Elements of NC State’s Compliance and Integrity Program
Consistent with the Mission, Vision and Values of NC State, the following principles have been recognized by the University Compliance Steering Committee as important elements for an effective compliance and integrity program:
- A top-down division of ownership and accountability among university personnel with compliance roles and responsibilities;
- Rapid response and prevention protocols, including prompt investigations and appropriate corrective actions to prevent similar offenses when detected;
- Maintaining open lines of communication, including an anonymous reporting mechanism for employees to report in good faith possible compliance issues without fear of retaliation;
- Internal monitoring and decentralized oversight of university risks that utilizes metrics and centralized data collection;
- Incorporation of the University’s core values into the culture of ethics and integrity at NC State;
- Periodic review and evaluation of policies, regulations and rules impacting university compliance functions;
- Established foundational dataset and responsibility matrix that identifies and publishes, both internally and externally, compliance subject matter areas and compliance owners;
- Effective training and education on compliance subject matter and university-wide ethical standards; and
- A robust branding initiative.
The success of NC State’s Compliance and Integrity Program (Program) is predicated on leadership’s embrace of a culture of compliance and the identification of key goals toward the attainment of the University’s compliance objectives. The Program, driven by leadership, emphasizes the University’s commitment to integrity, a culture of compliance, and the promotion of the highest ethical standards for all employees. Consistent with NC State’s values and strategic goals, the Program is designed to create a culture of constant improvement in order to achieve excellence. Achieving excellence requires constant attention, self-assessment and a commitment to improvement. In order to provide leadership and oversight of the Program, the University Compliance Steering Committee and Compliance Officials Working Group have been created. The University Compliance, Ethics, & ERM Officer position has been established to direct and manage the Program.
The University Compliance Steering Committee provides executive leadership and oversight of the Program, with a mission of promoting excellence in NC State’s efforts to comply with its legal, regulatory, and ethical responsibilities. The Steering Committee is responsible for approving the University’s ethics, compliance, and training priorities and has oversight responsibility for the University’s compliance efforts. The Chancellor has designated the Steering Committee as the primary point-of-contact on organizational compliance matters with the Audit, Risk Management and Finance Committee of the Board of Trustees.
Members of the University Compliance Steering Committee:
- Executive Vice Chancellor and Provost (Chair)
- Vice Chancellor for Finance and Administration
- Vice Chancellor for Information Technology
- Vice Chancellor for Research and Innovation
- Vice Chancellor and General Counsel
The Steering Committee has appointed a Compliance Officials Working Group comprised of officials with executive responsibility for key compliance areas across the University. The mission of the Working Group is to assist the Steering Committee in promoting a culture and understanding of and adherence to applicable federal, state, and local laws and regulations, as well as University policies, regulations and rules (PRRs). The Working Group provides compliance leadership in the University’s academic and administrative units and ensures effective communication and collaboration among employees responsible for compliance.
Members of the Compliance Officials Working Group:
- Chief Information Security Officer, OIT
- Director, Information Security Risk and Assurance, OIT
- Associate Vice Chancellor for Sponsored Programs and Regulatory Compliance Services
- Director, Research Compliance
- Associate Vice Chancellor for Human Resources and Chief Human Resources Officer
- Senior Associate Athletic Director for Compliance
- Director of Outreach, Communications, and Consulting, OIT
- Associate Vice Chancellor for Environmental Health and Public Safety
- Vice Provost for Institutional Equity and Diversity
- Senior Associate Vice Chancellor, DASA
- Vice Provost for Assessment and Accreditation
- Vice Provost for Global Engagement
- Senior Vice Provost for Enrollment Management and Services
- University Controller
- Chief Audit Officer and Director, Internal Audit Division (Ex Officio)
- Deputy General Counsel (Ex Officio)
A key to the success of a decentralized compliance program is the identification of compliance ownership and employee responsibilities. Units on campus with compliance ownership will identify individuals in three tiers: Level 1 – Responsible Officials; Level 2 – Supervisors; Level 3 – Points-of-Contact. This three tiered compliance ownership approach requires units to clearly define and communicate compliance roles and responsibilities for identified positions.
At each level, the identified employees will be evaluated and assessed on their commitment to attaining their compliance objectives. This includes discussing the importance of compliance responsibilities to direct reports, establishing an evaluative criteria to measure compliance attainment, and using data to assess compliance efforts.
NC State Policies, Regulations and Rules (PRRs) will be continually updated and reviewed to ensure policies align with compliance expectations for compliance owners. Additionally, compliance owners should engage in developing standard operating procedures, best practices, and refine internal guidelines and standards. These materials should be reviewed on a periodic basis. Visit the Office of General Counsel’s website for Guidelines for Drafting Polices, Regulations, and Rules (PRRs).
In order to effectively identify the university’s compliance landscape, a responsibility matrix will be maintained and regularly updated. The responsibility matrix provides a listing of key compliance areas and the responsible senior leaders and primary operational units. The development of the matrix assists in identifying areas of improvement in the university’s compliance objectives and the assignment of compliance ownership to the appropriate unit and individuals on campus charged with the leading the efforts of attaining excellence in those compliance areas.
Effective communication, education and training are necessary to ensure that all campus constituents are knowledgeable and understand the applicable laws, regulations and university PRRs that apply to them. The university will engage in centrally tracking employee training participation. Training and education opportunities should include rich content development and a comprehensive multimedia presence which utilizes a variety of educational mediums. This includes web-based training tools and offered in-person training for mandatory and voluntary education programs.
Branding and Marketing
The Program includes a branding and university marketing component to engage and inform the campus community. Branding and marketing will cultivate the university’s culture of compliance and integrity. This includes a communication strategy; robust website development and presence; promotional materials and messaging from university leaders.
Ethics and Values
The Program will develop and promote a university culture code to highlight the university’s values and are integrated into decision-making on campus.
Monitoring and Metrics
Compliance owners will collect and centrally report data and metrics to identify strengths in compliance activity and areas for enhancement. Additionally, owners should develop action and response plans to risk areas and focus on continuous review of high risk areas.
The centralized data collection of compliance metrics will be periodically reported to leadership in order to assist in the review and evaluation of the Program’s effectiveness. When appropriate, modifications will be made to the Program.
Response and Prevention
The university will continue to have open lines of communication, including anonymous reporting of compliance issues on campus. It is imperative that prompt and thorough investigations of any compliance issues are handled swiftly and diligently after an incident. This includes real time communication and updates with the University Compliance, Ethics, and ERM Officer.
Following any incident, the University Compliance, Ethics, and ERM Officer and the impacted unit(s) will engage in after-action reviews of how incidents were handled and identify any areas or opportunities for continual improvement. Each compliance owner will adopt rapid response protocols and identify thorough communications channels to help address incidents as they arise.