Compliance / Compliance Manual

\|	Compliance Program	UTPB Home
	The University of Texas of the Permian Basin

Library

Calendar

Business Affairs

Compliance Home Page

General Compliance
Information

Compliance Manual

Conflict of Interest

Standards of Conduct

Management
Responsibilities Handbook

Travel

Compliance Committee
Members

Contact Compliance

Compliance Reports

The Training Post

THE UNIVERSITY OF TEXAS

OF THE PERMIAN BASIN

Institutional Compliance Manual

4901 East University Blvd.

Odessa, Texas 79762

October 2002

Table of Contents

Institutional Compliance Officer............................................................................................. 2
Institutional Compliance Committee....................................................................................... 3
Committee Bylaws.................................................................................................................... 4
Compliance Work Group.......................................................................................................... 5
Risk-Based Plan to Manage Institutional Compliance.......................................................... 6
Departmental Liaisons.............................................................................................................. 8
General Compliance Training................................................................................................... 9
Quarterly Reporting.................................................................................................................. 10
Compliance Hotline.................................................................................................................. 11
Recommendations to Audit Committee................................................................................. 13
Appendix A................................................................................................................................ 14

Institutional Compliance Officer

This section of the manual describes the responsibilities of UTPB’s Institutional Compliance Officer and Director of Compliance. UTPB’s Institutional Compliance Officer is Dr. Chris Forrest (432-552-2700). The Institutional Compliance Officer is responsible for ensuring that there is a risk-based process that (1) builds compliance consciousness into daily operations, (2) monitors the effectiveness of compliance activities, and (3) communicates instances of non-compliance to appropriate administrators for corrective action. In addition, the Compliance Officer is responsible for: compiling quarterly Compliance reports; performing departmental inspections; maintaining the Compliance Manual, the Compliance and Monitoring Plan, and the Compliance Findings Database; coordinating Compliance training; coordinating the Institutional Compliance Committee meeting agendas; serving as a contact for the Compliance Hotline; and attending U.T. System-wide Compliance Officers’ meetings. The Institutional Compliance Officer also chairs the Institutional Compliance Committee. The Institutional Compliance Officer reports to the President and is evaluated by the President annually.(See Appendix A - “Organizational Chart of Institutional Compliance Function”)

Institutional Compliance Committee

This section of the manual describes the responsibilities of UTPB’s Institutional Compliance Committee (ICC). In addition, this section of the manual outlines membership criteria and lists the members of the ICC. The principal responsibilities of the ICC are as follows:

· To develop a risk-based plan to manage institutional compliance.
· To monitor the implementation of UTPB’s risk management plan for all high risk compliance issues.
· To monitor UTPB’s compliance with the U. T. System Action Plan to Ensure Institutional Compliance.
· To communicate instances of non-compliance to the Institutional Compliance Officer.
· To follow-up on compliance findings to ensure that appropriate corrective action has been taken.
· To continuously assess the effectiveness of institutional compliance activities including the effectiveness of the committee, itself.

The President appoints the members of the ICC. Members of the ICC are as follows:
Dr. David Watts, President
Dr. Bill Fannin, Provost and VP Academic Affairs
Dr. Susan Lara, VP Student Services
Dr. Chris Forrest, VP Business Affairs and Compliance Officer
Dr. J. Tillapaugh, Assistant VP-Grad Studies/OSP
Dr. Doug Hale, Faculty
Dr. Corbett Gaulden, Faculty
Mr. Alex Castillo, Director of Accounting
Mrs. Linda Isham, Director of Human Resources
Ms. Narita Holmes, Internal Auditor III

Compliance Committee Self-Assessment

On an annual basis, the Institutional Compliance Committee will conduct a self-assessment of its effectiveness in executing its responsibilities as set forth in the U. T. System Action Plan to Ensure Institutional Compliance. Each member of the Committee will complete a self-assessment form (see Appendix A) and submit it to the Institutional Compliance Officer. Results of the assessment will be distributed to the Compliance Committee and to UTPB’s Audit Committee.

Compliance Committee Bylaws

Members: Committee membership and the chair (Compliance Officer) is determined annually by the President of UTPB.
Charter and Charge: The Committee will annually review and approve the Committee Charter and the Compliance Officer’s charge.
Meetings: Meetings may be called by the Chair, scheduled by the Committee, or requested by any other three committee members. Meetings of the committee shall occur no less frequently than quarterly.
Minutes: Committee minutes of will be kept by the designated Secretary.
Agendas: Committee agendas will be prepared and will include approval of the previous meeting’s minutes, reports on Compliance Inquiries, Compliance Working Group meetings and activities, and action items. Items to be added to the agenda should be sent to the Compliance Officer at least 24 hours in advance of any called meeting.
Compliance Action Plan: The Committee will annually adopt an Action Plan for the year’s activities.
Subcommittees: The Committee may appoint sub-committees to carry out its work.
Publications: The Committee will, at a minimum, publish an Institutional Compliance Manual, a Management Responsibilities Handbook, and a UTPB Standards of Conduct for the use of UTPB staff. In addition, the committee is responsible for publishing all general compliance training materials and specialized training publications.
Assessment: The Committee will conduct regular (at a minimum, annual) Self Assessments and report to the President and The University of Texas System Compliance Office. In addition, the Committee shall review the self-assessment of the Compliance Officer, Assistant Compliance Officer, high-risk area responsible parties and take appropriate action based on those assessments.
Confidentiality: Compliance Committee activities will be maintained confidential to the fullest extent permitted by State of Texas law. References to names of individuals will be avoided in all compliance Committee minutes whenever possible and especially in any reviews of Compliance Inquiry reports.

Working Group/Task Force Charter

The UTPB Institutional Compliance Working Group/Task Force Committee membership consists of each responsible party of all high-risk compliance issues. Each designated responsible party is charged with:

The development and implementation of a monitoring plan for their high-risk area.
The communication of instances of non-compliance to the Institutional Compliance Officer.
Reporting on the implementation of monitoring plans to the working group

The Group is charged with:
- Identifying training and information needs for monitoring plans.
- Identifying the collective expectations for high quality monitoring plans.
- Monitoring corrective action.
- Continuously assessing the effectiveness of overall institutional compliance activities.
- Proposing to the Compliance Committee the institutional needs for improving compliance.
- Report information to Institutional Compliance Officer in a timely fashion.

Note: Based on the UTPB 1999 Risk Assessment, the following areas were identified as high-risk: Accounting, Personnel, Physical Plant, Purchasing, Student Financial Aid, and Academic Affairs.

Risk-Based Plan to Manage Institutional Compliance

This section of the manual describes UTPB’s process to develop a risk-based plan to manage institutional compliance.UTPB’s Compliance Committee is responsible for the development of a risk-based plan to monitor institutional compliance. The development of the risk-based plan is a two-step process: (1) risk identification and (2) risk analysis. Risk IdentificationThe Compliance Risk Subcommittee directs a comprehensive listing of compliance issues that are specifically applicable to each department be prepared. In prioritizing risks, subcommittee members focus on federal and state regulatory issues, U. T. System Policy and UTPB policy issues. Member listings are duplicated and distributed to all committee members. Risk AnalysisThe Compliance Committee reviews listings of compliance issues, U. T. System policy, and UTPB policy issues. The committee shall identify “high risk” compliance issues according to the following criteria:

· Audit risk. The probability of a federal or state audit.
· Financial exposure. The amount of financial liability associated with noncompliance.
· Safety risk. The probability of human injury associated with noncompliance.
· Publicity risk. The probability of a public information request that could result in adverse publicity.

Compliance Risk Management

For each high risk compliance issue, the Compliance Committee identifies the party responsible for compliance, training for responsible parties, departmental compliance activities, and the Committee’s monitoring requirements. The Compliance Committee determines whether a department has adequate policies and procedures, information sources, communication methods, compliance training, and built-in monitoring activities. If the Compliance Committee is not satisfied with a department’s compliance activities, it recommends that the department head take immediate action to strengthen compliance activities. If the department head does not agree with committee’s recommendation, the Compliance Committee refers the matter to the applicable division head. If the matter is not satisfactorily resolved with the division head, the matter is referred to UTPB’s Audit Committee for resolution. In addition, for certain high risk compliance issues, the Compliance Committee works with the applicable department head to schedule an external peer review of the departmental compliance activities. The Compliance Committee approves the peer review team membership to ensure appropriate compliance expertise and reviews all peer review findings and recommendations. The Compliance Committee shall follow-up on all peer review compliance findings to ensure that appropriate corrective action has been taken.Responsibility for Institutional ComplianceUTPB department heads are responsible for compliance with all applicable laws, regulations, policies, and procedures, regardless of the Compliance Committee’s risk assessment. Departmental budget authorities must submit a Self-Assessment Report (see Appendix A) to the Institutional Compliance Officer by August 31^st of each year. The Compliance Committee is responsible for monitoring departmental compliance activities for all high-risk compliance issues.

