Institutional Compliance

At CU Anschutz, everyone can play an essential role in ensuring we mitigate risks associated with all laws and regulations designed to maintain the integrity of our research. Our Institutional Compliance Program, in partnership with The Evaluation Center at CU Denver, has designed a survey tool to help us understand potential risks campus-wide and to identify areas that could benefit from additional resources to help mitigate those risks.

We've identified a select group of CU Anschutz leaders and key compliance personnel as critical to this effort, and a survey will be distributed to those individuals in mid-January 2023. This survey is designed to be administered every other year to assess improvement and/or changes, and is composed of both open- and closed-ended questions that give the recipients an opportunity to share their thoughts and challenges related to risk mitigation in their units or areas.


  • Surveys Distributed: Mid January-February 28 
  • Data Compiled and Report Generated: March-May
  • Report Results distributed and posted on this website: Mid-May

Questions? Email

About Institutional Compliance

Institutional Compliance includes activities that support coordination, management, and monitoring of the risks associated with federal, state, and local laws and regulations. Institutional Compliance comprises the collective university activities that help to ensure all significant compliance risks are addressed and effectively managed.

Why is Institutional Compliance Needed? 

Laws and regulations affecting universities have become increasingly complex. Certain major universities have experienced adverse publicity in the press and incurred substantial fines for research, environmental health and safety, employment, student aid, and other types of compliance violations. We want to do the right thing as well as avoid the consequences of missing the mark.

Elements of an Effective Compliance Plan


Elements of an Effective Compliance program1 - Responsible Parties and Roles. Roles and responsibilities for compliance risk areas are clearly defined and documented. Individuals are adequately empowered to carry out their responsibilities. A compliance officer and other appropriate bodies (e.g., compliance committees) are designated and charged with the responsibility for developing, operating, and monitoring the compliance program, with authority to report directly to the Board and/or the President/CEO.

2 - Lines of Communication. An effective method of communication is developed between the compliance function and all employees, including a “hot line” to receive complaints, as well as a mechanism to respond to questions. 

3. Standards and Procedures. Compliance standards, practices and procedures are written, clearly established and reasonably designed to reduce the risk of non-compliant conduct. Clear standards of conduct are established and widely distributed. 

4 - Awareness, Education and Training. Compliance standards and procedures are effectively communicated, and the institution ensures that responsible individuals receive timely and appropriate education and training. 

5 - Monitoring and Auditing Systems. Implemented to detect non-compliant conduct and identify problem areas. 

6 - Enforcement Standards. Consistently enforced through identification of non-compliance and appropriate consequences based upon clear and specific disciplinary policies. 

7 - Corrective Action Systems. Effectively ensure prompt investigation of non-compliance, reporting where appropriate, and proper responses to prevent similar breakdowns in the future. 

0 - Risk Assessment. All activities are systematically evaluated for compliance risks. A process is instituted to ensure risks are regularly evaluated. Controls are matched to the severity of risk.

Our Approach

The Office of Regulatory Compliance facilitates and supports operational compliance-focused units via two key elements, and several shared, institutional elements:

External Assurance Providers

The University of Colorado's Board of Regents and administrative and internal audit teams work together to provide another independent layer of oversight. 

Risk Management Roles

Relationship: Compliance, Ethics, Culture, and Strategy

Compliance: “Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” -Federal Sentencing Guidelines U.S. Sentencing Commission (1991)
Strategy: “Organizational culture eats strategy for breakfast [lunch, and dinner...]” -Peter Drucker (2006) Management consultant, educator, author
Institutional Compliance Venn Diagram
Ethics & Integrity: “What do I have a right to do?” “What is right to do?” -Associate Justice Potter Stewart U.S. Supreme Court (1958-1981)
Culture: “Culture is the single biggest determinant of behavior in any organization.... One thing that is clear – if you’re not managing culture, culture is managing you.” -Keith Darcy (2015) Independent Senior Advisor, Deloitte & Touche Former Executive Director, Ethics & Compliance Officer Association
CMS Login