Skip to main content

4 Steps to Compliance

Manage Compliance in Four Steps

The following guidance helps units identify and manage their regulatory compliance obligations.

Consult with the University Compliance Office to

  • Conduct a compliance program review

  • Identify mitigation strategies

  • Communicate concerns to appropriate leadership

Step 1: Identify Compliance Gaps 

Review regulations, laws, and policies or act to identify where there may be compliance gaps.

Common gaps include:

  • Assigned and clear accountability
  • Training programs for stakeholders
  • Availability of written documentation
  • Duplicative processes
  • Outdated processes or systems
  • Knowledge gaps
  • Succession gaps
  • Insufficient controls, checks, and balances
  • Misconduct or unethical behavior

Subtle Signs of Potential Compliance Gaps:

  • Near misses
  • Confusing accountability
  • Compliance issues not reported
  • FTE and other resource availability
  • Trends in findings, fines, citations 
  • Known issues not addressed
  • Non-compliance with university policy
  • Stakeholder complaints
  • Peer institutions in the news

Step 2: Prioritize Compliance Risks

Focus compliance efforts based on:

  • Life safety
  • Significant loss of revenue
  • Significant fines
  • Complete loss of funding
  • Complete loss of university license or permit
  • Potential for criminal charges
  • Significant stakeholder complaints and pain points
  • Higher ed landscape
  • Systemic impact (multiple units/schools/colleges within the organization)

Step 3: Select Appropriate Mitigations

A combination of the following controls can help reduce risk:

  • Single Point Accountable (SPA) identified
  • Proficiency in the regulation or act
  • Transparent programs
  • Internal checks and balances
  • Tracking gaps to closures
  • Tracking reports to government
  • Weekly/monthly reports
  • 3rd party or peer review
  • Additional insurance coverage
  • Management systems
  • Annual objectives (assigned to individuals)
  • Succession

Step 4: Develop a Strategy

To socialize and gain stakeholder buy-in, consider the following:

  • Identify and involve a variety of stakeholders
  • Determine whether there a need for a committee
  • Identify when the regulation took effect or is it emerging
  • Identify the timeline to get into compliance
  • Identify subject matter experts (SMEs)
  • Identify the responsible office
  • Seek to balance compliance with risks and to make risk-informed, fact-driven decisions