Compliance and Integrity Program Plan
The Compliance and Integrity Program Plan outlines and describes the details of the Program, including key roles and responsibilities and program attributes and activities. The Plan is intended to by dynamic, capable of adapting to changes in the implementation of an effective compliance and integrity program, the university’s mission, vision, values, and strategic goals, and the continually evolving regulatory landscape.
Introduction and Purpose of NC State’s Compliance and Integrity Program
North Carolina State University (“NC State”) is committed to creating and sustaining a university-wide culture of compliance and ethical conduct. Compliance means not only abiding by the applicable laws, regulations, policies, and ethical values in the performance of obligations and duties, but also having various polices, practices, and procedures in place which support the coordination, management, and monitoring of these established standards.
NC State operates in an increasingly complex regulatory environment, which requires the University to sharpen its focus on accountability and ensure compliance with our legal and ethical responsibilities. In a university setting, compliance is less about regulating individual behavior. Instead compliance is more about understanding applicable regulatory requirements that apply to university activities as an institution and ensuring the institution meets them. Because NC State engages in such a broad range of activities, the number and scope of applicable requirements is vast.
NC State’s Compliance and Integrity Program (Program) is designed to promote the University’s values and strives to integrate these values into its daily and long-term decisions and actions related to its educational, research, and business practices. The success of NC State’s Program is predicated on the University’s embrace of a culture of compliance and the identification of key goals toward the attainment of the University’s compliance objectives. Consistent with NC State’s values and strategic goals, the Program is designed to create a culture of constant improvement in order to achieve excellence.
The ultimate goal of the Program is to enhance compliance consciousness in the campus community by helping NC State’s faculty, staff and other community members perform their roles and responsibilities to the best of their ability and with the highest level of integrity. The Program is an enterprise-wide commitment that requires contributions from everyone to ensure its success.
The creation of the Program and this Compliance Plan demonstrate NC State’s commitment to meeting our legal and regulatory responsibilities, as well as fostering a culture that promotes ethical conduct and the university’s values. Learn more about the program’s attributes and activities.
Governance and Oversight
NC State’s Program, driven by the Chancellor’s leadership, emphasizes the University’s commitment to integrity, a culture of compliance, and the promotion of the highest ethical standards for all employees. Two organizational groups, the University Compliance Steering Committee and Compliance Officials Working Group were created to provide leadership and oversight of the Program. Together these two groups provide sufficient supervision of the Program and establish a vast body of compliance, ethics, and risk knowledge.
NC State’s Compliance Oversight structure originates out of the Office of General Counsel, which helps to facilitate compliance activities and initiatives for the entire university.
- Board of Trustees Governing oversight and accountability for the Program are established through the Board of Trustees’ Audit, Risk Management, and Finance Committee. This Committee provides advice and recommends actions to establish the overall University tone for the Program, including quality financial reporting, sound business risk practices, ethical behavior, establishing risk tolerance, and facilitating a compliant and ethical culture.
- University Compliance Steering Committee
Appointed by the Chancellor, the University Compliance Steering Committee (“Steering Committee”) provides executive leadership and oversight of the Program, with a mission of promoting excellence in NC State’s efforts to comply with its legal, regulatory, and ethical responsibilities. The Steering Committee is responsible for approving the University’s ethics, compliance, and training priorities and has oversight responsibility for the University’s compliance efforts. The Steering Committee is tasked with identifying compliance risks and threats posed to the University and then implement mitigating programs designed to minimize such threats.
- Compliance Officials Working Group
The Steering Committee has appointed a Compliance Officials Working Group comprised of officials with executive responsibility for key compliance areas across the University. The mission of the Working Group is to assist the Steering Committee in promoting a culture and understanding of and adherence to applicable federal, state, and local laws and regulations, as well as University policies, regulations and rules (PRRs). The Working Group provides compliance leadership in the University’s academic and administrative units and ensures effective communication and collaboration among employees responsible for compliance.
- Responsible Officials, Supervisors, and Points-of-Contact
NC State’s Program is further premised on the identification of compliance ownership and employee responsibilities at the unit level. Units on campus with compliance ownership (“compliance owners”) identify individuals in three tiers for compliance areas: Level 1 – Responsible Officials; Level 2 – Supervisors; and Level 3 – Points-of-Contact. This three tiered compliance ownership approach requires units to clearly define and communicate compliance roles and responsibilities for identified positions. The responsibilities for these Levels include:
- Level 1: Responsible Officials
- Fostering an atmosphere of ethics, integrity, and compliance;
- Demonstrating commitment and visible willingness to let values drive decisions and articulate expectation that others should do the same;
- Exercising effective compliance and integrity oversight and monitoring;
- Integrating compliance and integrity expectations into performance evaluation criteria for direct reports with compliance obligations; and
- Ensuring each Supervisor establishes, communicates, and evaluates compliance expectations for each Point-of-Contact employee.
