1. Home
  2. Offices
  3. Compliance
  4. Frequently Asked Questions

Frequently Asked Questions

Organizational Compliance 101

What is Compliance?

Compliance - sometimes referred to as organizational or institutional compliance -  is a framework for facilitating adherence to federal and state laws and policies that govern the organization and for promoting ethical and lawful decision-making and conduct on the part of the organization’s employees. At the UNT System Administration, this includes incorporating the System’s ethics and standards of conduct, and its values into daily operations; knowing and following the laws and policies that affect these operations; educating ourselves on the functions we perform that can expose the System Enterprise to legal and regulatory repercussions; and devoting time and other resources to preventing and detecting violations of law and policies that give rise to risks associated with failing to comply with these laws and policies (i.e. “compliance risks”). 

Where did institutional compliance originate?

High-profile scandals in the 1970s and 1980s highlighted the widespread practice of companies bribing politicians and government officials. In 1991, the Federal Sentencing Guidelines were promulgated in an attempt to bring greater consistency in sentencing, including sentencing organizations that were convicted of violating federal law.

See Pew Research Center. Public Trust in Government: 1958-2024. https://www.pewresearch.org/politics/2024/06/24/public-trust-in-government-1958-2024/

What is the purpose of the Federal Sentencing Guidelines?

The Guidelines: (1) incentivize organizations to self-police their corporate behavior; (2) provide guidance on effective compliance and ethics actions organizations can take to demonstrate a good-faith effort to self-police; and (3) hold organizations accountable based on defined culpability factors.

The organizational sentencing guidelines have wielded significant influence on corporate America…designed to incentivize corporate self-policing through its ‘carrot and stick’ philosophy…it has ‘catalyzed vigorous efforts by companies to promote ethical performance and reduce organizational misconduct.

See United States Sentencing Commission. “The Organizational Sentencing Guidelines: Thirty Years of Innovation and Influence. August 2022.

Do public agencies and universities need compliance programs?

High-profile scandals over the decades, such as ABSCAM and Iran-Contra, demonstrate why organizational compliance, accountability and responsibility is not limited to the private sector.

What is the benefit of having an institutional compliance program?

Compliance programs foster compliance with the law, which contributes to an organization’s effectiveness and mission accomplishment, including by eliminating the disruption and diversion of resources resulting from investigations into suspected misconduct.  Practically, when determining whether to prosecute an organization for criminal conduct, the Department of Justice considers the “adequacy and effectiveness of the corporation’s compliance program” both at the time of the alleged conduct and at the time the federal government is deciding whether to prosecute. See DOJ Justice Manual 9-28.000 - Principles of Federal Prosecution of Business Organizations.

Is the UNT System Administration required to have a compliance program?

UNT System Regulation 02.1000 requires each component of the System Enterprise to have a compliance program that is designed to prevent and detect violations of law and policies; and that encourages all employees and individuals acting on behalf of the System to conduct themselves lawfully, honestly and with integrity, including preventing retaliation against individuals who make good faith reports of suspected misconduct. 

What can happen if the UNT System Administration does not have an effective compliance program?

An organization’s employees can be sentenced to prison for violating certain federal and state laws. While organizations cannot be sent to prison, they can be prosecuted, fined, ordered to make restitution, and prohibited from receiving federal and state funds. The U.S. Department of Justice has made it clear that the prosecution of organizational criminal conduct “is a high priority.”  See “Overview of Organizational Guidelines” and DOJ JM9-28.800.

How does an organization know when it has an effective compliance program?

The Federal Sentencing Guidelines expect compliance programs to have eight components:

  1. Standards and procedures reasonably capable of reducing the prospect of criminal activity
  2. Oversight by high-level personnel
  3. Due care in delegating substantial discretionary authority
  4. Effective communication to all levels of employees
  5. Reasonable steps to achieve compliance, which include systems for monitoring, auditing and reporting suspected wrongdoing without fear of retaliation
  6. Consistent enforcement of compliance standards including disciplinary mechanisms
  7. Reasonable steps to respond to and prevent repeated violations once a violation is detected
  8. Promotion of an organizational culture that encourages a commitment to compliance and the law

When determining whether an organization’s compliance program is effective, the U.S. Department of Justice asks three “fundamental” questions:

  1. Is the compliance program well designed?
  2. Is the compliance program adequately resourced and empowered to function effectively?
  3. Does the organization’s compliance program work in practice?

See DOJ Criminal Division. “Evaluation of Corporate Compliance Programs.” Updated March 2023.

What does an effective compliance program look like in practice?

In 2005 the U.S. Department of Health and Human Services Office of the Inspector General published seven tangible requirements that a program must demonstrate in order to be effective:

  1. Written policies and procedures
  2. Compliance leadership and oversight
  3. Training and education
  4. Effective lines of communication
  5. Enforcement of Standards: incentives and consequences
  6. Risk assessments, audits, and monitoring
  7. Prompt response to detected violations and corrective action

See U.S. Department of Health and Human Services Office of the Inspector General. “General Compliance Program Guidance.”