Departmental Reviews

The Compliance Officer shall conduct an annual departmental review for each department or unit, based on criteria described in the Self-Assessment Report. The Compliance Officer will communicate review findings to the Institutional Compliance Committee and will work with the departmental budget authority to resolve any instances of non-compliance. A memo summarizing the review findings will be distributed to the Institutional Compliance Officer and to the Compliance Committee. Significant findings, particularly findings that indicate fraud, will be referred to Internal Audit.

Departmental Liaisons

A representative from selected UTPB departments will serve as “departmental liaison.” The purpose of the departmental liaison structure is to facilitate campus-wide training and monitoring of compliance issues, as well as to disseminate compliance-related information and increase compliance awareness throughout the university. The departmental liaison members shall meet not less than two times per year. The Institutional Compliance Committee will designate departmental liaisons for selected University departments.

General Compliance Training

UTPB utilizes U. T. System’s computer-based training program (the “Training Post”) to provide generalized compliance training to all UTPB employees. UTPB’s generalized compliance training includes or will include the following modules:

1.      Introduction to U. T. System Compliance Training
2.      Effectively Controlling Risk
3.      Contacts with the Media, Government, and Outside Investigators
4.      Confidential Information, Accuracy of Records, and Disposal of Records
5.      Fraud, Errors, and Omissions – Outside Employment
6.      Sexual Harassment and Misconduct, and Drug-Free Workplace
7.      EEO, Overtime Compensation, Exempt and Non-Exempt Employees
8.      Use of State Property: Computer Security and Use, Internet Policy
9.      Copyright and Intellectual Property
10. Contracts and Agreements, and Purchasing
11. Workplace Health and Safety, and Injury Prevention
12. Political Activities and Contributions, Gifts and Gratuities
13. Hazardous Communications

All full-time employees are required to complete the Training Post modules by August 31^st of each year. Department heads will be notified of any employee that does not complete the generalized compliance training within the specified timeframe. In the event that the department head is unable to bring the employee into compliance, the employee’s non-compliance shall be referred to the appropriate dean or director (and, subsequently, vice president) for resolution.UTPB’s Institutional Compliance Committee will monitor the specialized training plans for employees whose job responsibilities involve them in high-risk compliance issues not covered by the generalized compliance training.

Quarterly Reporting

Compliance Findings
UTPB’s Compliance Officer shall institute and maintain a Compliance Findings information system that records all instances of non-compliance, responsible parties for corrective actions and the due dates for corrective action. The information on the information system shall be reported to the Institutional Compliance Committee at each of its meetings.

Reporting to U. T. System
The Compliance Officer shall provide a status report on compliance activities to the Institutional Compliance Committee each quarter for review, approval, and distribution to the U. T. System-wide Compliance Officer. Institutional Compliance Committee members contribute to the report by completing a quarterly Questionnaire for High-Risk Areas. The Compliance Officer compiles the results of the questionnaire into the Quarterly Compliance Activity Report.

