人妻中出视频

Organizational Compliance 101

What is Compliance?

Compliance - sometimes referred to as organizational or institutional compliance -  is a framework for facilitating adherence to federal and state laws and policies that govern the organization and for promoting ethical and lawful decision-making and conduct on the part of the organization鈥檚 employees. At the 人妻中出视频 人妻中出视频 Administration, this includes incorporating the 人妻中出视频鈥檚 ethics and standards of conduct, and its values into daily operations; knowing and following the laws and policies that affect these operations; educating ourselves on the functions we perform that can expose the 人妻中出视频 Enterprise to legal and regulatory repercussions; and devoting time and other resources to preventing and detecting violations of law and policies that give rise to risks associated with failing to comply with these laws and policies (i.e. 鈥渃ompliance risks鈥�). 

Where did institutional compliance originate?

High-profile scandals in the 1970s and 1980s highlighted the widespread practice of companies bribing politicians and government officials. In 1991, the Federal Sentencing Guidelines were promulgated in an attempt to bring greater consistency in sentencing, including sentencing organizations that were convicted of violating federal law.

See Pew Research Center. Public Trust in Government: 1958-2024. . 

What is the purpose of the Federal Sentencing Guidelines?

The Guidelines: (1) incentivize organizations to self-police their corporate behavior; (2) provide guidance on effective compliance and ethics actions organizations can take to demonstrate a good-faith effort to self-police; and (3) hold organizations accountable based on defined culpability factors.

The organizational sentencing guidelines have wielded significant influence on corporate America鈥�designed to incentivize corporate self-policing through its 鈥榗arrot and stick鈥� philosophy鈥�it has 鈥榗atalyzed vigorous efforts by companies to promote ethical performance and reduce organizational misconduct.

See United States Sentencing Commission. 鈥淭he Organizational Sentencing Guidelines: Thirty Years of Innovation and Influence. August 2022.

Do public agencies and universities need compliance programs?

High-profile scandals over the decades, such as ABSCAM and Iran-Contra, demonstrate why organizational compliance, accountability and responsibility is not limited to the private sector.

What is the benefit of having an institutional compliance program?

Compliance programs foster compliance with the law, which contributes to an organization鈥檚 effectiveness and mission accomplishment, including by eliminating the disruption and diversion of resources resulting from investigations into suspected misconduct.  Practically, when determining whether to prosecute an organization for criminal conduct, the Department of Justice considers the 鈥渁dequacy and effectiveness of the corporation鈥檚 compliance program鈥� both at the time of the alleged conduct and at the time the federal government is deciding whether to prosecute. See DOJ Justice Manual 9-28.000 - Principles of Federal Prosecution of Business Organizations.

Is the 人妻中出视频 人妻中出视频 Administration required to have a compliance program?

人妻中出视频 人妻中出视频 Regulation 02.1000 requires each component of the 人妻中出视频 Enterprise to have a compliance program that is designed to prevent and detect violations of law and policies; and that encourages all employees and individuals acting on behalf of the 人妻中出视频 to conduct themselves lawfully, honestly and with integrity, including preventing retaliation against individuals who make good faith reports of suspected misconduct. 

What can happen if the 人妻中出视频 人妻中出视频 Administration does not have an effective compliance program?

An organization鈥檚 employees can be sentenced to prison for violating certain federal and state laws. While organizations cannot be sent to prison, they can be prosecuted, fined, ordered to make restitution, and prohibited from receiving federal and state funds. The U.S. Department of Justice has made it clear that the prosecution of organizational criminal conduct 鈥渋s a high priority.鈥�  See 鈥淥verview of Organizational Guidelines鈥� and DOJ JM9-28.800.

How does an organization know when it has an effective compliance program?

The Federal Sentencing Guidelines expect compliance programs to have eight components:

1. Standards and procedures reasonably capable of reducing the prospect of criminal activity
2. Oversight by high-level personnel
3. Due care in delegating substantial discretionary authority
4. Effective communication to all levels of employees
5. Reasonable steps to achieve compliance, which include systems for monitoring, auditing and reporting suspected wrongdoing without fear of retaliation
6. Consistent enforcement of compliance standards including disciplinary mechanisms
7. Reasonable steps to respond to and prevent repeated violations once a violation is detected
8. Promotion of an organizational culture that encourages a commitment to compliance and the law

When determining whether an organization鈥檚 compliance program is effective, the U.S. Department of Justice asks three 鈥渇undamental鈥� questions:

1. Is the compliance program well designed?
2. Is the compliance program adequately resourced and empowered to function effectively?
3. Does the organization鈥檚 compliance program work in practice?

See DOJ Criminal Division. 鈥淓valuation of Corporate Compliance Programs.鈥� Updated March 2023.

What does an effective compliance program look like in practice?

In 2005 the U.S. Department of Health and Human Services Office of the Inspector General published seven tangible requirements that a program must demonstrate in order to be effective:

1. Written policies and procedures
2. Compliance leadership and oversight
3. Training and education
4. Effective lines of communication
5. Enforcement of Standards: incentives and consequences
6. Risk assessments, audits, and monitoring
7. Prompt response to detected violations and corrective action

See U.S. Department of Health and Human Services Office of the Inspector General. 鈥淕eneral Compliance Program Guidance.鈥�

Reporting Suspected Wrongdoing by Speaking Up

What should I do if I suspect wrongdoing?

