proactive compliance at twu “part 2”...7/24/2017 3 the “eight steps” at twu1 1. identify...

7/24/2017

1

Proactive Compliance at TWU“Part 2”

Deena King, TWU Director of Compliance

Agenda• Part 1:

– Review the 2016-2017 Compliance Initiative

– Introduction to the “Three Lines of Defense”

• Part 2:– Compliance “Time Telling”

• Part 3:– Workshop

7/24/2017

2

Management Principle

Concentrate on building an organization—building a ticking clock—rather than telling time...take an architectural approach and concentrate on building organizational traits…

- Jim Collins & Jerry Porras

Built to Last, pp. 199-201 (paraphrased/emphasis added)

Last Year’s Initiative…

…or “Compliance Clock Building”

7/24/2017

3

The “Eight Steps” at TWU1

1. Identify Requirements/Assess Risk

2. Establish/ Modify Compliance Organization

3. Document Standards, Policies, and Procedures

4. Communicate Standards, Policies, and Procedures

5. Implement, Promote, and Enforce

6. Monitor, Audit, and Report

7. Continuous Improvement

8. Leadership/Corporate Culture

1 Adapted from Compliance in One Page ©2015. Used with permission.

Introduction to the “Three Lines of Defense”

Plugging Holes in the Fence

7/24/2017

4

What would happen if…• San Quentin was

missing one or two sections of the outer fence?

What would happen if…• Every player on a

football defense was on the field except the middle linebacker?

7/24/2017

5

What would happen if…• The night manager at

Tiffany & Co. left the front door unlocked all night?

Would all be lost?

Why or why not?

7/24/2017

6

The Value of LayersLocking the Building

Locking the Vault

Securing theFence

As Leaders at TWU We Must Protect…

Technology/Data

Reputation

LifePersonal Safety

Against Lawsuitsand Fines

Infrastructure/Assets

7/24/2017

7

In “internal control” language…• Three lines of defense

– First Line (“front lines”)• Managers/Directors &

Their Staff

In “internal control” language…• Three lines of defense

– Second Line• Specialty Offices:

– Environmental Health and Safety

– Compliance

– Risk Management

– DPS, etc.

7/24/2017

8

In “internal control” language…• Three lines of defense

– Third Line• Internal Auditors

In “internal control” language…• Three lines of defense

– Keeping an eye on all of these are:

• Cabinet

• Board of Regents

• External Auditors

• Regulators

7/24/2017

9

On the TWU Compliance Team…

• Everyone plays an important role!!

Why the Compliance Plans Matter• Because compliance at TWU is:

– HR

– Safety

– Privacy

– Accounting

– Disabilities

– Diversity

– Housing

– Grants Management

– Information Technology

– Copyright

– Research

– Tax

– Procurement

– And many more…

7/24/2017

10

Why the Compliance Plans Matter

Completed Plans

In‐Progress Plans

TBD

Why the Compliance Plans Matter• Helping TWU Protect:

– Life

– Personal safety

– Infrastructure/Assets

– Reputation

– Against lawsuits/fines

– Technology/Data

– Etc.

7/24/2017

11

Questions/Comments?

After the Break

Discussion of Compliance “Time Telling”

7/24/2017

12

** Break **Snacks in the Lobby

This Year’s Initiative:Compliance “Time Telling”

…or identifying potential holes in the fence by asking, “Are we in compliance?”

7/24/2017

13

Management Principle

Concentrate on building an organization—building a ticking clock—rather than telling time...take an architectural approach and concentrate on building organizational traits…

- Jim Collins & Jerry Porras

Built to Last, pp. 199-201 (paraphrased/emphasis added)

Compliance “Time Telling”

An important part of compliance is related to “time telling”…

“Are we in compliance?”

7/24/2017

14

The “Eight Steps” at TWU1

1. Identify Requirements/Assess Risk

2. Establish/ Modify Compliance Organization

3. Document Standards, Policies, and Procedures

4. Communicate Standards, Policies, and Procedures

5. Implement, Promote, and Enforce

6. Monitor, Audit, and Report

7. Continuous Improvement

8. Leadership/Corporate Culture

1 Adapted from Compliance in One Page ©2015. Used with permission.

Assess Risk/ Identify Requirements

Establish/Modify Compliance Organization

Document Standards, Policies, and Procedures

Communicate Standards, Policies, and Procedures

Implement, Promote, and Enforce

Monitor, Audit, and Report

TWU Compliance Process:  The Model2

Leadership/Corporate Culture

Continuous

Improvement

Disclaimer: This model is provided as guidance only and can be modified to meet your needs.  This document does not guarantee prevention of lawsuits, judgments, or fines and is not a substitute for the advice of an attorney. All information is provided without warranty, express, implied, or otherwise, including as to their legal effect and completeness.

LawsRegulationsRegulators

2 Adapted from Compliance in One Page ©2015. Used with permission.

LawsRegulationsRegulators

7/24/2017

15

Management PrincipleFacts are better than dreams…[When] you start with an honest and diligent effort to determine the truth of the situation, the right decisions often become self-evident…You absolutely cannot make a series of good decisions without first confronting the brutal facts.

- Jim Collins

Good to Great, p. 69, 70 (emphasis added)

Monitor, Audit, Report

Survey Questions #15

• Monitor and Report: What plans or processes will be performed to monitor compliance in this area?

Survey Questions #16

• Audit and Report: What plans or processes will be performed to audit compliance in this area?

7/24/2017

16

The Legal Bit

The organization shall take reasonable steps…to ensure that the organization’s

compliance and ethics program is followed, including monitoring and auditing to detect

criminal conduct...USSG §8B2.1(b)(5)(A)

Here’s the problem…• TWU only has one internal audit department

• When it is at full staff, there are only 3 people in that department

• …and there are over 50 of you…

• …so…is there a better way to know whether or not we are “in compliance?”

7/24/2017

17

One solution…• …do not panic…

• …do not fear…

• …everything is going to be fine…

• …drum roll please…

• “Self-auditing”

Destinee’s bit goes here

7/24/2017

18

Why Self-auditing Helps…A Lot• Who knows best where

the holes in each fence are?

• Who NEEDS to know about these holes?

• What is the best way to tell them?

Management Principle

Take your managers plans, not problems

7/24/2017

19

Basic Steps of a Compliance Self-audit• You should have

received and email while Destinee was speaking

• Please open it and download the attachment

Self-audit Worksheet• A basic audit form contains around seven fields:

Law/Regulation (Title and/or Citation):

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

3)

00

1122 33 44 55

66

7/24/2017

20

Basic Steps of a Compliance Self-audit0. Identify the law/regulations (Title and/or Citation)

1. Make a list of what needs to be done to comply.

2. For each item on the list, answer the question, “Are we in compliance?• Yes, No, Partial, or Not Applicable to TWU

3. If yes or partial: a) What evidence can we provide that we are in compliance?

Basic Steps of a Compliance Self-audit4. If No or Partial:

a) What do we need to do and how will we do it? (Key Actions)

5. For Key Actions:a) Who will be the leader/doer?

b) What will be the goal due date?

6. Make any notes related to this item.

7/24/2017

21

Questions/Comments?

During the Break

1) Think of a compliance area where you knowyou are doing well and

2) Think of a compliance area where you know some things need to be done.

7/24/2017

22

After the Break

• Two workshop segments

1) Walk through “Yes” compliance self-audit steps

2) Walk through “No/Partial” compliance self-audit steps

** Break **Snacks in the Lobby

7/24/2017

23

Self-Audit Workshop Pt. 1

“Yes” we are in compliance and here is how we can prove it

“Yes” We are in ComplianceOpen the Word attachment and in the top line, type in a law or regulation you are responsible for complying with and a very short summaryLaw/Regulation (Title and/or Citation):

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

3)

Law/Regulation (Title and/or Citation):

ADA Web Access: All multimedia at TWU must be ADA‐compliant.

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

3)

00

7/24/2017

24

“Yes” We are in ComplianceIdentify one thing TWU should be doing to comply that we are doing and put “Yes” in column 2 and a list of evidence in column 3. For “Yes”, columns 5-7 are “NA.”Law/Regulation (Title and/or Citation):

ADA Web Access: All multimedia at TWU must be ADA‐compliant.

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

11IT reviews all technology purchases Yes

1. https://servicecenter.twu.edu/TDClient/Requests/ServiceDet?ID=8279

2. http://www.twu.edu/accessibility/3. Documentation showing these processes 

are being followed.

NA NA NA

22 33

Workshop: Your Turn• Open the Basic Self-Audit Worksheet and fill in the

blanks for at least one “Yes” in your areaLaw/Regulation (Title and/or Citation):

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

3)

7/24/2017

25

Self-Audit Workshop Pt. 2

“No” (or partial) we are not in compliance and here is what we

need to do

“No” We are not in ComplianceIdentify one thing TWU should be doing to comply that we are NOT doing. Type a short summary in column 1 and put “No” in column 2. Law/Regulation (Title and/or Citation):

ADA Web Access: All multimedia at TWU must be ADA‐compliant.

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

IT reviews all technology purchases Yes

1. https://servicecenter.twu.edu/TDClient/Requests/ServiceDet?ID=8279

2. http://www.twu.edu/accessibility/3. Documentation showing these processes 

are being followed.

NA NA NA

Identify non‐compliant media No11

22

7/24/2017

26

“No” We are not in ComplianceIdentify what, who, and when and put this information in columns 3-5. Add any special instructions/notes/comments in column 6.Law/Regulation (Title and/or Citation):

ADA Web Access: All multimedia at TWU must be ADA‐compliant.

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

IT reviews all technology purchases Yes

1. https://servicecenter.twu.edu/TDClient/Requests/ServiceDet?ID=8279

2. http://www.twu.edu/accessibility/3. Documentation showing these processes 

have been followed.

NA NA NA

Identify non‐compliant media No

33 44 55661. Set up a process to identify non‐compliant 

media and remove or update it.ADA Task Force

July 2019The ADA Task Force will begin this process Fall 2017

Management Principle

• To accomplish the plan, what is needed?– Personnel?

– Finances?

– Time?

– Re-ordered priorities?

– Leadership support?

7/24/2017

27

Workshop: Your Turn• Open the Basic Self-Audit Worksheet and fill in the

blanks for at least one “No” in your areaLaw/Regulation (Title and/or Citation):

What do we need to do to comply?

Are we in compliance, Y/N/P/NA?

If yes or partial: What evidence can we provide that we are in compliance?

If no or partial: What do we need to change and how? (Key Actions)

Key Actions:Responsible 

Party

Key Actions:Due Date

Notes

1)

2)

3)

How Self-Audit Helps TWU• It helps TWU protect:

– Life

– Personal safety

– Infrastructure/Assets

– Reputation

– Against lawsuits/fines

– Technology/Data

– Etc.

7/24/2017

28

What’s Next: 2017-18 Compliance Initiative

• Sometime in the next few months– An invitation from the Office of Compliance

• Higher Education Compliance Alliance matrix applicable to your area

• For others, we will look at some additional opportunities

Questions/Comments?

7/24/2017

29

Thank you!…and time for door prizes and

lunch!!

Destinee Waitersdwaiters@twu.edu

Deena Kingdking16@twu.edu