Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Compliance Blueprint: Building Structures and Relationships

advertisement 
5/22/2014
Compliance Blueprint: Building
Structures and Relationships
David Galloway,
BYU Compliance Officer
Sarah Campbell,
BYU Associate University Counsel
Agenda
1. Compliance
Planning Group
2. Governance
3. Management
2
Margaret Wheatly
“In organizations, real power
and energy is generated through
relationships. The patterns of
relationships and the capacities
to form them are more
important than tasks, functions,
roles, and positions.”
3
1
5/22/2014
Foundations
• University Culture
• Continuous Improvement
• Compliance Areas
4
Constructivist Model
•
•
•
•
•
•
•
•
•
Attitudes
Body Language
Context
Expectations
Feelings
Filters
Intentions
Likes/Dislikes
Medium
•
•
•
•
•
•
•
•
Perspectives
Preoccupations
Prior Experience
Reaction
Relationships
Roles
Semantics
Understandings
Sender
Info Source
Transmitter
Noise
Channel
Receiver
Receiver
Destination
5
Structure
6
2
5/22/2014
7
1. Planning Group
Planning Group
General
Counsel
Compliance
Internal
Audit
EH&S
8
Poll #1
Internal audit and compliance
functions at my school are…
A. Separate
B. Integrated
C. Other
9
3
5/22/2014
Poll #2
How proactive is your
general counsel?
A.
B.
C.
D.
Very
Somewhat
Ambivalent
Antagonistic
10
1. Planning Group
Planning Group
General
Counsel
Compliance
Athletic
Compliance
Coordinator
Internal
Audit
FERPA
Coordinator
Athletics Compliance
Committee
EH&S
Financial Aid
Coordinator
Information Security
and Privacy Committee
HIPAA
Coordinator
IRB
Life Sciences
Compliance
Coordinator
Research
Compliance
Coordinator
PCI/Banking Security
Committee
11
•
•
•
•
•
•
•
•
Identify risks
Assess and analyze
Mitigate risks
Implement actions
Monitor and evaluate
Oversee hotline
Develop policy
Train
1. Planning Group
Role of Planning Group
12
4
5/22/2014
1. Planning Group
Identify Risks
13
•
•
•
•
•
•
Management discussion
Ad hoc team
Benchmark with others
Consult outside counsel
Request formal audit
Develop “white paper”
1. Planning Group
Assess and Analyze
14
“The organization shall take
reasonable steps . . . to ensure
that the organization’s
compliance and ethics program
is followed, including monitoring
and auditing to detect criminal
conduct . . . .”
1. Planning Group
Monitoring and Auditing
Federal Sentencing Guidelines: §8B2.1(b)(5)
15
5
5/22/2014
Monitoring: Online, real time,
1. Planning Group
Monitoring and Auditing
measurement of control
system effectiveness
Auditing: Periodic historic
evaluation of the control
system
16
1. Planning Group
Compliance Audits
• Conducted by
compliance auditor
• Assessment tool
approved by General
Counsel
• Conclusions approved
by General Counsel
17
1. Planning Group
Compliance Hotline
Web Connection
Telephone
18
6
5/22/2014
Poll #3
Who manages your hotline?
A. Third party
B. We do
C. Don’t have one
19
Identify Need
Revise
Develop Policy
Ensure
Compliance
Get Approval
1. Planning Group
Policy Development
Communicate
20
Poll #4
Who manages policies?
A.
B.
C.
D.
E.
F.
Compliance
Legal
HR
Internal Audit
Risk Management
Other
21
7
5/22/2014
1. Planning Group
Training
Identify
Standards
Evaluate
Effectiveness
Identify
Audience
Deliver Training
Determine
Medium
Develop
Content
22
• Meet weekly
1. Planning Group
Relationship Tips
• Share training
• Attend conferences
• Work jointly
• Communication plans
• Office proximity
23
Poll #5
How often do you meet with legal,
audit, and risk management to
discuss compliance?
A.
B.
C.
D.
E.
