Embed Size (px)
Citation preview
National Association of College and University Attorneys 1
November 11, 2009
NACUA Fall 2009 Workshop
November 2009
IMPORTANCE OF COMPLIANCE STRATEGY AND STRUCTURE
Risk Identification and Minimization
External Expectations and Incentives
Reputation
Operational Efficiency and Quality Control
National Association of College and University Attorneys
2
November 2009
ENTERPRISE RISK MANAGEMENT
“Structured, consistent, and continuous process across the whole organization for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives.” (Institute of Internal Auditors)
National Association of College and University Attorneys 3November 2009
IN OTHER WORDS . . .
“What could happen that might prevent the institution from achieving its plans, and what is being done to eliminate, reduce, or mitigate the risk?”
National Association of College and University Attorneys 4November 2009
National Association of College and University Attorneys 5November 2009
COMPLIANCE STANDARDS
Multiple sources for standards External legal, auditor, or
accreditation mandates (e.g., IRS, SOX, SACs, AGs, Rating Agencies)
Professional association, auditor, insurer, or other external “best practices” standards
Internal policies and procedures
National Association of College and University Attorneys 6November 2009
FEDERAL SENTENCING GUIDELINES
National Association of College and University Attorneys 7
Effective compliance program may result in substantial mitigation of assessed fines and penalties if criminal liability attaches to the organization
One key benchmark for measuring institutional compliance programs
November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS(Federal Sentencing Guidelines)
(1) Standards and procedures in place to prevent and deter violations of law (or policy)
(2) Overall responsibility assigned to personnel with adequate resources and appropriate authority
National Association of College and University Attorneys 8November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS
(3) Personnel with substantial authority are chosen with due diligence and are of high integrity
(4) Effective training programs and dissemination of information
National Association of College and University Attorneys 9November 2009
EFFECTIVE COMPLIANCE PROGRAM ELEMENTS
(5) Monitoring / Reporting mechanism / Effective follow up
(6) Consistent enforcement of standards through incentive and discipline
(7) Appropriate response to violations of law
National Association of College and University Attorneys 10November 2009
HIGHER ED. COMPLIANCE MODELS
Centralized Coordination Model (e.g. U.Minn., U. Texas) Single university-wide Compliance
Officer Leaders and administrators of various
units within the university are liaisons with CO
Used at many large research institutions with multiple campuses and schools
National Association of College and University Attorneys 11November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d)
Other Centralized Models (e.g., Princeton, DePaul) Institutional Compliance Director
(sometimes existing audit official) PLUS Executive Compliance Committee
National Association of College and University Attorneys 12November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d)
Decentralized Model (e.g. Harvard) Compliance Officers at the school level Horizontal relationship of school COs with
central audit/compliance personnel
National Association of College and University Attorneys 13November 2009
HIGHER ED. COMPLIANCE MODELS (cont’d)
“Stealth” Model (e.g. Baylor) Decentralized, without designated
Compliance Officer(s) Compliance responsibilities assigned
to various deans, directors, committees, etc.
Stronger oversight role in OGC, Audit, etc.
National Association of College and University Attorneys 14November 2009
FORMER W&L COMPLIANCE STRUCTURE
Compliance efforts, processes, and reporting ongoing, but without formalized structure and coordination.
Mixed approaches in place; primarily “stealth” with OGC taking the lead
National Association of College and University Attorneys 15November 2009
FORMER W&L COMPLIANCE STRUCTURE
Some designated officers or committees (e.g. Director of Environmental Health and Safety, Information Security Program, Institutional Review Board)
Some project-based committees (e.g. Information Technology Security Working Group, Employee and Faculty Handbook Review Groups)
National Association of College and University Attorneys 16November 2009
COMPLIANCE STRUCTURE
Considerations: Decentralized culture and institutional
history Active and highly valued tradition of
“shared governance” vs. “directives” from those not familiar with operational reality
Avoid creation of new bureaucracy and/or redundancy of efforts
Address all risk areas with highest risks first priority
National Association of College and University Attorneys 17November 2009
MATRIX COMPLIANCE PROGRAM
Modeled primarily on Stanford’s program
Decentralized matrix of University offices and administrators assigned responsibility for specific compliance areas, coordinated and supported by Office of General Counsel (Associate General Counsel for Compliance Support) with OGC as resource for all operational areas
National Association of College and University Attorneys 18November 2009
MATRIX COMPLIANCE PROGRAM
Components: Compliance areas (clusters of laws, high
risks, etc.) (e.g. Student Financial Aid) Cognizant Policy Office/Officer (member of
President’s Council with overall responsibility) (e.g. Dean of Admissions and Financial Aid)
Functionally Responsible Office(s) and Officer(s) (e.g. Financial Aid Director)
National Association of College and University Attorneys 19November 2009
MATRIX COMPLIANCE PROGRAM
Associate General Counsel for Compliance Support (AGC) is coordinator for functionally responsible officers, who serve as Compliance Partners
Matrix Program provides institutional coordination and record of compliance efforts
National Association of College and University Attorneys 20November 2009
MATRIX COMPLIANCE PROGRAM
OGC advises President and President’s Council on a periodic basis (at least quarterly) of compliance programming updates and reports to Audit Subcommittee at each Board meeting and otherwise as necessary
National Association of College and University Attorneys 21November 2009
National Association of College and University Attorneys 22November 2009
W&L COMPLIANCE RESOURCES
W&L’s Compliance Matrix (http://counsel.wlu.edu/policy/Chart.of.Compliance.Areas.pdf)
W&L’s Compliance Calendars (http://counsel.wlu.edu/tutorial/ComplianceCalendars/ComplianceCalendars.html)
W&L’s Compliance Worksheet Template (http://counsel.wlu.edu/policy/Compliance.Worksheet.pdf)
National Association of College and University Attorneys 23November 2009
COMPLIANCE WORKSHEET
Date of Compliance Review Compliance Area Cognizant Policy Officer Compliance Partner(s) Source of Compliance Obligations Responsible Agency or Enforcement Body Enforcement and Risk Exposure/Sanctions Key Compliance Obligations
National Association of College and University Attorneys 24November 2009
COMPLIANCE WORKSHEET (cont’d)
Policies, Procedures, Practices, Training, Reporting, etc. in Place as Required
Gaps or Issues to be Addressed/Followed Other Campus Offices
Affected/Coordination Needed Resources (compliance calendar,
templates, etc.) Date for Follow Up to Address Gaps or
Issues Date of Next Regular Review
National Association of College and University Attorneys 25November 2009
OTHER PROGRAM RESOURCES
University of Texas (http://utsystem.edu/compliance/)
University of Minnesota (http://www.instcomp.umn.edu/about.html)
Princeton University (www.princeton.edu/compliance/initiative.html)
DePaul University (http://compliance.depaul.edu/)
Stanford University (http://institutionalcompliance.stanford.edu/)
National Association of College and University Attorneys 26November 2009
