USU Compliance Framework

What is a Compliance Framework?

Utah State University (USU) employs a framework for its compliance programs based on the Committee of Sponsoring Organizations (COSO) internal control framework.  COSO’s framework is referenced in the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (the Uniform Guidance) issued by the US Office of Management & Budget.  It is recommended for institutions receiving federal funds as guidance for establishing internal control systems, which are required for organizations to meet federal regulatory expectation.  The COSO framework outlines five core areas that represent the concepts required to establish an effective compliance program:

  • The Control Environment
  • Risk Assessment
  • Control Activities – Policies, Procedures and Internal Controls
  • Training & Outreach
  • Monitoring and Accountability

USU's Compliance Cycle

USU's Compliance Cycle, including monitoring and accountability, control environment, risk assessment, control activities--policies and procedures, as well as training and outreach
USU's Compliance Cycle includes monitoring and accountability, control environment, risk assessment, control activities (policies and procedures), as well as training and outreach.

In addition to the COSO framework, additional guidance is provided by the US Department of Justice (DOJ), the agency that often is tasked with providing oversight of compliance with federal regulations within US Institutions of Higher Education. DOJ’s most recent guidance document, entitled “Evaluation of Corporate Compliance Programs,” is based on the US Sentencing Guidelines, and lists several practices that characterize effective compliance programs. The USU document, DOJ Evaluation "Hallmarks Summary” summarizes a number of these best practices in three key areas that guide USU’s development of compliance activities. The USU’s compliance framework is responsive to both COSO and DOJ guidance.

Improving USU Compliance Using the Compliance Cycle

Based on the COSO Framework, USU assesses compliance program implementation by examining each component and identifying elements that represent USU’s risks and opportunities.  The process is an example of using risk assessment techniques to identify elements in each component that will become targets for improvement.  The USU executive team directs the development of USU’s comprehensive Compliance Framework, and oversee implementation.  Working groups and ad hoc task forces are assigned as needed to develop policy and guidance documents that administrators and employees utilize to protect USU’s interests.

Area of Recent Activity by the Compliance Office

Informed by the Compliance Framework, the USU Compliance Office supports several initiatives to provide stronger governance and improve USU systems: