Compliance with laws, regulations and industry rules is a critical part of every organization’s governance program. Unlike organizations that operate in a single line of business, colleges and universities are somewhat unique given the myriad academic, financial aid, NCAA/athletics, healthcare, privacy/data protection, human resources, safety, and many other types of legal and regulatory requirements.
Challenges and Opportunities
The importance of a higher education institution developing and maintaining an effective compliance program has never been more critical. Increasing and changing compliance requirements, coupled with increased public awareness and litigation activity, require institutions to identify and manage their compliance risk proactively. As highlighted by several recent high-profile media reports on compliance issues at both public and for-profit institutions, failure to address these risks effectively can result in monetary liabilities or fines, potential restrictions on the scope of the institution’s programs, significant damage to reputation, or even, in extreme circumstances, the loss of an institution’s charter and/or accreditation.
Our Point of View
An effective compliance program should span all institution departments and functions and be supported by the right resources, technology and other tools. Further, the institution should establish clear compliance objectives supported by leadership and the board of trustees, and include the participation and “buy in” of business process owners who are responsible for managing compliance risks on a day-today basis.
Institutions should strive to achieve the following objectives in establishing and maintaining their compliance programs:
- Create the appropriate “tone at the top” by establishing a climate that supports discussing compliance issues openly and with integrity, even if doing so may create short-term exposure for the institution.
- Embed compliance in the institution’s culture so it is part of everyone’s jobs and all stakeholders support the concept.
- Establish clear ownership and accountability for compliance activities performed across the institution and related decision-making, including ensuring actions are consistent with words.
- Establish an efficient compliance management framework, including a protocol to identify and address new or changing requirements.
- Strike an appropriate balance between fulfilling the institution’s mission and compliance risk management objectives.
- Proactively monitor compliance, minimizing the need for inefficient, reactive “fire-fighting” exercises to close gaps.
- Minimize the risk of reputational damage and monetary and other penalties caused by compliance issues.
How We Help Companies Succeed
Our national Higher Education Industry practice and our Regulatory Risk Consulting specialists offer a broad range of compliance services tailored to colleges and universities, including:
- Advising on design and implementation of a compliance program
- Conducting compliance risk assessments
- Performing regulatory compliance internal audits
- Conducting pre-examination reviews of the compliance program
- Dealing with regulatory investigations and enforcement actions
- Selecting and utilizing system vendors
- Developing and delivering compliance training
Our Higher Education Industry team possesses broad expertise across the full range of business processes and risk management issues, including areas such as financial aid, research and athletics. This gives us the perspective to assess your current state of compliance and provide specific, practical guidance. Further, our experience shows that institutions of higher learning are moving toward compliance programs that not only are consistent with higher education industry standards, but also compare favorably with companies in other highly regulated industries. With a global Regulatory Compliance practice that has served hundreds of clients across a broad range of industries, Protiviti is uniquely positioned to meet this objective.
We recognize the unique challenges associated with instilling a culture of compliance in a higher education setting. In addition to assessment and providing recommendations for improvement, we serve as a business partner who can support compliance implementation efforts. This, in fact, is the core of our business – we identify and deliver value at every stage of an implementation effort, providing recommendations that not only sound good in theory, but also work effectively in the real world.
- A top public university suffered significant reputational damage as a result of a series of compliance issues in its athletics and other programs. The university selected Protiviti to perform a comprehensive assessment of its global compliance program, spanning all categories of laws, regulations and guidelines to which it is subject. We delivered a comprehensive benchmarking assessment comparing the current state of effectiveness of the university’s compliance program to its higher education peers, as well as to firms in heavily regulated industries such as financial services and healthcare. As a result of our assessment, we delivered a complete set of recommendations as well as a detailed roadmap to improve the university’s compliance function.
- A large university was seeking a full-scale compliance review related to Title IV and provisions of the Higher Education Act. The client selected Protiviti to document, analyze and test compliance with relevant regulatory requirements. We created the documentation, analysis and frameworks necessary to provide management with clear, specific insights regarding its level of compliance. In the end, Protiviti delivered a comprehensive assessment, along with a set of recommendations to address compliance issues and a robust compliance testing work program. With these tools, the university is now able to proactively manage Title IV compliance.
- A distinguished private university sought to redesign its compliance function in response to several high-profile compliance failures. We assessed the current function and provided benchmarking information on similar universities. We then worked with management and the board to design a compliance structure and function that could identify and prevent compliance risks proactively by providing the proper reporting channels and tools to identify and address compliance risks.