Monthly
Quarterly
Semi-annually
Annually
Never
24
8
5/22/2014
Structure
25
26
2. Governance
Audit/Compliance Committee
• Meet quarterly
• Determine
compliance risks
• Receive audit reports
• Review hotline
reports
27
9
5/22/2014
2. Governance
Executive Committee
Meet monthly
Charter compliance committees
Designate compliance coordinators
Approve compliance programs
Monitor and assess compliance
Determine compliance risks
Receive reports from compliance
office
• Review hotline reports
•
•
•
•
•
•
•
28
Poll #6
Do you report to a committee of
the Board of Trustees or Regents?
A. Directly/Functionally
B. Administratively
C. Only activities and
results
D. No, not at all
29
Poll #7
Is the committee you report to a
joint audit/compliance committee?
A. Joint
B. Separate
C. Don’t report
30
10
5/22/2014
Poll #8
Do you have a university-wide
executive compliance committee?
A. Yes
B. No
C. Working on it
31
2. Governance
Relationship Tips
• Ask to be invited to meetings
• Invite them to meet with you
• Provide substantive content (reports,
news, investigations, assessments)
• Monthly compliance newsletter
• Summarize specific laws (research
memos)
32
Structure
33
11
5/22/2014
34
3. Management
Roles of Management
•
•
•
•
•
Set tone
Assist communication
Provide relevant news
Offer training to staff
Provide resources
35
3. Management
Compliance Coordinators
Subject-matter experts who
generally, as a part of other
job responsibilities, provide
monitoring and guidance to
the university community in
their area of their expertise.
Info. Sec. &
Privacy
GLB
PCI
HIPAA
FERPA
36
12
5/22/2014
Poll #9
Do you use embedded compliance
coordinators/partners?
A. Extensively
B. Somewhat
C. Not at all
37
What do they really do?
• Develop relationships within department and university
• Communicate
• Communicate
• Communicate
• Train/Educate
• Manage special compliance projects
• Hear and address employee confidential concerns
3. Management
Compliance Coordinators
38
• Keep small (6-8)
• Formal Charter
• Represent key
constituents
• Meet regularly
• Oversee
compliance
• Report periodically
3. Management
Compliance Committees
39
13
5/22/2014
•
•
•
•
•
•
•
•
•
Academic Safety
Athletics Compliance
Background Checks
Banking Information Security
Campus Safety
Child Protection
Disability Standards
Drug-Free
FERPA
•
•
•
•
•
•
•
•
•
HIPAA
Information Security/Privacy
IACUC
Institutional Biosafety
IRB
PCI
Radiation/Laser Safety
Timely Notification
Title IX
3. Management
Compliance Committees
40
Poll #10
We have effective institutional
compliance committees?
A. Yes
B. Only the legally required ones
C. No
41
3. Management
Compliance Programs
Law and
Regulations
High-Level
Procedures
Policy
Duties
Training Plan
Program
Document
Monitoring
Plan
42
14
5/22/2014
3. Management
Relationship Tips
•
•
•
•
•
Regular group meetings
Periodic one-on-one meetings
Monthly compliance
newsletter
Summarize specific laws
(research memos)
Facilitate training sessions
and webinars
43
Structure
44
Margaret Wheatly
“In organizations, real power
and energy is generated
through relationships. The
patterns of relationships and
the capacities to form them are
more important than tasks,
functions, roles, and positions.”
45
15
5/22/2014
CONTACTS:
– David Galloway
Executive Director – Compliance and Audit/Compliance Officer
Brigham Young University
david_galloway@byu.edu
801-422-3854
– Sarah Campbell
Associate University Counsel
Brigham Young University
sarah_campbell@byu.edu
801-422-7667
46
Compliance Blueprint: Building
Structures and Relationships
David Galloway,
BYU Compliance Officer
Sarah Campbell,
BYU Associate University Counsel
16
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Public Policy Paper Requirements
Public Policy Paper Requirements
Risk Management - Internship Office
Risk Management - Internship Office
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Potential Energy Graph Force and Potential Energy Example Poll
Potential Energy Graph Force and Potential Energy Example Poll
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Download
advertisement