- Level 2: Compliance Supervisors
- Ensuring a corresponding Point-of-Contact employee is identified for each compliance area;
- Establishing and communicating compliance and integrity expectations to each Point-of Contact and other direct reports;
- Utilizing metrics to assess Point-of-Contact employees’ efforts in achieving compliance and integrity objectives;
- Identifying opportunities for creating a culture of constant improvement;
- Creating an environment where employees feel comfortable reporting misconduct; and
- Emphasizing that a commitment to compliance is more important than a commitment to results; the means are as equally important as the ends.
- Level 3: Unit Point of Contact
- The Point-of-Contact employee is the subject-matter-expert for their specific compliance area;
- Developing and communicating PRRs, SOPs, and best practices for compliance and integrity attainment;
- Developing subject matter information, resources and training content;
- Coordinating with compliance partners to move the entire network towards the attainment of compliance and integrity objectives;
- Striving for the attainment of the compliance and integrity objectives; and
- Acting ethically in all endeavors and report known or suspected incidents of misconduct.
- Level 1: Responsible Officials
Compliance Policies and Procedures
NC State has established policies covering nearly all areas and activities of the University which help to create a system of compliance and internal controls. NC State’s Policies, Regulations and Rules (PRRs) reflect regulatory and institutional requirements, clarify responsibilities, and set expectations for conducting University operations. NC State’s PRRs are made available through the University’s PRR website and are presented in a searchable format. These PRRs are continually updated and reviewed to ensure policies align with compliance expectations for compliance owners. Additionally, University units with compliance responsibilities engage in developing standard operating procedures, best practices, and refining internal unit guidelines and standards. These materials are reviewed on a periodic basis.
Creating a Safe and Ethical Environment
NC State uses reasonable efforts to ensure any person within the University’s leadership, and other positions with authority, have not engaged in illegal activities or other conduct inconsistent with the Program. As part of NC State’s pre-employment screening process, offers of employment are contingent upon an applicant’s successful completion of background checks applicable for the position. Volunteers working with minors, and current employees accepting new duties or change duties, must also successfully complete a background check. In addition, employees are required to report any criminal conviction to their supervisors within five (5) days of such conviction and will be subject to a further background check. (see REG 05.55.08— Background Checks)
Promotion of Ethics and Integrity
NC State’s PRRs provide guidance and standard practices for conducting the university’s activities with honesty and integrity. These PRRs may subject students, employees, and volunteers who engage in unethical behavior, or behavior in violation of applicable laws or University policies to discipline. The Program also promotes the University’s Culture Code to be integrated into decision-making on campus. The Culture Code highlights the University’s six core values and emphasizes positive cultural activities and behaviors. The goal is to elevate NC State’s reputation as a place where employees not only enjoy where they work but also take pride in the University and its culture. Each campus unit is further responsible for establishing standards and procedures, policies and guidelines to promote operational excellence through ethical behavior. These standards, procedures, and policies should encourage commitment to the University’s Culture Code and other University standards and unit guidelines for performance and conduct.
University units are expected to have an understanding of the qualifications and associations of outside contractors or partners. Unit Points-of-Contact should perform due diligence by conducting screening or vetting of these contractors and partners using appropriate federal and state resources and databases. Unit Points-of-Contact should also ensure that the contract specifically describes the services to be performed and that the third-party is actually performing the work. Management of any compliance or liability risk concerns with these contractors or partners should be attempted to be transferred or mitigated by contract. In addition, based on subject matter and where necessary, compliance owners should require outside contractors or partners to grant NC State audit rights to the documents, books, and accounting related to the contractor or partner’s performance of the agreement.
Communications and Training
NC State engages in efforts to communicate its compliance and integrity policies and standards to University leadership, compliance owners, and all appropriate NC State employees. Effective communication, education and training are necessary to ensure that all campus constituents are knowledgeable and understand the applicable laws, regulations and University PRRs that apply to them. Education and training are fundamental to raise awareness of ethics and compliance requirements, responsibilities in fulfilling the requirements, and the consequences of noncompliance.
Training and Education
Training and education programs are included as both educational and mitigation actions as part of the Program. General and specific trainings are provided so that NC State employees understand their legal and ethical obligations and responsibilities, as well as related risks, in the performance of their job duties and areas of expertise. Training and education programs are also utilized to manage any required federal, state, or University certification requirements, provide updates on best practices in fields, as well as to provide awareness for regulatory or statutory changes, or even new business trends.
Training and education opportunities include rich content development and a comprehensive multimedia presence which utilizes a variety of educational mediums. These methods of training include web-based training tools and offered in-person training for mandatory and voluntary education programs, which should be tailored to the participant’s sophistication and subject matter expertise. Training should include lessons learned from previous compliance incidents, both those occurring at NC State or at other universities.
NC State has begun centrally tracking employee training participation to ensure our employees receive training in their relevant and responsible compliance areas. Examples of compliance training at NC State include training for new employees as part of an employee onboarding program (administered by the Division of Human Resources), as well as trainings on the Clery Act, Responsible Employees under Title IX, and Responsible Conduct in Research. For some employees and individuals, certain types of training is mandatory (for example, Clery training is required for Campus Security Authorities). Learn more about other University compliance and integrity training.
