Compliance Matrix Lifecycle

Adopt Compliance Matrix

Initially approved as a USU Guidance Document by all Responsible Executives & Executive Committee.

Annual Assessment

In July of each year the Director of Ethics and Compliance Services (DECS) or Designee will review the Higher Education Compliance Alliance (HECA) Compliance Matrix to compare USU entries to national norms.  When new requirements are identified, they will be vetted using the Compliance Item Adoption Process outlined below.

Ongoing Assessment

In addition, HECA provides periodic updates via an email service when substantive new regulations or modifications to existing regulations are made.  These will be vetted through the Compliance Item Adoption Process as well.

Each Compliance Owner (CO) and Responsible Executive (RE) will: 1) have access to their compliance category within OU, or 2) will have an assigned person within their functional area that will have access, or 3) may forward to the Ethics and Compliance Services Office any regulatory change they identify as a result of information they gather through their own networks.

If the change requires only management within the CO functional area, the change may be made as the information is gathered with notification to the DECS.  If additional partners will be needed, CO and/or RE should contact the CO to arrange for collaboration with appropriate compliance partners, as outlined in the Compliance Item Adoption Process.

The Compliance Item Adoption Process

  • Identify a new or amended regulation, or change responsibility for a compliance item
  • Consider the regulation based on the level of likelihood and the level of impact of the risk arising from it
  • Identify stakeholders that will be affected
  • If more than a single unit is impacted, identify likely compliance owners
  • Identify potential compliance partners as appropriate
  • For risks that are moderate or high,
    • If only one unit is impacted place the regulation on the matrix and assign the compliance owner. Notify the DECS of the addition.
    • If multiple units are affected, or the compliance will be otherwise complex, an ad hoc committee of affected units will be convened by the DECS to discuss where the regulation will be placed in the matrix, and who the compliance owner and partners will be.
  • For regulations that are judged to represent low risks, the regulation may be:
    1. Omitted if it does not apply to USU,
    2. Placed in the matrix by consensus of the CO, RE and DECS, or
    3. Placed on a watchlist by the Ethics and Compliance Services Office and tracked for further developments.
  • Notifications to responsible executives and compliance owners will be distributed whenever changes in the matrix have been published.