At the Society of Corporate Compliance and Ethics’ (SCCE) annual Higher Education Compliance Conference in June 2021, a diverse set of college and university compliance professionals shared their perspectives on a variety of compliance topics. Baker Tilly facilitated a panel discussion with compliance leaders from two private universities to share their perspectives and lessons learned on compliance and the intersection with enterprise risk management (ERM) and internal audit.
The discussion panel focused on three primary objectives:
The panel focused on three overall themes:
Institutions often leverage the framework set forth in the Federal Sentencing Guidelines to develop a customized compliance program that can support both ethics and compliance. Effective compliance programs typically include the following elements:
While compliance programs are often driven by external regulation, ERM is geared towards helping institutions identify and mitigate risks that may impede attaining strategic goals and objectives. Additionally, ERM is rooted in creating a risk-aware culture that takes a consistent approach to risk management, often through enhanced and informed decision-making with a goal of achieving efficiency and optimization.
Compliance and ERM both utilize a similar method in identifying, assessing and managing enterprise and compliance risks. However, success for both sets of stakeholders requires leadership buy-in and sponsorship, process governance, careful integrated planning, accountability and clear communication strategies.
Examples of typical compliance and combined ERM structures include:
There are tremendous benefits for institutions that connect their compliance and ERM frameworks. The compliance and ERM partnerships, along with ongoing collaboration, are critical to moving compliance forward alongside the insights ERM provides.
Stakeholders should develop an approach that not only enables a proactive evaluation of the compliance and ethics-related risks their institution faces today, but also considers whether there are other emerging or trending risks that could have an impact in the future.
The discussion panelists highlighted some examples or areas that they believe have potential for enhanced collaboration:
Further, it is important to remember that enterprise risk can be viewed either from a holistic perspective or divided into its strategic and operational components. This can help to effectively identify and mitigate large-scale risks while still accounting for a cross-functional and operational view of risk and helping to differentiate priorities for an institution.
COVID-19 created a variety of challenges over the past 12-18 months. However, many valuable lessons emerged from the complexities caused by the pandemic, such as:
With further development of compliance and ERM programs, institutions have a growing opportunity to enhance the level of collaboration, information sharing and communication on key compliance and ethics risks that their institutions face or will be likely to face in the future.
For more information, or to learn how Baker Tilly’s higher education compliance specialists can help your institution, contact our team.