USU Compliance Framework
What is a Compliance Framework?
Utah State University (USU) employs a framework for its compliance programs based on the Committee of Sponsoring Organizations (COSO) internal control framework. COSO’s framework is referenced in the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance) issued by the US Office of Management & Budget. It is recommended for institutions receiving federal funds as guidance for establishing internal control systems, which are required for organizations to meet federal regulatory expectation. The COSO framework outlines five core areas that represent the concepts required to establish an effective compliance program:
- The Compliance Structure & Culture
- Risk Assessment
- Internal Controls – Policies, Procedures and Guidance
- Training & Outreach
- Incident Response, Monitoring and Quality Improvement
USU's Compliance Cycle
In addition to the COSO framework, additional guidance is provided by the US Department of Justice (DOJ), the agency that often is tasked with providing oversight of compliance with federal regulations within US Institutions of Higher Education. DOJ’s most recent guidance document, entitled “Evaluation of Corporate Compliance Programs,” is based on the US Sentencing Guidelines, and lists several practices that characterize effective compliance programs. The USU document, DOJ Evaluation "Hallmarks Summary” summarizes a number of these best practices in three key areas that guide USU’s development of compliance activities. The USU’s compliance framework is responsive to both COSO and DOJ guidance.
Improving USU Compliance Using the Compliance Cycle
Based on the COSO Framework, USU assesses compliance program implementation by examining each component and identifying elements that represent USU’s risks and opportunities. The process is an example of using risk assessment techniques to identify elements in each component that will become targets for improvement. The USU executive team directs the development of USU’s comprehensive Compliance Framework, and oversee implementation. Working groups and ad hoc task forces are assigned as needed to develop policy and guidance documents that administrators and employees utilize to protect USU’s interests.
Area of Recent Activity by University Ethics & Compliance
Informed by the Compliance Framework, the University Ethics & Compliance office supports several initiatives to provide stronger governance and improve USU systems:
- HIPAA Working Group - develops policies and procedures to guide USU protections of Protected Health Information
- University Policy Committee - supporting a broad effort to strengthen USU's policy management process.
- Compliance Matrix - a comprehensive listing of federal and state regulations that impact USU. The Matrix facilitates collaboration among units and accountability in a shifting regulatory environment.