A comprehensive institutional compliance program is one that integrates and coordinates all significant requirements with which the institution must comply by law, regulation or other binding rule or agreement. Comprehensive organizational compliance programs are common in highly-regulated industries and are increasingly present in higher education after the passage of the Sarbanes-Oxley Act and some well-publicized cases of overbilling federal agencies.
Currently at Princeton, there are many different policy manuals, but the overarching publication that speaks to principles of conduct for all members of the University is "Rights, Rules, Responsibilities." These principles are designed to protect the well-being of the University community and to advance its educational mission by deterring wrongdoing and promoting honest, ethical conduct.
Underlying these principles are many policies and procedures related to specific issues. One objective of an institutional compliance program is to inventory and consolidate operative principles and policies so that all members of the community have easy access to general principles and detailed policies and procedures.
An institutional compliance program based on Sarbanes-Oxley and the Federal Sentencing Guidelines demonstrates that there is an internal process to prevent and detect violations of law. Minimum components include:
- Establish and communicate institutional principles designed to deter wrongdoing and to promote honest and ethical conduct.
- Develop and effectively communicate policies and procedures.
- Designate an institutional compliance officer.
- Implement a program to monitor compliance and, when gaps or violations occur, to develop responses to correct deficiencies in a timely manner.
- Ensure that the appropriate University department/governing body has identified appropriate disciplinary sanctions and has applied those sanctions when infractions occur.
Roles and Responsibilities
1. Committee on Audit and Compliance of the Board of Trustees
- Reviews the state of institutional compliance at Princeton and plans to address compliance deficiencies.
2. Executive Compliance Committee
- Helps the compliance officer solicit compliance ideas, determine priorities, review the annual compliance plan, review proposed approaches to monitoring compliance, encourage institution-wide cooperation and help ensure general follow-up to compliance reports. The committee will provide general oversight and work to make sure the importance of compliance is well publicized and well understood throughout the University.
- Ensures the cognizant University governing entity takes appropriate disciplinary action when violations occur, and in the absence of a governing body, determines appropriate actions and ensures such actions are taken.
- Secures necessary funding from the provost to carry out the above activities.
3. Chief Compliance Officer
- Develops institutional compliance program elements.
- Promotes compliance awareness through publicity and education and training programs.
- Develops compliance monitoring program working with Internal Audit and the Compliance liaisons to ensure that all relevant laws and regulations are being monitored and that appropriate policies and processes have been established and communicated to applicable members of the University community.
- Develops plans and priorities to ensure that compliance deficiencies are addressed in a timely manner. Implements and publicizes a "University Hotline" program.
- Identifies policy concerns that impede compliance. Ensures cognizant office addresses deficiency in a timely manner.
- Networks with other university compliance officers throughout the nation to keep apprised of emerging compliance issues, share best practices, etc.
4. Compliance Leads
- Monitor applicable external laws and regulations and ensure adherence to commitments made in binding agreements with third parties.
- Develop and maintain institutional policies and procedures to ensure that all University faculty, staff and students operate in accordance with established rules.
- Provide training, manuals and information to constituents so they understand how to comply with rules.
- Monitor compliance and initiate an action plan when deficiencies are identified.
5. Faculty, Staff, Students, and others who perform work at the request of the University
- Understand and follow principles of conduct in the comportment of their University obligations.
- Ensure that they and the staff who report to them are aware of and operate in compliance with applicable laws and policies.
- Report incidents of non-compliance or concerns.