 

Reporting Suspected Wrongdoing by Speaking Up

What should I do if I suspect wrongdoing?

An employee or individual authorized to act on behalf of the UNT System who reasonably believes a System employee’s or vendor’s conduct violates law, Regents Rule, System Regulation, or policy is expected to speak up and report the suspected wrongdoing.  Other individuals are encouraged to report suspected wrongdoing.

Why should I Speak Up?

Speaking up when we observe conduct that is not in the best interest of our UNT System community is a form of engagement. Speaking up also models exceptional standards by holding ourselves and others accountable.

Where can I Speak Up about suspected wrongdoing?

Suspected wrongdoing can be reported in several ways, including anonymously:

  1. Notify your supervisor unless your supervisor is the person suspected of the wrongdoing.
  2. Notify the UNT System Administration Compliance and Ethics Program at: 940.565.2156 or compliance@untsystem.edu
  3. Online at the Compliance Trust Line at: https://untsystem.onetrustethics.com/. (Reports can be made anonymously).
  4. Inform the Texas State Auditor’s Office if the suspected wrongdoing involves fraud, waste or abuse of public resources at https://sao.texas.gov/ or the agency’s fraud hotline at SAO Fraud Hotline at 1-800-TX-AUDIT (1-800-892-8348).

What if I am afraid to hold someone else accountable by Speaking Up about suspected wrongdoing?

Reporting suspected wrongdoing is in the best interest of the UNT System and the people we serve. To encourage a culture of accountability and compliance, the System prohibits retaliation against individuals who report suspected wrongdoing and has implemented a program to protect against retaliation. Also, the Texas Whistleblower Act protects employees who report unlawful activity in good faith from retaliation.

 

Difference Between Compliance and Internal Audit

What is Compliance?

"Compliance” - sometimes referred to as organizational or institutional compliance - is a framework for facilitating adherence to federal and state laws and policies that govern the organization, and for promoting ethical and lawful decision-making and conduct on the part of the organization’s employees. The Compliance & Ethics Program operationalizes this framework with a focus on establishing an organizational culture that is committed to ethical and lawful decision-making and on preventing and detecting violations of the law and policy (i.e. “compliance risks”). It also assists management officials continuously identify compliance risks and provides advice on controls to mitigate these risks.

What is Internal Audit?

According to the Institute of Internal Auditors, internal audit is “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes…[and] provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organizational goals and objectives are met.” See Institute of Internal Auditors. “What is Internal Audit?” https://www.theiia.org/en/about-us/about-internal-audit/.

What is the difference between Compliance and Internal Audit?

The “Three Lines of Defense” model for risk governance depicts the difference between management, Compliance and Internal Audit this way:

  • First line: Management has the primary responsibility to own and manage risks associated with day-to-day operational activities. Other accountabilities assumed by the first line include design, operation, and implementation of controls.
  • Second line: The second-line function enables the identification of emerging risks in daily operation of the business. It does this by providing compliance and oversight in the form of frameworks, policies, tools, and techniques to support risk and compliance management.
  • Third line: The third-line function provides objective and independent assurance. While the third line’s key responsibility is to assess whether the first- and second-line functions are operating effectively, it is charged with the duty of reporting to the board and audit committee, in addition to providing assurance to regulators and external auditors that the control culture across the organization is effective in its design and operation. See Deloitte. “Modernizing the three lines of defense model – an internal audit perspective.” https://www2.deloitte.com/us/en/pages/advisory/articles/modernizing-the-three-lines-of-defense-model.html.

What is a “compliance risk”?

UNT System Regulation 02.100 defines a “compliance risk” is an action or inaction that exposes an organization to legal or regulatory sanctions. These sanctions can be in the form of fines or penalties, or in some cases criminal prosecution. UNT System Administration employee and individuals authorized to act on behalf of the System Enterprise can expose the organization to sanctions.

Are compliance risks the same as other risks?

Generally, a compliance risk exposes the System Enterprise to criminal liability or civil or administrative sanctions due to a violation of law or policy, including an ethics violation.  On other risk, such as environmental, financial, governance, operational, people, reputational/brand, social and safety, strategic, and technological, expose the System to other types of potential harm.

What can I do to contribute to a culture of ethical and lawful conduct?

  • Read the UNT System Administration Ethics and Standards of Conduct policy and model exceptional ethical behavior
  • Read the Reporting Suspected Wrongdoing policy and demonstrate courageous integrity by speaking up when your training and experience leads you to believe wrongdoing has occurred.
  • Stay current on your ethics and compliance-related training (e.g. conflict of interest, dual employment and outside activities, nondiscrimination, prohibition against sexual assault/ harassment, information security, and privacy).

How can I learn more about the UNT System Administration Compliance and Ethics Program?

Be curious and explore the Compliance and Ethics Program webpage often. You will find information about compliance in general, compliance news you can use in your daily professional activities, and more.