Beruflich Dokumente
Kultur Dokumente
to Building Effective
Compliance Programs
Lori A. Brown, Seton Hall University
Nikita Williams, TCS Education System
Christopher Myers, Holland & Knight
Program Speakers
Lori A. Brown, Esq.
Director of Compliance & Risk Management
Seton Hall University
South Orange, NJ
Nikita Williams, Esq.
Director of Regulatory Affairs & Compliance
Office of Compliance and Legal Affairs
TCS Education System
Moderator
Christopher Myers, Esq.
Partner, Holland & Knight
Chair, Compliance Services Team
Overview
I. Compliance Background
II. Elements of an Effective
Compliance Program
Session will cover FSG compliance program elements
Suggestions for small institutions and those with limited
resources
I.
Compliance
Background
What is Compliance?
Compliance is a comprehensive program
that helps institutions and their employees
conduct operations and activities
ethically; with the highest level of integrity,
and in compliance with legal and
regulatory requirements.
ACCREDITORS &
AUDITORS
HIGHER ED
ANALYSTS
INSTITUTION
Instituting ERM ratings
criteria for public debt
issuers
DONORS
Organizational Structure
o Centralized vs. Decentralized
o Assignment of Authority and Responsibility
Smaller Organizations
[M]ay meet the requirements of this guideline
with less formality and fewer resources than
would be expected of large organizations. In
appropriate circumstances, reliance on
existing resources and simple systems can
demonstrate a degree of commitment that, for
a large organization, would only be
demonstrated through more formally planned
and implemented systems.
Federal Sentencing Guidelines Manual
Effective Compliance Programs Guidelines Commentary
II. Elements of an
Toolkit:
Federal Sentencing Guidelines for Organizations
Federal Sentencing Guidelines Manual
Federal Sentencing Guidelines Advisory
Committee Report
2010 FSG Amendments
High Level
Personnel
Smaller Organizations
Examples of the informality and use of fewer
resources with which a small organization may
meet the requirements of this guideline include
using available personnel, rather than
employing separate staff, to carry out the
compliance and ethics program.
Board of Trustees
President/Sr Leadership
Internal Audit
Risk Management Committee
Risk
Reports
Provost
Finance/
Legal/
HR
Ext
Affairs
Select
Deans
Risk Mgr
?
Compliance
ERM functional representation, risk management activity support and shared services
College
A
College
B
College
C
Dept A
Dept B
Dept C
Tool Kit:
Reference Materials:
Ethics Resource Center, Leading Corporate Integrity:
Defining the Role of the Chief Ethics and Compliance
Officer, http://www.ethics.org/ (Great free download)
Risk Identification
Process Flow Analysis
o Regulatory analysis
o Responsible Officers
Event Inventories
o Organizational History
o External Context (Stakeholder expectations)
o Events Common to Industry
Facilitated Workshops
Risk Assessment
Inherent Risk
o
o
o
o
o
Strategic
Operational
Financial
Compliance
Reputational
Residual Risk
o Risk after accounting for current internal
controls
Risk Evaluation
Having assessed the risks:
o What is your organizations appetite for risk?
o What are the most important risks to address?
Risk Response
Avoidance
Reduction/Mitigation (Internal Controls)
Sharing (e.g. Insurance)
Acceptance
o Crisis Management Plans
o Business Continuity Plans
o Other Operational Plans
o Development of new policies/procedures
Internal Controls
Organizational/Process Controls (i.e.
separation of duties)
Documentation - written policies and
procedures
Training
Audit Reports
Security and Integrity
Risk Identification
Initial interview/survey with Risk Owner
o Risk Assessment Survey (i.e. Survey Monkey)
What issues/areas of concern that keep them up at
night?
What is the probability of occurrence?
Risk owner impression of impact level
Create a risk registry
Risk Analysis/Evaluation
For the high probability and high impact
risks, do a detailed analysis on the impact or
consequences of the risks.
o
o
o
o
o
o
o
Legal/Compliance
Health & Safety
Reputation
Operational
Social/Behavioral
Physical Environment
Financial
Type of
Assess
Evaluat Mitigate /
Risk
(Severity
e/
(Internal
(i.e..
and
Priorito Control)
Strategic, Probabilit
rize
Operationa
y)
l,
Financial,
Complianc
e,
Reputation
al)
Monito
r and
Update
the
Plan
Compliance Communications
Compliance Communications
More Elements:
Lines of Communication
o Hotlines and Whistleblowers
Smaller Organizations
Examples of the informality and use of
fewer resources with which a small
organization may meet the requirements
of this guideline include . . . training
employees through informal staff
meetings.
Federal Sentencing Guidelines Manual
Effective Compliance Programs Guidelines
Commentary
Lines of Communication
The FSG state that to enhance the
effectiveness of the compliance program,
the program must establish lines of
communication whereby:
Employees and agents may seek
guidance and report concerns, including
the opportunity to report anonymously
There are assurances that there will be
no retaliation for good faith reporting;
Sometimes required by statute, e.g.
Medicare/Medicaid.
Tool Kit
Communication Plan
Policy on University Policy Development
Compliance Complaint Policy
References
Policies:
http://www.acupa.org/resources.html
Training:
of Conduct:
Types of Monitoring
o Line management reviews of risks and their
treatments
o Internal auditing
o External auditing
Smaller Organizations
Examples of the informality and use of fewer
resources with which a small organization may
meet the requirements of this guideline
include . . . monitoring through regular walkarounds or continuous observation while
managing the organization.
Federal Sentencing Guidelines Manual
Effective Compliance Programs Guidelines
Commentary
Response to Monitoring
After monitoring and auditing of the
compliance program, the organization shall
take reasonable steps to:
Respond appropriately to any violations of the law
or policies to prevent future misconduct;
Modify and improve the organizations compliance
and ethics program.
Make restitution when appropriate if criminal
conduct is found
Compliance Monitoring
References:
COSO Monitoring
http://www.coso.org/documents/COSO_Guidance_On_Mo
nitorg_Intro_online1.pdinf
Develop An Institutional
Compliance Calendar
Create universal template
Divisions input statutes and
regulatory compliance
University wide inventory of dates for
compliance
Responsibility
Completio
n Date
Higher Ed
Tax
Employment
Financial/Aud
it
Other
Responsibl
e Office
Requirement
Deadline
Status
FIRST QUARTER
Questions?