University Ethics & Compliance Services

University Ethics & Compliance Services facilitates collaborative efforts among USU compliance owners and partners to identify laws, regulations and policies that impact university operations. Integration of regulatory expectations into our governance and management activities builds trust and sustains excellent programs in a safe and ethical environment. University Ethics & Compliance Services focuses on ensuring equity, transparency and integrity for all members of our community.  Key elements of USU’s compliance program include:

1. Oversight by the President and USU's Governance and Policy Action Council of compliance efforts across the USU system;
2. Development and implementation of compliance activities - including policies and procedures - in accordance with the Compliance Framework ; and
3. Accountability established through the Compliance Matrix, which lists all major regulatory requirements that affect USU, and identifies senior leadership, compliance owners and a network of compliance partners that collaborate to meet regulatory requirements.

Compliance Coordination Working Group

The USU Governance and Policy Action Council oversees compliance activities such as policy development, training and monitoring throughout USU’s programs and activities. Members of this committee include the responsible executives who provide leadership in the key operational areas listed in the Compliance Matrix.

A Compliance Coordination Working Group (CCWG), made up of compliance owners and partners with responsibilities in regulated areas of university operations, work together to assess USU's Compliance Framework and compliance responsibilities and identify gaps in USU's policies, procedures and practices that represent compliance risks to the organization. See the Compliance Topics and Owners list for information about compliance owners at USU.

The Compliance Framework

USU’s Compliance Framework combines concepts from the US Federal Sentencing Guidelines and the Council on Sponsoring Organizations (COSO) Internal Controls Guidance – the two most common models for compliance programs in higher education – to provide a strong foundation for USU’s compliance activities.

The five components of USU’s Framework include:

• Strong leadership throughout the organization. This is referred to by COSO as the “Control Environment,” but at USU it is often referred to as our governance structure. The control environment requires that the tone for integrity and compliance be set at the top, and that all levels of the organization maintain a positive environment that supports USU’s learning, discovery and service missions.
• Risk assessment. The compliance framework complements operational and strategic goals and objectives. Compliance risks are identified and ranked with other risk types, then focused goals and objectives are set to guide USU’s activities.  This work is supported through the Senior Risk Management Committee.
• Policy and procedure infrastructure. Policies, procedures and processes that guide USU employees, students and visitors in their USU-related activities comprise internal controls that ensure the university remains compliant and transparent. These are referred to by COSO as “Control Activities."
• Information and communication. Training and education are central to making sure that the USU community understands and fulfills its commitments.
• Monitoring. Assessing the maturity of USU’s compliance infrastructure is an integral part of identifying any gaps in our compliance activities. Ongoing monitoring - including self-assessments, program reviews and third-party assessments - help USU measure its accomplishments in compliance and integrity. 

The Compliance Matrix

USU’s Compliance Matrix organizes the compliance requirements USU faces into topic areas that are each overseen by a Responsible Executive.   Each regulation and requirement is identified, and a compliance owner is named who has the necessary content knowledge to lead USU’s efforts related to the listed requirement. Partners throughout USU are also listed who will be able to contribute discipline-specific content for those requirements that impact multiple operational areas.

Audit, Risk, and Compliance Committee

The Audit, Risk and Compliance Committee assists the Board of Trustees in carrying out its financial and fiduciary responsibilities. They carry out the responsibilities assigned by the Board and the Utah Board of Higher Education (see Utah Board of Higher Education policy R565), including without limitation: appoint, evaluate performance, and, if necessary, dismiss the institution’s chief audit executive; review with the administration and the chief audit executive the internal audit charter, plans, activities, staffing and organizational structure of the internal audit function; review information regarding the institution’s control environment, means of communicating standards of conduct, and practices with respect to risk assessment and risk management; review the institution’s financial statements, including significant accounting and reporting issues; review with the administration and the external auditors the results of the annual financial statement audit, including audit scope and approach, any restrictions on the auditor’s activities or on access to requested information; and, receive and review internal audit reports and/or periodic summaries of internal audit activities prepared by the chief audit executive.

At least annually, the committee provides a report or minutes of meetings to the full Board of Trustees detailing the committee’s activities and recommendations. The committee also provides an annual report to the Utah Board of Higher Education Audit Subcommittee.