The Program includes a branding and university marketing component to engage and inform the NC State community. Branding marketing initiatives for the Program continue to build a culture of compliance and ethics behavior by reinforcing NC State’s commitment to embracing the “tone at the top” as well as building an environment which supports a culture of compliance. In addition, the Program’s communication and marketing strategy helps to raise awareness of ethics and compliance requirements, including information on new regulatory requirements and emerging risks. The Program’s marketing includes robust website development and presence (at compliance.ncsu.edu), promotional materials, and messaging from University leadership.
Review and Monitoring
Everyone in the NC State community is responsible for complying with the laws, regulations, and University PRRs, and acting in an ethical manner in all endeavors. Living our University value of integrity also means making reports when individuals in the community see or hear concerning behavior. Compliance functions at NC State are integrated into the activities that take place across our campuses every day. For instance, compliance owners work within many units, such as SPARCS, Athletics, and Finance and Administration. In addition to the individual responsibilities of unit compliance owners, the following are mechanisms within the Program by which NC State is able to review and monitor compliance.
Periodic Review of Compliance Objectives
The Program’s compliance owners, including Responsible Officials and Compliance Supervisors will collect and centrally report data and metrics to identify strengths in compliance activities and areas for enhancement. Additionally, the compliance owners are responsible for developing action and response plans to risk and focus on continuous review of high risk areas. The centralized data collection of compliance metrics will be periodically reported to University leadership, including the Board of Trustees and University Compliance Steering Committee, in order to assist in the review and evaluation of the Program’s effectiveness. When appropriate, modifications will be made to the Program.
A key to the success of the Program is the identification of employees with compliance oversight and ownership. For Responsible Officials, Supervisors, and Points-of-Contact, as described in Governance and Oversight above, the identified employees will be evaluated and assessed on their commitment to attaining their compliance objectives. Learn more about this division of employee accountability. The evaluation and assessment includes discussing the importance of compliance responsibilities to direct reports, establishing an evaluative criteria to measure compliance attainment, and using data to assess compliance efforts.
NC State is committed to an environment where open, honest communications are the expectation, not the exception. NC State wants all members of the University community, regardless of their position, to feel comfortable in approaching a supervisor or manager with their concerns.
NC State encourages the campus community to report concerns directly to a supervisor or manager through the offices responsible for investigating these concerns. These offices include, among others, the Office of Institutional Equity and Diversity (OIED), Human Resources (HR), Internal Audit Division (IAD), or other responsible offices as appropriate. A list of responsible offices that investigate reports of concerns, including contact names and information are available.
Reporting compliance and integrity concerns is also available through the EthicsPoint hotline. The EthicsPoint hotline supplements existing reporting mechanisms, providing an additional means of reporting including through anonymous reports. Neither NC State nor EthicsPoint tracks the origin of online reports. Individuals submitting reports are not required to enter their name or contact information when submitting a report through EthicsPoint. Individuals desiring to report using EthicsPoint, can either make the report by phone, 1-844-599-8786, or online by going to ncsu.ethicspoint.com and following the provided instructions.
NC State asks that individuals who are making a report to the university provide as much detailed information about their concern as possible so that the university can adequately investigate and/or respond to the matter. Due to the nature of certain reports, NC State may be limited in its ability to follow-up on anonymous reports where it cannot ask additional questions of the reporting party.
NC State is committed to protecting individuals who report concerns. If provided, the identification of any individual making a report will be treated as confidentially as possible. Reporting suspected violations of laws, policies, regulations or rules is a protected activity under federal and state laws, as well as University policy. Any adverse action (including intimidation, threats, or coercion) taken against an individual because the individual reported a concern constitutes retaliation and is strictly prohibited. For more information on Whistleblower Protections, please see the 3D Memo from the Executive Vice Chancellor and Provost.
Prevention, Response and Enforcement
As stated throughout this Compliance Plan, NC State is committed to a culture of compliance and ethical conduct. The University will maintain open lines of communication, including anonymous reporting of compliance issues on campus. In helping to achieve the Program’s purpose, each University compliance owner is responsible for adapting rapid response protocols that are uniquely developed based on the compliance issues, and identifying thorough communications channels to help address incidents as they arise. These rapid response and prevention protocols require prompt investigations and appropriate corrective actions, including employee discipline (regardless of position or title) if necessary, to prevent similar offenses when compliance and integrity violations are detected. Investigations into these types of possible issues includes real time communication and updates with the appropriate NC State officials.
Following any incident, the appropriate University officials and the impacted unit(s) will engage in after-action reviews of how incidents were handled and identify any areas or opportunities for continual improvement.
In order to effectively identify and maintain NC State’s Program and compliance landscape, a responsibility matrix for compliance areas is maintained and regularly updated. The responsibility matrix serves as a foundational dataset identifying all of the NC State’s compliance obligations. The development of the matrix assists in identifying areas of improvement in the University’s compliance objectives and the assignment of compliance ownership to the appropriate unit and individuals on campus charged with the leading the efforts of attaining excellence in those compliance areas. View NC State’s Compliance Matrix.