Committee on Audit and Compliance (“ACC”): A committee of the Board of Trustees of Princeton University, whose primary purpose is to assist the Board in overseeing, among other functions, the performance of the University’s internal audit and compliance function, the adequacy and effectiveness of internal controls and its enterprise risk management processes.
Compliance Area: The particular compliance obligation that the University is responsible for satisfying. For purposes of the Operational Compliance Matrices only, such Compliance Area may be explored in greater detail via “Sub-Areas” and in some instances, “Sub-Sub-Areas,” to achieve more granularity.
Compliance Category: A grouping of related, multiple Compliance Areas, which is informed by the key compliance risk areas within the University. The Strategic Compliance Matrix is grouped into eight such Compliance Categories: Athletics, Employment, Environmental, Financial, Information Security/Data Privacy, International, Research, and Safety and Security. (The Operational Compliance Matrices are not grouped into Compliance Categories, but rather, are organized by focus areas or departments.)
Compliance Lead: The name of the person designated by a senior administrator as responsible for the coordination and oversight of activities to meet compliance standards for a particular Compliance Area.
Executive Compliance Committee (“ECC”): The committee at Princeton University comprised of senior members of the University’s management team, which, among other things, assists the OAC in determining priorities, reviewing the OAC’s work plans and ensuring that appropriate follow-up to OAC reports occurs.
Executive Risk Management Committee (“ERMC”): The committee at Princeton University responsible for reviewing and assessing potential risks to the University. The ERMC is also responsible for confirming that these risks are in alignment with the institutional mission and objectives and ensuring that necessary mitigation strategies and resources are brought to bear to enhance management and controls.
Office of Audit and Compliance (“OAC”): The OAC is the University’s campus unit led by the University’s Chief Audit and Compliance Officer, who reports to the ACC and to the Executive Vice President. The OAC engages collaboratively with campus partners on a variety of audit and compliance projects that provide internal control guidance through operational or financial review of management functions.
Operational Compliance Matrices: Based on laws, regulations, or University policies, these matrices identify the key Compliance Areas for a specific focus area or department.
Strategic Compliance Matrix: University-wide, inherently high-risk categories of key compliance obligations. Such compliance obligations may come from laws, regulations, or University policies.