UTPB Compliance Hotline Policies

Compliance Hotline Policies
The objective of the Compliance Hotline shall be to provide a confidential way for employees to obtain information about compliance issues and report instances of suspected non-compliance outside the normal chain of command in a manner that preserves confidentiality and assures non-retaliation. Employees should use the Compliance Hotline when they are not satisfied with their supervisors’ response to a compliance issue or if they fear retaliation by their supervisors. Under normal circumstances, however, compliance issues should be addressed through normal administrative channels.Supervision of the Compliance Hotline. UTPB’s AA/EEO Officer shall serve as the contact for the Compliance Hotline. The Compliance Hotline telephone number is (915) 552-2940. This phone number shall be included in UTPB’s telephone directory and its Management Responsibilities Handbook. Call received via voice mail shall be returned within 24 hours.Confidentiality. Employees who call the Compliance Hotline may remain anonymous. If the caller requests anonymity, no attempt shall be made to identify the caller. Information provided by the caller shall be treated as confidential and privileged to the extent permitted by applicable law.Non-retaliation. Employees who call the Compliance Hotline shall not be retaliated against. On the other hand, employees who intentionally and maliciously use the Compliance Hotline to make false allegations shall be subject to disciplinary action.Records retention. A record shall be made of all Compliance Hotline telephone calls. Compliance Hotline records shall be kept in a locked file cabinet. Compliance Hotline records shall be retained for a period of six years.Investigation. UTPB’s Compliance Hotline contacts shall investigate each Compliance Hotline call after consultation with UTPB’s Compliance Officer. If the AA/EEO Officer and Compliance Officer deem the compliance issue to be a minor issue, the Compliance Officer shall refer the matter to the appropriate department head for resolution. If the AA/EEO Officer and the Compliance Officer deem the compliance issue to be a major issue, the Compliance Officer shall report the matter to the President and contact U. T. System’s Office of General Council for guidance. If the compliance issue involves an alleged fraud, U. T. System’s fraud policy shall be followed. The designation of an issue as minor or major is a matter of professional judgment.Resolution. All Compliance Hotline issues shall be resolved as quickly as possible. If the caller identifies himself or herself, the AA/EEO Officer shall make a follow-up call to the caller within five business days. The purpose of the follow-up call is to inform the caller that the compliance issue is being investigated. If the issue has been resolved, the nature and form of the resolution shall be communicated to the caller. Confidential information obtained during the investigation shall not be disclosed to the caller.Role of legal counsel. UTPB’s AA/EEO Officer and/or Compliance Office shall consult U. T. System’s Office of General Counsel when a major issue is reported via the Compliance Hotline.Complaints. The Compliance Hotline is not a complaint Hotline. Only matters involving compliance with a U. T. System or UTPB policy or procedure or a federal or state law or regulation shall be investigated. Callers with complaints shall be advised to pursue normal administrative channels.

Compliance Hotline Procedures
1.      Greet caller politely.
1.      Explain anonymity and confidentiality policy.
2.      Get facts from caller.
3.      If the call is a complaint, advise the caller to pursue normal administrative channels.
4.      If the call involves a compliance issue, complete the Compliance Hotline Report Form.
5.      If the caller desires a follow-up call, explain the resolution policy.
6.      Thank caller for calling.
7.      Record all calls on Compliance Hotline log. Note relevant information on Compliance Hotline Report Form.
8.      Discuss compliance issue with Compliance Officer.
9.      If the compliance issue is a minor issue, refer the matter to the appropriate department head for resolution. Ask the department head to call you with a status report in time for you to provide the caller with a status report within five business days. Note discussion and deadline on the Compliance Hotline Report Form.
10. If the compliance issue is a major issue, report the matter to the President. After reporting the matter to the President, call U. T. System’s Office of General Counsel and seek guidance.
11. If the compliance issue is an alleged fraud, follow U. T. System fraud policy.
12. Call the caller within five business days and provide a status report. Do not disclose confidential information obtained during the investigation.
13. Lock Compliance Hotline Report Forms in a file cabinet.
14. Secure office at night.
15. Provide a summary report on Compliance Hotline calls to the Institutional Compliance Committee at each of its meetings.

Recommendations to Audit Committee

The Institutional Compliance Committee shall recommend to the Audit Committee which compliance areas to include in UTPB’s audit plan. The Institutional Compliance Committee shall also refer matters of non-compliance or concern to the Audit Committee.

Appendix A: Sample Forms and Charts

The University of Texas - Permian Basin

Compliance Structure

compliance manual

Compliance Committee:
Dr. David Watts, President
Dr. Bill Fannin, Provost and VP Academic Affairs
Dr. Susan Lara, VP Student Services
Dr. Chris Forrest, VP Business Affairs and Compliance Officer
Dr. J Tillapaugh, Assistant VP-Grad Studies/OSP
Dr. Doug Hale, Faculty
Dr. Corbett Gaulden, Faculty
Mr. Alex Castillo, Director of Accounting
Mrs. Linda Isham, Director of Human Resources
Ms. Narita Holmes Internal Auditor III,

[Name of Department/Budget Group]

The University of Texas of the Permian Basin

4901 University

Odessa, Texas 79762

Telephone (432) 552-XXXX Fax (432) 552-XXXX

[Budget Authority Name]

[Title]

[October 1, 2002]

M E M O R A N D U M

TO: [Supervisor Name]

[Supervisor Title]

FROM: [Department Head/Budget Authority] [Signature]

CC: [Vice President for Academic Affairs, Student Services or Business Affairs]

SUBJECT: 20__ Self-Assessment Report on Internal Control

[Name of Department/Budget Group] maintains a system of internal control that is designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

· Effectiveness and efficiency of operations (including the safeguarding of assets against unauthorized acquisition, use, or disposition),
· Reliability of financial information, and
· Compliance with applicable laws and regulations.

