Institutional Compliance

At CU Anschutz, everyone can play an essential role in ensuring we mitigate risks associated with all laws and regulations designed to maintain the integrity of our research. Our Institutional Compliance Program, in partnership with The Evaluation Center at CU Denver, has designed a survey tool to help us understand potential risks campus-wide and to identify areas that could benefit from additional resources to help mitigate those risks.

We've identified a select group of CU Anschutz leaders and key compliance personnel as critical to this effort, and a survey will be distributed to those individuals in mid-January 2023. This survey is designed to be administered every other year to assess improvement and/or changes, and is composed of both open- and closed-ended questions that give the recipients an opportunity to share their thoughts and challenges related to risk mitigation in their units or areas.

Timeline:

Surveys Distributed: Mid January-February 28
Data Compiled and Report Generated: March-May
Report Results distributed and posted on this website: Mid-May

Questions? Email compliance@cuanschutz.edu.

About Institutional Compliance

Institutional Compliance includes activities that support coordination, management, and monitoring of the risks associated with federal, state, and local laws and regulations. Institutional Compliance comprises the collective university activities that help to ensure all significant compliance risks are addressed and effectively managed.

Why is Institutional Compliance Needed?

Laws and regulations affecting universities have become increasingly complex. Certain major universities have experienced adverse publicity in the press and incurred substantial fines for research, environmental health and safety, employment, student aid, and other types of compliance violations. We want to do the right thing as well as avoid the consequences of missing the mark.

Elements of an Effective Compliance Plan

Elements of an Effective Compliance program 1 - Responsible Parties and Roles. Roles and responsibilities for compliance risk areas are clearly defined and documented. Individuals are adequately empowered to carry out their responsibilities. A compliance officer and other appropriate bodies (e.g., compliance committees) are designated and charged with the responsibility for developing, operating, and monitoring the compliance program, with authority to report directly to the Board and/or the President/CEO.

2 - Lines of Communication. An effective method of communication is developed between the compliance function and all employees, including a “hot line” to receive complaints, as well as a mechanism to respond to questions.

3. Standards and Procedures. Compliance standards, practices and procedures are written, clearly established and reasonably designed to reduce the risk of non-compliant conduct. Clear standards of conduct are established and widely distributed.

4 - Awareness, Education and Training. Compliance standards and procedures are effectively communicated, and the institution ensures that responsible individuals receive timely and appropriate education and training.

5 - Monitoring and Auditing Systems. Implemented to detect non-compliant conduct and identify problem areas.

6 - Enforcement Standards. Consistently enforced through identification of non-compliance and appropriate consequences based upon clear and specific disciplinary policies.

7 - Corrective Action Systems. Effectively ensure prompt investigation of non-compliance, reporting where appropriate, and proper responses to prevent similar breakdowns in the future.

0 - Risk Assessment. All activities are systematically evaluated for compliance risks. A process is instituted to ensure risks are regularly evaluated. Controls are matched to the severity of risk.

Our Approach

The Office of Regulatory Compliance facilitates and supports operational compliance-focused units via two key elements, and several shared, institutional elements:

We create a culture of compliance with a designated compliance officer and compliance committee. The Institutional Compliance Officer has primary responsibility for the administration of the Compliance Program.

Specific duties include:

Addressing compliance risks as they arise
Providing guidance or direction, or otherwise serving as a resource on specific compliance matters
Coordinating campus compliance efforts in those areas where the Institutional Compliance Officer has particular expertise
Maintaining the website for the program
Performing other program responsibilities as requested

The Regulatory Oversight and Compliance Committee oversees:

Identifying, assessing, and managing risk
Developing recommendations to manage risks
Evaluating the effectiveness of compliance-related programs based on periodic surveys and other feedback mechanisms

The Regulatory Oversight and Compliance Committee identifies key high-risk areas that need to be addressed.

The Executive Committee, with recommendation from the Regulatory Oversight and Compliance Committee, will appoint a taskforce comprised of campus stakeholders to assess a specific risk and to recommend a mitigation strategy based on periodic risk assessment.

Other Elements have been delegated to the various compliance offices:

Element 3: Implementing written policies, procedures and standards of conduct

Element 4: Conducting effective training and education

Element 5: Conducting internal monitoring and auditing

Element 6: Enforcing standards through disciplinary guidelines

Element 7: Responding promptly to detected offences and undertake corrective action

External Assurance Providers

The University of Colorado's Board of Regents and administrative and internal audit teams work together to provide another independent layer of oversight.

Relationship: Compliance, Ethics, Culture, and Strategy

Compliance: “Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” -Federal Sentencing Guidelines U.S. Sentencing Commission (1991)

Strategy: “Organizational culture eats strategy for breakfast [lunch, and dinner...]” -Peter Drucker (2006) Management consultant, educator, author

Ethics & Integrity: “What do I have a right to do?” “What is right to do?” -Associate Justice Potter Stewart U.S. Supreme Court (1958-1981)

Culture: “Culture is the single biggest determinant of behavior in any organization.... One thing that is clear – if you’re not managing culture, culture is managing you.” -Keith Darcy (2015) Independent Senior Advisor, Deloitte & Touche Former Executive Director, Ethics & Compliance Officer Association

Tools & Resources

Schools & Colleges

CU Denver

CU Anschutz Medical Campus

CU Campuses