Federal Student Aid Program Participation Agreement A Work Plan for Compliance Officers David Galloway, Director, Office of Audit, Compliance, and Ethics Kimberly Fearney, Director of Compliance/Ethics Liaison University of Connecticut 1 Federal Student Financial Aid and Grants 2 1
Agree to comply with Gainful Employment Rules Drug Free Schools/Workplace Acts FTC Voter Registration Title IX Sanctions Checks Clery Crime Statistics/Emergency Procedures 3 Institutional eligibility Code of conduct Processing procedures such as needs analysis, eligibility, etc. Financial responsibility and administrative capability Disclosures to students Information reporting requirements State authorization Accreditation Definitions: academic year, credit hour, etc. Records retention requirements Financial aid counseling No incentive payments 4 2
What else? Drug Free Schools Act Drug Free Workplace Act Clery Act Title IV of the Civil rights Act of 1964 (race, color or national origin) Title IX of the Education Amendments of 1972 (sex discrimination) FERPA 504 of the Rehabilitation Act of 1973 (accessibility) Age Discrimination Act of 1975 Safeguarding Customer Information (GLBA) Financial Aid Regulations 5 What else? Administrative Capability Financial Responsibility Provide Information (IPEDS+) Athletic Participation Disclosures Gainful Employment Provisions Copyright and DMCA Compliance Programs Voter Registration Program Lobbying 6 3
Six year Cycle Recertification Compliance w/ Statute and Regulations 6 5 Core Elements 1 2 3 4 7 Core Elements Ninety days to submit a new PPA for recertification. Signed by the President May be given provisional status. 8 4
SCCE Higher Education Compliance Conference Core Elements Covers all locations May be sanctions (1) An emergency action. (2) The imposition of a fine. (3) The limitation, suspension, or termination of the participation of the institution in a Title IV, HEA program. 9 What next? Use the PPA to identify key areas for compliance work plan Assess the key areas Develop action plan to address improvements Implement the action plan 10 5
Broad Compliance Structure: Representative Schools 1. Academic Programs 2. Asses Management 3. Athletics 4. Campus Security 5. Civil Rights Non Discrimination Harassment Diversity Accessibility 6. Communications 7. Contracts 8. Development/Advancement 9. Dining Services 10. Disability Services 11. Emergency Management 12. Environmental Health and Safety 13. Employee Welfare Benefit Plan 14. Federal and State Disclosure 15. Financial Aid 16. Fiscal Management 17. Governance 18. Grants/Research Administration 19. Human Resources 20. International 21. Intellectual Property 22. IT/Computing 23. Records Management 24. Research 25. Student Affairs 26. Student Health 27. Tax 28. FTC Broadcast Rules 1. Environmental Health and Safety 2. Research Administration 3. Human Resources 4. Accessibility 5. Athletics 6. Tax 7. Donor Gift Restrictions 8. Immigration 9. Technology Transfer 10. Investments 11. Information Security and privacy 12. Campus Security 13. Student Life 14. Financial Controls 15. Controlled Substances 16. Land Use/Planning 17. Biohazards 11 HIGHER EDUCATION COMPLIANCE ALLIANCE 12 6
Higher Education Compliance Alliance 1 1. Academic Programs 2. Accounting 3. Accreditation 4. Admissions 5. Athletics 6. Auxiliary Services 7. Campus Safety 8. Contracts & Procurement 9. Copyright & Trademark 10. Disabilities 11. Diversity/Affirmative Action 12. Environmental Health and Occupational Safety 13. Ethics 14. Export Controls 15. Financial Aid 16. Fund Raising and Development 17. Governance 18. Grants Management 19. Health Care & Insurance 20. Housing 21. Human Resources Discrimination 22. Human Resources Benefits 23. Human Resources Recruitment, Hiring, Termination 24. Human Resources Retirement 25. Human Resources Unions 26. Human Resources Wages 27. Immigration 28. Information Technology 29. Intellectual Property and Technology Transfer 30. International Activities and Programs 31. Lobbying and Political Activity 32. Privacy and Information Security 33. Program Integrity Rules 34. Research 35. Sexual Misconduct 36. Tax 1 http://www.higheredcompliance.org/ 13 14 7
15 So, what do I tell the president? Reasonable assurance Evidence of compliance 16 8
PPA Evaluation Drug Free Schools/Workplace 17 PPA Evaluation Drug Free Schools/Workplace 18 9
