The following Compliance & Ethics Program elements align with DOJ Guidance for Evaluation of Corporate Compliance Programs.
Organizational Leadership, Culture and Governance
- Demonstrate a “tone from the top” through organizational vision, oversight and governance by the Governance Risk and Compliance Executive Council and annual reports to the Audit Committee.
Standards and Procedures
- Establish standards and procedures to promote operational excellence through ethical behavior.
- Establish standards and procedures to prevent and detect criminal conduct and facilitate compliance.
- Develop and implement a University Code of Conduct for faculty, staff and students.
Education and Awareness
- Communicate expectations of high ethical standards and adherence to policies and procedures.
- Provide training and education as part of the onboarding process and in a practical manner as appropriate to an individual’s role and responsibility.
- Provide regular updates on the compliance webpage and other communication avenues.
- Require yearly compliance education and attestation.
- Provide specialized education based on risk analysis and emerging risks.
- Initiate a University compliance heroes/liaison program.
- Develop an annual compliance and ethics seminar.
Effective Lines of Communication
- Market a confidential and anonymous integrity helpline for faculty, staff and students to report potential noncompliant conduct without fear of retaliation.
- Increase the culture of compliance through awareness that everyone’s voice matters.
Program Evaluation and Guidance
- Monitor annual compliance work plans, internal audits, compliance inspections, peer reviews and responses.
- Report results to senior leadership and the Board.
Consistent Application of Standards
- Promote and consistently enforce standards and discipline throughout the organization.
- Disseminate a non-retaliation policy for good-faith anonymous reporting.
- Increase awareness of clear disciplinary policies that are readily accessible to the University community.
- Advocate for a culture of integrity and compliance to be part of the performance review process and include incentives for demonstrated ethical behavior.
Response and Prevention
- Respond appropriately to noncompliant acts to prevent further instances. Make any necessary improvements to reduce the risk of future noncompliance and perform outreach to re-align organizational culture.
- Promote investigative practices that are fair, objective, independent and consistently managed by qualified personnel.
- Promote root cause analysis to identify underlying causes.
- Review tracking of corrective actions to confirm that they have been effective and sustainable.
- Analyze topical risk patterns and trends for systemic issues and target improving organizational performance.
Periodic Risk Assessments
- Align compliance and ethics with enterprise risk management and internal audit functions.
- Support compliance partners in annual work plans that reflect a shared partnership and avoid overlap and redundancy.
- Engage with compliance partners to enhance understanding of the impact, purpose and functions of the aligned functions of compliance and ethics, enterprise risk, and internal audit.