHER ED. COMPLIANCE MODELS (cont’d) • Decentralized Model (e.g. Harvard) • Compliance Officers at the school level • Horizontal relationship of school COs with central audit/compliance personnel National Association of College and University Attorneys
HIGHER ED. COMPLIANCE MODELS (cont’d) • “Stealth” Model (e.g. Baylor) • Decentralized, without designated Compliance Officer(s) • Compliance responsibilities assigned to various deans, directors, committees, etc. • Stronger oversight role in OGC, Audit, etc. National Association of College and University Attorneys
FORMER W&L COMPLIANCE STRUCTURE • Compliance efforts, processes, and reporting ongoing, but without formalized structure and coordination. • Mixed approaches in place; primarily “stealth” with OGC taking the lead National Association of College and University Attorneys
FORMER W&L COMPLIANCE STRUCTURE • Some designated officers or committees (e.g. Director of Environmental Health and Safety, Information Security Program, Institutional Review Board) • Some project-based committees (e.g. Information Technology Security Working Group, Employee and Faculty Handbook Review Groups) National Association of College and University Attorneys
COMPLIANCE STRUCTURE • Considerations: • Decentralized culture and institutional history • Active and highly valued tradition of “shared governance” vs. “directives” from those not familiar with operational reality • Avoid creation of new bureaucracy and/or redundancy of efforts • Address all risk areas with highest risks first priority National Association of College and University Attorneys
MATRIX COMPLIANCE PROGRAM • Modeled primarily on Stanford’s program • Decentralized matrix of University offices and administrators assigned responsibility for specific compliance areas, coordinated and supported by Office of General Counsel (Associate General Counsel for Compliance Support) with OGC as resource for all operational areas National Association of College and University Attorneys
MATRIX COMPLIANCE PROGRAM • Components: • Compliance areas (clusters of laws, high risks, etc.) (e.g. Student Financial Aid) • Cognizant Policy Office/Officer (member of President’s Council with overall responsibility) (e.g. Dean of Admissions and Financial Aid) • Functionally Responsible Office(s) and Officer(s) (e.g. Financial Aid Director) National Association of College and University Attorneys
MATRIX COMPLIANCE PROGRAM • Associate General Counsel for Compliance Support (AGC) is coordinator for functionally responsible officers, who serve as Compliance Partners • Matrix Program provides institutional coordination and record of compliance efforts National Association of College and University Attorneys
MATRIX COMPLIANCE PROGRAM • OGC advises President and President’s Council on a periodic basis (at least quarterly) of compliance programming updates and reports to Audit Subcommittee at each Board meeting and otherwise as necessary National Association of College and University Attorneys
W&L COMPLIANCE RESOURCES • W&L’s Compliance Matrix (http://counsel.wlu.edu/policy/Chart.of.Compliance.Areas.pdf) • W&L’s Compliance Calendars (http://counsel.wlu.edu/tutorial/ComplianceCalendars/ComplianceCalendars.html) • W&L’s Compliance Worksheet Template (http://counsel.wlu.edu/policy/Compliance.Worksheet.pdf) National Association of College and University Attorneys
COMPLIANCE WORKSHEET • Date of Compliance Review • Compliance Area • Cognizant Policy Officer • Compliance Partner(s) • Source of Compliance Obligations • Responsible Agency or Enforcement Body • Enforcement and Risk Exposure/Sanctions • Key Compliance Obligations National Association of College and University Attorneys
COMPLIANCE WORKSHEET (cont’d) • Policies, Procedures, Practices, Training, Reporting, etc. in Place as Required • Gaps or Issues to be Addressed/Followed • Other Campus Offices Affected/Coordination Needed • Resources (compliancecalendar, templates, etc.) • Date for Follow Up to Address Gaps or Issues • Date of Next Regular Review National Association of College and University Attorneys
OTHER PROGRAM RESOURCES • University of Texas (http://utsystem.edu/compliance/) • University of Minnesota (http://www.instcomp.umn.edu/about.html) • Princeton University (www.princeton.edu/compliance/initiative.html) • DePaul University (http://compliance.depaul.edu/) • Stanford University (http://institutionalcompliance.stanford.edu/) National Association of College and University Attorneys