Integrity & Compliance Charter


Purpose and Mission

The Office of Integrity & Compliance (OIC) promotes and supports a University climate that fosters compliance awareness and accountability in the daily activities of the University and encourages all members of the University community to operate with the highest standards of honesty and integrity in achieving excellence in its academic, research and healthcare missions.  OIC, led by the Associate Vice Chancellor for Compliance/Chief Compliance Officer (CCO), provides strategic leadership over the university’s institutional compliance and ethics program and select regulatory compliance programs for the KU Medical Center and KU Lawrence Campuses. This includes oversight of university efforts, including those of the university’s controlled affiliated corporations, to ensure compliance with key federal and state laws and regulations as well as university policies in a manner consistent with U.S. federal sentencing guidelines for an effective institutional compliance program.

Scope

  • Provide strategic guidance, inform best practices, and identify program priorities to assess and enhance the effectiveness and efficiency of university compliance processes and respond to changes in the law.
  • Lead the development and implementation of policies and procedures to ensure alignment with government laws and regulations across the University.
  • In collaboration with risk owners, regulatory compliance program administrators and other stakeholders, identify, prioritize and remediate institutional compliance risks.
  • Develop, implement, and manage an effective, compliance-related educational and training programs to make sure employees and leadership are knowledgeable of institutional policies and pertinent state and federal standards.
  • In conjunction with OARC partners, develop, implement and conduct a system for internally reviewing University processes, systems, and activities to ensure compliance with federal, state and local regulatory requirements and University policies and procedures.
  • Direct the assessment, management and investigation of targeted compliance issues and detected offenses arising through the Institutional Hotline or otherwise, and oversee initiatives to prevent potential violations of rules, regulations, policies and procedures.
  • Chair and provide direction to the university compliance governance committees to build a structural foundation to prevent and detect violations of law and assist the University in encouraging ethical conduct.
  • Lead committee measures to ensure there are adequate controls in place to reduce regulatory risks throughout the University.
  • Provide University leadership with reasonable assurance that core compliance management practices are in place across the University for all compliance risk areas.

Authority

The Office of Integrity & Compliance, under the direction of the Vice Chancellor for Audit, Risk & Compliance, has the authority to review or investigate all areas of the university, including schools, colleges, administrative departments and controlled affiliated entities.  Accordingly, the AVC for Integrity & Compliance is authorized to:

  • Have unrestricted and timely access to records, data, personnel and physical property relevant to performing compliance reviews and investigations, and to allow for appropriate oversight and guidance related to compliance, ethics and risk mitigation efforts;
  • Allocate resources, establish schedules, select subjects, determine scopes of work, and apply the techniques required to accomplish objectives;
  • Perform periodic quality assessments of core compliance areas to assess the design and effectiveness of their risk mitigation activities and recommend improved controls, procedures, resources or stronger enforcement of regulatory requirements as needed; and
  • Obtain the essential assistance and cooperation of personnel in areas of the University where reviews and investigations are performed, as well as other specialized services from within or outside the University.

Oversight

The Office of Integrity & Compliance, along with other university risk management programs, is part of the Office of Audit, Risk & Compliance (OARC) under the leadership of the Vice Chancellor for Audit, Risk & Compliance and Chief Risk Officer.  The VC for Audit, Risk & Compliance reports administratively to the Executive Vice Chancellor for Finance and Chief Financial Officer (CFO) and functionally to the Chancellor’s Executive Risk Committee (ERC).

The VC for Audit, Risk & Compliance, as well as the ERC, oversee the operations of OIC to ensure priority risks are being managed, staff and resources are available to support an effective compliance program, and expectations of accountability across the University community are being communicated. 

The University also provides oversight and guidance to OIC through the Institutional Compliance Steering Committee, which is chaired by the AVC for Integrity & Compliance.  The Steering Committee is responsible for reviewing and approving the annual compliance work plan and advising the AVC for Integrity & Compliance on university compliance matters.  Additionally, the AVC for Integrity & Compliance maintains dotted-line reporting to the Medical Center’s EVC and the Provost to address campus-specific compliance matters when necessary.

Responsibilities of the Institutional and Campus Compliance Committees and Risk Owners

Institutional Compliance Steering Committee

  • Provide input, guidance, and oversight of institutional-level compliance activities and supporting processes.
  • Evaluate risks associated with emerging compliance issues.
  • Ensure that University policies and procedures are effectively communicated across the University and that training resources are in place.
  • Identify areas where University policies and procedures need to be established or enhanced, including developing a response to new or revised regulatory requirements.
  • Review and approve the annual Compliance Work Plan setting forth priority risks to be addressed and mitigation/prevention strategies to be employed in the coming year.

Campus Compliance Committees

  • Provide guidance and oversight of campus-level compliance activities and supporting processes.
  • Monitor, evaluate and track existing, changing or emerging compliance risks and obligations and communicate those risks/obligations to the Institutional Compliance Steering Committee and the AVC for Integrity & Compliance.
  • Implement programming, controls, policies and procedures, or other prescribed elements at the direction of the Institutional Compliance Steering Committee.
  • Lead efforts to establish or enhance policies and procedures, including in response to new or revised regulatory requirements.
  • Ensure that University and campus-specific policies and procedures are maintained and implemented.

Risk Owners and University Members

  • Communicate compliance events to the AVC for Integrity & Compliance, such as:
    • notification of audits, inspections, investigations, or site visits,
    • notification of noncompliance be an external agency or authority,
    • all significant compliance events or incident, and
    • changes in unit leadership or unit operations
  • Develop, administer and track completion of training or programming required by regulations or by specific job responsibilities associated with the mission of the unit.

Professional Standards

The AVC for Integrity & Compliance and the OIC members will act with integrity in accordance with Professional Standards of Compliance and Ethics and will follow the U.S. Sentencing Guidelines for an Effective Compliance Program, which include:

  • Leadership and Oversight. Effective leadership and functional committee structures are in place, with regular reporting to the Executive Institutional Risk Committee.
  • Policies and Procedures. Clear expectations and practical guidance regarding behavior and decision-making are available and accessible.
  • Education and Outreach. Reasonable steps are taken to provide appropriate, relevant, and comprehensive education and outreach about compliance requirements.
  • Monitoring and Auditing. Program adherence to compliance requirements is monitored. Emerging and changing laws are tracked.
  • Receiving Reports and Investigating. Clear avenues exist to seek guidance or report violations of policy and relevant laws/regulations. Investigations follow appropriate processes and emphasize non-retaliation.
  • Accountability, Incentives and Corrective Action. Community members are encouraged to behave ethically and responsibly. Appropriate, fair and consistent actions are taken in cases of wrongdoing.
  • Response and Prevention. Episodes of misconduct and violations of laws, regulations and policies are responded to appropriately. Systemic issues are identified, root causes determined, and solutions implemented to prevent recurrence.
  • Risk Assessment. Regulatory compliance obligations are routinely evaluated and prioritized based on the severity of the potential operational, legal, and financial impact associated with each one.  Control measures put in place are reviewed for effectiveness in mitigating identified risk. 

Consequences

Employees who do not provide access to records, property, and/or personnel necessary to conduct a compliance review or investigation, as required by this Policy, may be subject to appropriate disciplinary action, up to and including termination of employment, in accordance with applicable personnel policies for faculty and staff. In addition, consistent with University Policy and the law, the University may take appropriate remedial measures, including but not limited to disciplinary action against an employee, to address any policy or code of ethical conduct violation.