Compliance Convergence Maturity Model Process Organization Information Technology Level 1 Initial Compliance processes are unstructured with no deliberate effort to enable compliance via operational processes. No formal compliance structure exists. Ad hoc, compliance roles are scattered throughout in the organization with little or no collaboration. Compliance data, metrics and indicators exist only in isolated pockets and lack any formal or common definition. Little to no automation support is available for compliance activities. Level 2 Repeatable Some compliance processes are defined and documented. Ad hoc efforts are made to identify potential compliance enablers in operational processes. A compliance structure has been formally implemented and role/responsibilities have been identified. Informal or ad hoc collaboration occurs. Compliance information policies have been defined along with formal (if not common) compliance data, metrics and indicators. Partial or sporadic automation of compliance activities has been implemented, with no significant integration. Level 3 Defined Core compliance processes are documented and well defined with some integration of effort across operational processes. A common compliance structure has been deployed. Compliance roles are executed per defined responsibilities. Critical decisions are made via collaboration of similar roles. Commonly defined compliance data, metrics and indicators are shared and have been integrated into compliance processes. Internal benchmarking is performed. Core compliance activities have been automated with use of some common tools. Little or no integration of compliance and operations support technology. Compliance Convergence Maturity Model 2009 Matthew Pedowitz, used by permission. Level 4 Managed Compliance processes are repeatable and consistent, with compliance enablers integrated within operational processes. A normalized, integrated compliance structure has been fully implemented. All like roles execute to commonly defined performance levels and within collaborative communities. Compliance data, metrics and indicators are common across the business and integrated into operational processes. Internal and external benchmarking is performed. Compliance activities are fully automated using common tools integrated with operations support technology. Compliance reporting can be automatically generated. Level 5 Optimized Compliance processes are continuously optimized and innovation encouraged. A compliance CDE or equivalent has been implemented. Information drives decision making at all levels. An automated, real time compliance dashboard is available. 19 Federal Sentencing Guidelines Management Commitment Identify Requirements Define Standards Document Standards Communicate Standards Implement Policies Monitoring and Auditing Level 1 Initial Level 2 Repeatable Level 3 Defined Level 4 Managed Level 5 Optimized Management has assigned the responsibility and committed the resources to achieve the compliance objectives. The legal requirements are identified and understood The applicability of the legal requirements to the institution are understood and accepted Policies and procedures are in place that, if followed, would help ensure compliance with the legal requirements. The standards, policies, and procedures have been effectively communicated to all who have a compliance responsibility. The requirements of the policies and procedures have been implemented in a manner that will help ensure continuity of compliance. Monitoring and audit processes are being conducted to help ensure compliance. 20 10
SCCE Higher Education Compliance Conference COSO Model (ERM) Level 1 Initial Level 2 Repeatable Level 3 Defined Level 4 Managed Level 5 Optimized Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information/ Communication Monitoring 21 PPA and the Role of Compliance photo by Becky Parker 22 11
Compliance Partners Provost/Chancellor Financial Aid IT Enrollment Management Athletics Health & Safety Research Diversity & Equity Human Resources.. 23 Committees What can compliance offer? Unique global perspective Help frame policy, training, etc. 24 12
EDUCATION Employees in the trenches want to comply with the rules Know how the system works and when there may be a problem Using frequently asked questions to create training Support from senior administrators 25 It s all in the Approach Legal/regulatory with Faculty Include the Who and the Why Real life examples of consequences of non compliance Subject matter expertise is a plus We re here to help 26 13
Policies Use the policy process to address compliance with PPA Evaluate existing policies What makes sense? Reach out to peers Fill the gaps 27 Case Study 2008 Higher Education Opportunities Act Professional Resources (ex. NACUA) Committee www.heoa.uconn.edu 28 14
29 Resources 2014 2015 Federal Student Aid Handbook, Volume 2 School Eligibility and Operations (http://ifap.ed.gov/fsahandbook/1415fsahbkvol2.html) Higher Education Compliance Alliance http://www.higheredcompliance.org/ National Association of College and University Attorneys http://www.nacua.org/ 30 15
Federal Student Aid Program Participation Agreement A Work Plan for Compliance Officers David Galloway, Director, Office of Audit, Compliance, and Ethics Kimberly Fearney, Compliance and Ethics Officer University of Connecticut 31 16