An employee or individual authorized to act on behalf of the 人妻中出视频 人妻中出视频 who reasonably believes a 人妻中出视频 employee鈥檚 or vendor鈥檚 conduct violates law, Regents Rule, 人妻中出视频 Regulation, or policy is expected to speak up and report the suspected wrongdoing.  Other individuals are encouraged to report suspected wrongdoing.

Why should I Speak Up?

Speaking up when we observe conduct that is not in the best interest of our 人妻中出视频 人妻中出视频 community is a form of engagement. Speaking up also models exceptional standards by holding ourselves and others accountable.

Where can I Speak Up about suspected wrongdoing?

Suspected wrongdoing can be reported in several ways, including anonymously:

1. Notify your supervisor unless your supervisor is the person suspected of the wrongdoing.
2. Notify the 人妻中出视频 人妻中出视频 Administration Compliance and Ethics Program at: 940.565.2156 or compliance@untsystem.edu. 
3. Online at the at: . (Reports can be made anonymously).
4. Inform the if the suspected wrongdoing involves fraud, waste or abuse of public resources at or the agency鈥檚 fraud hotline at SAO Fraud Hotline at 1-800-TX-AUDIT (1-800-892-8348).

What if I am afraid to hold someone else accountable by Speaking Up about suspected wrongdoing?

Reporting suspected wrongdoing is in the best interest of the 人妻中出视频 人妻中出视频 and the people we serve. To encourage a culture of accountability and compliance, the 人妻中出视频 against individuals who report suspected wrongdoing and has implemented a program to protect against retaliation. Also, the protects employees who report unlawful activity in good faith from retaliation.

Difference Between Compliance and Internal Audit

What is Compliance?

"Compliance鈥� - sometimes referred to as organizational or institutional compliance - is a framework for facilitating adherence to federal and state laws and policies that govern the organization, and for promoting ethical and lawful decision-making and conduct on the part of the organization鈥檚 employees. The Compliance & Ethics Program operationalizes this framework with a focus on establishing an organizational culture that is committed to ethical and lawful decision-making and on preventing and detecting violations of the law and policy (i.e. 鈥渃ompliance risks鈥�). It also assists management officials continuously identify compliance risks and provides advice on controls to mitigate these risks.

What is Internal Audit?

According to the Institute of Internal Auditors, internal audit is 鈥渁n independent, objective assurance and consulting activity designed to add value and improve an organization鈥檚 operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes鈥�[and] provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met.鈥� See Institute of Internal Auditors. 鈥淲hat is Internal Audit?鈥� .

What is the difference between Compliance and Internal Audit?

The 鈥淭hree Lines of Defense鈥� model for risk governance depicts the difference between management, Compliance and Internal Audit this way:

• First line: Management has the primary responsibility to own and manage risks associated with day-to-day operational activities. Other accountabilities assumed by the first line include design, operation, and implementation of controls.
• Second line: The second-line function enables the identification of emerging risks in daily operation of the business. It does this by providing compliance and oversight in the form of frameworks, policies, tools, and techniques to support risk and compliance management.
• Third line: The third-line function provides objective and independent assurance. While the third line鈥檚 key responsibility is to assess whether the first- and second-line functions are operating effectively, it is charged with the duty of reporting to the board and audit committee, in addition to providing assurance to regulators and external auditors that the control culture across the organization is effective in its design and operation. See Deloitte. 鈥淢odernizing the three lines of defense model 鈥� an internal audit perspective.鈥� .

What is a 鈥渃ompliance risk鈥�?

defines a 鈥渃ompliance risk鈥� is an action or inaction that exposes an organization to legal or regulatory sanctions. These sanctions can be in the form of fines or penalties, or in some cases criminal prosecution. 人妻中出视频 人妻中出视频 Administration employee and individuals authorized to act on behalf of the 人妻中出视频 Enterprise can expose the organization to sanctions.

Are compliance risks the same as other risks?

Generally, a compliance risk exposes the 人妻中出视频 Enterprise to criminal liability or civil or administrative sanctions due to a violation of law or policy, including an ethics violation.  On other risk, such as environmental, financial, governance, operational, people, reputational/brand, social and safety, strategic, and technological, expose the 人妻中出视频 to other types of potential harm.

What can I do to contribute to a culture of ethical and lawful conduct?

• Read the 人妻中出视频 人妻中出视频 Administration policy and model exceptional ethical behavior
• Read the policy and demonstrate courageous integrity by speaking up when your training and experience leads you to believe wrongdoing has occurred.
• Stay current on your ethics and compliance-related training (e.g. conflict of interest, dual employment and outside activities, nondiscrimination, prohibition against sexual assault/ harassment, information security, and privacy).

How can I learn more about the 人妻中出视频 人妻中出视频 Administration Compliance and Ethics Program?

Be curious and explore the Compliance and Ethics Program webpage often. You will find information about compliance in general, compliance news you can use in your daily professional activities, and more.