Integrating Audit, Compliance, Risk Management, and General Counsel

Transcription

1 David Galloway Executive Director Office of Compliance and Audit Brigham Young University Integrating Audit, Compliance, Risk Management, and General Counsel 1 2 1

2 3 4 2

3 Coordinate the Chief Compliance Officer s responsibilities with the Office of General Counsel, the Director of Risk Management and the Director of Internal Audit. Coordinate compliance functions in a manner similar to the Office of Internal Audit. Have similar access to, and a reporting relationship with the Board, as does the Internal Auditor. Freeh Report 5 Coordination of Compliance, Legal, Audit, and General Counsel Governance Internal Control Provide Direction Regulatory Burden Velocity of Failure 6 3

4 Governance the policies, processes, structures, and controls used within an organization by all involved to achieve its objectives in an ethical manner. -- Institute of Internal Auditors 7 Governance the constellation of policies, procedures, and decision making units that control [a university] --The Redesign of Governance in Higher Education Rand Institute on Education and Training 8 4

5 Governance An organization such as a university is largely dependent on the exchange relationships that it is involved in --Government Policies and Organizational Change in Higher Education Ase Gornitzka 9 Internal Control Achievement of objectives regarding Reliability of financial reporting Effectiveness and efficiency Compliance with laws and regulations -- COSO Internal Control Framework 10 5

6 11 Heuristic Model If we could first know where we are, and whither we are tending, we could then better judge what to do, and how to do it. Abraham Lincoln (House Divided Speech) 12 6

7 Where Will It End?

8 Where Will It End? 15 C H A N Increasing Regulation Increasing Regulator Audits -- Tax -- Clery Act -- ICE -- EPA Increasing Expectation by Constituents Increasing Risk Velocity of Failure G E in L A N DS C A PE 16 8

9 The Compliance Officer s Role 1. Be involved in establishing the strategy for compliance 2. Be familiar with the expectations for compliance 3. Help ensure integration of internal audit, compliance, the General Counsel, and Environmental Health and Safety 17 Identify the key players Build an effective coordination structure Ensure coordinated efforts impact compliance risks Steps to Managing the Burden 18 9

10 In organizations, real power and energy is generated through relationships. The patterns of relationships and the capacities to form them are more important than tasks, functions, roles, and positions. Margaret Wheatley 19 Compliance Partners 20 10

11 79% General Counsel 32% Compliance 65% Internal Audit 77% Environmental Health & Safety (Risk Management) 21 The challenge decentralized organizations face is finding a way to leverage the knowledge possessed by the departments and disseminate that knowledge to the remainder of the institution. Patrick H. Dunkley (Stanford University) Value of Coordination 22 11

12 23 Compliance Coordination No Coordination Ad Hoc Coordination Formal Coordination 24 12

13 No Coordination Have some compliance structure Assumed Responsibility VP-Student Life assumes responsibility for crime statistics reporting. Financial Aid Department assumes responsibility for federal disclosures No formal coordinating structure 25 Ad Hoc Coordination Silos of compliance Report compliance issues up through their chain of command No regular means for coordinating compliance issues May coordinate efforts where executive management sees the need (H1N1) 26 13

14 Ad Hoc Coordination Unreliable may work for one issue and not all for another Difficult to demonstrate compliance with FSG elements Hampers integration of legal, audit, compliance, and risk management functions 27 Formal-Integrated Compliance Coordination Compliance partners in regular contact Formal agenda Processes for identifying and addressing issues Monitoring to ensure risks are addressed

15 29 Value of Coordination Compliance Coordinator Senior-Level Compliance Team 30 15

16 31 Helpline / Hotline 53% 10% 37% Internal EthicsPoint The Network Of those who have a compliance hotline, who operates the hotline? 32 16

17 18% 9% 27% President VP OGC COMPLIANCE 45% Board of Regents INTERNAL AUDIT REPORTING STRUCTURES Board of Regents VP President A/C Comm 21% 17% 3% 59% 33 Effective Coordination Compliance Officer Institutional Compliance Committee Campus Compliance Coordinators Area Functional Area Compliance Committees FERPA HIPPA Information Security/Privacy IRB IACUC 34 17

18 Coordination / Communication take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the [institution s employees] by conducting effective training programs and otherwise disseminating information appropriate to such individuals' respective roles and responsibilities. 35 Build a Relationship Regular group meetings Annual update meeting with compliance partners Monthly compliance newsletter. Summaries of specific laws for university community use Facilitate training sessions and webinars 36 18

19 Institutional Compliance Committee General Counsel Compliance Internal Audit EH&S Compliance Planning Group Life Sciences Compliance Coordinator HIPAA Coordinator Research Compliance Coordinator Financial Aid Coordinator FERPA Coordinator Athletic Compliance Coordinator Athletics Compliance Committee Information Security and Privacy Committee PCI/Banking Security Committee Institutional Review Board 37 don t create a create a team 38 19

20 David Galloway Executive Director Office of Compliance and Audit Brigham Young University Integrating Audit, Compliance, Risk Management, and General Counsel 39 20