Audit, Compliance, and...Audit. Coordinate compliance functions in a manner similar to the Office of...
Transcript of Audit, Compliance, and...Audit. Coordinate compliance functions in a manner similar to the Office of...
1
Integrating Audit, Compliance, Risk Management, and General Counsel
David GallowayExecutive Director – Office of Compliance and Audit
Brigham Young University
1
2
2
3
4
3
Freeh ReportCoordinate the Chief Compliance Officer’s responsibilities with the Office of General Counsel, the Director of Risk Management and the Director of Internal Audit.
Coordinate compliance functions in a manner similar to the Office of Internal Audit.
Have similar access to, and a reporting relationship with the Board, as does the Internal Auditor.
5
Coordination of Compliance, Legal, Audit, and General Counsel
• Governance• Internal Control• Provide Direction• Regulatory Burden• Velocity of Failure
6
4
Governance“… the policies, processes, structures, and controls used within an organization by all involved to achieve its objectives in an ethical manner.”
-- Institute of Internal Auditors
7
Governance
“…the constellation of policies, procedures, and decision making units that control [a university]…”
--The Redesign of Governance in Higher Education
Rand Institute on Education and Training
8
5
Governance
“An organization such as a university is largely dependent on the exchange relationships that it is involved in…”
--Government Policies and Organizational Change in Higher EducationAse Gornitzka
9
Internal Control
Achievement of objectives regarding
Reliability of financial reportingEffectiveness and efficiency Compliance with laws and regulations
-- COSO Internal Control Framework
10
6
11
“If we could first know where we are, and whither we are tending, we could then better judge what to do, and how to do it.”
Abraham Lincoln (House Divided Speech)
Heuristic Model
12
7
Where Will It End?
13
14
8
Where Will It End?
15
LANDSCAPE
CHANGE inIncreasing Regulation
Increasing Regulator Audits-- Tax-- Clery Act-- ICE-- EPA
Increasing Expectation by Constituents Increasing Risk Velocity of Failure
16
9
The Compliance Officer’s Role1. Be involved in establishing the strategy
for compliance
2. Be familiar with the expectations for compliance
3. Help ensure integration of internal audit, compliance, the General Counsel, and Environmental Health and Safety
17
Steps to Managing the Burden
Identify the key players
Build an effective coordination structure
Ensure coordinated efforts impact compliance risks
18
10
“In organizations, real power and energy is generated through relationships. The patterns of relationships and the capacities to form them are more important than tasks, functions, roles, and positions.”
‐Margaret Wheatley
19
Compliance Partners
20
11
79% General Counsel
32% Compliance
65% Internal Audit
77% Environmental Health & Safety
(Risk Management)21
Value of Coordination
“The challenge decentralized organizations face is finding a way to leverage the knowledge possessed by the departments and disseminate that knowledge to the remainder of the institution.”
Patrick H. Dunkley (Stanford University)
22
12
23
Compliance Coordination
No Coordination
Ad HocCoordination
Formal Coordination
24
13
No Coordination
Have some compliance structureAssumed Responsibility
VP-Student Life assumes responsibility for crime statistics reporting. Financial Aid Department assumes responsibility for federal disclosures
No formal coordinating structure
25
Ad Hoc Coordination
“Silos of compliance”Report compliance issues up through their chain of commandNo regular means for coordinating compliance issues May coordinate efforts where executive management sees the need (H1N1)
26
14
Ad Hoc Coordination
Unreliable – may work for one issue and not all for anotherDifficult to demonstrate compliance with FSG elements Hampers integration of legal, audit, compliance, and risk management functions
27
Formal-Integrated Compliance Coordination
Compliance partners in regular contactFormal agendaProcesses for identifying and addressing issuesMonitoring to ensure risks are addressed.
28
15
29
Compliance Coordinator Senior-Level Compliance Team
Value of Coordination
30
16
31
Helpline / Hotline
Of those who have a compliance hotline, who operates the hotline?
Internal
EthicsPoint
The Network
10%
37%
53%
32
17
President
VP
OGC
Board of Regents45%
27%18%
9%
Board of Regents
VP
President
A/C Comm
59%17%
21%
3%
INTERNAL AUDIT
COMPLIANCE
REPORTING STRUCTURES
33
Compliance Officer
Institutional Compliance Committee
Campus Compliance Coordinators
Area
Functional
Area Compliance Committees
FERPAHIPPAInformation Security/PrivacyIRBIACUC
Effective Coordination
34
18
Coordination / Communication
“… take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program,
to the [institution’s employees] by
conducting effective training
programs and otherwise dissemina‐
ting information appropriate to
such individuals' respective roles
and responsibilities.”35
Build a RelationshipRegular group meetings
Annual update meeting with compliance partners
Monthly compliance newsletter.
Summaries of specific laws for university community use
Facilitate training sessions and webinars
36
19
General Counsel
Internal Audit
Compliance
EH&S
Institutional Compliance Committee
Athletics Compliance Committee
Information Security and Privacy Committee
PCI/Banking Security Committee
Institutional Review Board
Athletic Compliance Coordinator
Financial Aid Coordinator
Research Compliance Coordinator
Life Sciences Compliance Coordinator
HIPAACoordinator
FERPA Coordinator
Compliance Planning Group
37
don’t create a . . .
. . . create a team
38
20
Integrating Audit, Compliance, Risk Management, and General Counsel
David GallowayExecutive Director – Office of Compliance and Audit
Brigham Young University
39