Skip to main content

University Compliance Program Fundamentals

An effective and resilient compliance program fundamentals are comprised of seven core elements.

Cornell strives to include the following in its University Compliance Program Fundamentals:


Caption: A visual depiction of the University Compliance Program Fundamentals and its core elements

The core elements of the Cornell University Compliance Program Fundamentals are detailed further here and can be used as a general guide to support compliance obligations and mitigate compliance-related risks across the university.

Oversight and Accountability

The Board of Trustees, Oversight Councils and Committees, University Compliance Office, and Compliance Owners and Partners play critical check and balance roles in oversight and accountability for compliance obligations.

Policy and Procedures 

University-wide ethical standards, University policies, written programs, and unit procedures establish the hierarchy of written documentation that collectively guide behavioral expectations and procedural tasks associated with compliance obligations.

Outreach and Education

Compliance-focused trainings, tabletop exercises, partner meetings, and workshops provide different mechanisms for conveying and reinforcing knowledge and awareness of compliance obligations, as a forum for consensus building and to identify key gaps and needs

Auditing and Monitoring

Risk assessments, risk assurance, institutional risk management, and audits provide proactive means to review and assure that compliance obligations are being managed to the university's expectations.

Communication and Reporting

A university-wide regulatory reporting calendar, annual report, website, and leadership meetings provide transparent and effective mechanisms to convey emerging regulations, regulatory reporting obligations and deadlines, compliance-related accomplishments and key compliance focus areas

Investigations of compliance concerns or complaints 

Issue tracking, due process, legal counsel, an ethics hotline, and incident response are varied mechanisms that collectively manage compliance concerns, complaints, and incidents at the university

Corrective Actions

Progressive corrective action plans, continuous improvement goals, and updates to policies and procedures are means to correct, close out, and prevent further compliance gaps