Welcome to Utah State University's Office of Compliance
The Office of Compliance facilitates collaborative efforts among USU compliance owners and partners to identify laws, regulations and policies that impact university operations. Integration of regulatory expectations into our governance and management activities builds trust and sustains excellent programs in a safe and ethical environment. The Compliance Office focuses on ensuring equity, transparency and integrity for all members of our community. Key elements of USU’s compliance program include:
- Oversight by the President and USU's Executive Committee of compliance efforts across the USU system;
- Development and Implementation of compliance activities - including policies and procedures - in accordance with the Compliance Framework ; and
- Accountability established through the Compliance Matrix, which lists all major regulatory requirements that affect USU, and identifies senior leadership, compliance owners and a network of compliance partners that collaborate to meet regulatory requirements.
Executive Committee & Compliance Coordination Working Group
The USU Executive Committee oversees compliance activities such as policy development, training and monitoring throughout USU’s programs and activities. Members of this committee include the responsible executives who provide leadership in the key operational areas listed in the Compliance Matrix.
A Compliance Coordination Working Group (CCWG), made up of compliance owners and partners with responsibilities in regulated areas of university operations, work together to assess USU's Compliance Framework and compliance responsibilities and identify gaps in USU's policies, procedures and practices that represent compliance risks to the organization. See the Compliance Topics and Owners list for information about compliance owners at USU.
The Compliance Framework
USU’s Compliance Framework combines concepts from the US Federal Sentencing Guidelines and the Council on Sponsoring Organizations (COSO) Internal Controls Guidance – the two most common models for compliance programs in higher education – to provide a strong foundation for USU’s compliance activities.
The five components of USU’s Framework include:
- Strong leadership throughout the organization. This is referred to by COSO as the “Control Environment,” but at USU it is often referred to as our governance structure. The control environment requires that the tone for integrity and compliance be set at the top, and that all levels of the organization maintain a positive environment that supports USU’s learning, discovery and service missions.
- Risk assessment. The compliance framework complements operational and strategic goals and objectives. Compliance risks are identified and ranked with other risk types, then focused goals and objectives are set to guide USU’s activities. This work is supported through the Senior Risk Management Committee.
- Policy and procedure infrastructure. Policies, procedures and processes that guide USU employees, students and visitors in their USU-related activities comprise internal controls that ensure the university remains compliant and transparent. These are referred to by COSO as “Control Activities."
- Information and communication. Training and education are central to making sure that the USU community understands and fulfills its commitments.
- Monitoring. Assessing the maturity of USU’s compliance infrastructure is an integral part of identifying any gaps in our compliance activities. Ongoing monitoring - including self-assessments, program reviews and third-party assessments - help USU measure its accomplishments in compliance and integrity.
The Compliance Matrix
USU’s Compliance Matrix organizes the compliance requirements USU faces into topic areas that are each overseen by a Responsible Executive. Each regulation and requirement is identified, and a compliance owner is named who has the necessary content knowledge to lead USU’s efforts related to the listed requirement. Partners throughout USU are also listed who will be able to contribute discipline-specific content for those requirements that impact multiple operational areas.