[Name of Department/Budget Group] has self-assessed its system of internal control as of August 31, 20__ in relation to criteria in U. T. Permian’s Management Responsibilities Handbook. Based upon the department’s self-assessment, [except for matters noted below,] it is my opinion that, as of August 31, 20__ the department’s system of internal control is adequately designed, properly executed, and effective.

Financial Stewardship
· [Name of Department/Budget Group] complied with U. T. Permian purchasing procedures during the fiscal year ended August 31, 20__
· As department head [or budget authority], I reviewed supporting documentation for all DEFINE transactions processed against departmental accounts during the fiscal year ended August 31, 20__
· [Name of Department/Budget Group] maintains adequate segregation of financial duties; no one person enters Define transactions, approves DEFINE transactions, handles cash receipts, and reconciles departmental accounts.
· [Name of Department/Budget Group] retains supporting documentation for all DEFINE transactions in accordance with U. T. Permian’s records retention schedule; departmental files are neat and orderly.
· [Name of Department/Budget Group] reconciled departmental accounts on a monthly basis during the fiscal year ended August 31, 20__; departmental accounts are reconciled through August 31, 20__.
· [Name of Department/Budget Group] processed vendor invoices no later than 11 calendar days after the receipt of invoices (assuming that goods or services had been received).
· [Name of Department/Budget Group] deposited cash receipts on a daily basis with the Cashiers’ Office during the fiscal year ended August 31, 20__.
· [Name of Department/Budget Group] did not overspend departmental accounts during the fiscal year ended August 31, 20__.

Asset Security
ü      [Name of Department/Budget Group] capital equipment records in DEFINE are accurate and complete as of August 31, 20__.
ü      [Name of Department/Budget Group] assets that are susceptible to theft were adequately secured and safeguarded during the fiscal year ended August 31, 20__.
ü      Confidential, sensitive, or essential data that resides on departmental computers was adequately protected from accidental or unauthorized disclosure, modification, or destruction for the year ended August 31, 20__; there are no unlicensed software products on departmental computers as of August 31, 20__.

Human Resources Management
ü      As department head [or budget authority], I completed EEOC compliance records for all new employees hired during the fiscal year ended August 31, 20__.
ü      [Name of Department/Budget Group] has achieved workforce diversity as of August 31, 20__, as defined by U. T. System’s policy on workforce diversity.
ü      [Name of Department/Budget Group] maintained accurate and complete time and leave records in DEFINE for all non-exempt employees during the fiscal year ended August 31, 20__.
ü      All employees in [Name of Department/Budget Group] received a written performance evaluation during the fiscal year ended August 31, 20__.
ü      All employees in [Name of Department] completed the required compliance training modules on the web during the fiscal year ended August 31, 20__.

Effective Operations
ü      [Name of Department/Budget Group] has written goals and objectives as of August 31, 20__.
ü      [Name of Department/Budget Group] has a departmental policies and procedures manual as of August 31, 20__, that addresses policies and procedures that are unique to departmental operations.
ü      [Name of Department/Budget Group] complied with U. T. System’s policy on minimum faculty teaching loads for the fiscal year ended August 31, 20__.
ü      [Name of Department/Budget Group] has a documented system of planning and evaluation as of August 31, 20__, which complies with SACS standards on institutional effectiveness; the results of evaluations were used to improve operations during the fiscal year ended August 31, 20__.

ü [Name of Department/Budget Group] has implemented all internal and external audit recommendations as of August 31, 20__.

Compliance with Laws and Regulations
ü [Name of Department/Budget Group] complied with all federal, state, and municipal laws and regulations (including contract and grant provisions) during the fiscal year ended August 31, 20__.

[In the following paragraphs, discuss all items omitted from the above listing (including word changes to the above statements). Include planned corrective actions and implementation dates.]

Please call me if you have any questions or comments about this report.