Scribd Logo
Upload

Welcome to Scribd!

  • REGULATION REVIEW

    Uploaded by

    abellarc
    16 views5 pages

    Original Title

    Compliance and Regulation Management Review Memo

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views5 pages

    REGULATION REVIEW

    Uploaded by

    abellarc

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    COMPLIANCE AND REGULATION MANAGEMENT REVIEW

    MEMO

    BACKGROUND

    As a private, higher education institution, University A is subject to various laws and regulations. Compliance with
    these regulations requires a sound compliance and regulatory management function. The risk management office
    currently monitors and tracks applicable regulatory requirements, as well as the university’s compliance with these
    requirements, via the online database Compliance Portal. The portal was implemented in 20XY to replace the
    Lotus Notes Compliance Database. Compliance Portal allows departments to track compliance with certain
    policies and regulations, as well as departmental milestones and important compliance deadlines. Regulatory
    “owners” from each department work with the risk management office and general counsel to track compliance
    with identified regulations. Regulations that affect the higher education industry include the following:
    • Title IX/Clery Act – Title IX prohibits discrimination on the basis of sex in any federally funded education
    program or activity. Additionally, private and public universities participating in federal student aid programs are
    expected to comply with the Clery Act, requiring the disclosure of campus safety information and expected
    requirements for handling incidents of sexual violence and emergency situations.
    • Student Right to Know Act – Institutions that participate in any student financial assistance program under
    Title IV of the Higher Education Act of 1965 (as amended) are required to disclose information about
    graduation rates to current and prospective students.
    • NCAA (National Collegiate Athletic Association) Regulations – The university or boosters of university
    athletics violate NCAA regulations, which results in sanctions against athletic programs, loss of athletic
    scholarships, forfeiture of athletic program victories and/or adverse public perception of the university’s athletic
    programs.
    • Equity in Athletics Disclosure Act – Requires co-educational institutions of post-secondary education that
    participate in a Title IV federal student financial assistance program and have an intercollegiate athletic
    program, to prepare an annual report to the department of education on athletic participation, staffing, and
    revenues and expenses, by men's and women's teams.
    • Higher Education Opportunity Act (HEOA) – The HEOA requires that institutions offering distance education
    or correspondence courses/programs have processes in place to ensure that the student registering for a
    course is the same student who participates in the course or receives course credit.
    • Student Loan Default Prevention Initiative Act – Initiated in 1990, this act enforces institutions with high
    default rates on student loans to be ineligible to participate in certain student loan programs.
    • Title IV – Non-compliance with Title IV regulations puts the organization at risk of not being able to receive
    financial aid funding at levels sufficient to operate the university.
    • Family Education Rights and Privacy Act (FERPA) – All student education records are considered
    confidential and ordinarily may not be released without written consent of the student. This is a federal law
    (Family Education Rights and Privacy Act of 1974).

    Non-compliance with regulations governing University A’s programs and operations puts it at risk of losing
    licenses to operate and/or financial aid funding, as well as puts the university at risk of fines, penalties, sanctions
    and reputational damage. As a continuation and refresh of the 20YY Compliance and Regulation Management
    Review, internal audit (IA) will review the maturity of the university’s overall compliance program, including how
    new requirements are identified, assessed and rolled out; roles and responsibilities; training and awareness; use
    of the Compliance Database; and monitoring ongoing compliance and compliance posture.

    Export control and the Foreign Corrupt Practices Act (FCPA) are additional regulatory requirements that affect
    higher education but will not be included at a detailed level in this project, as those regulations are on the internal
    audit plan for review as a separate project during the year.

    1 Source: www.knowledgeleader.com
    OBJECTIVES

    Our primary objectives are as follows:


    • Determine whether policies and procedures exist and are adequate in identifying and monitoring compliance
    with applicable laws and regulations.
    • Conduct interviews with risk management and other relevant university management, and review existing
    controls, procedures and training awareness used to identify and monitor applicable regulations and
    compliance requirements to impacted areas.
    • Determine the laws and regulations in which lack of compliance most greatly affects the university.
    • Review the compliance processes and controls associated with the selected areas and review adherence to
    university policies and procedures. Consider procedures around the monitoring and tracking of adherence to
    applicable laws and regulations.
    • Determine the status of internal audit’s recommendations delivered to the university as part of the 20YY
    University Compliance and Regulation Management Review and verify if appropriate remediation procedures
    have been implemented in response to these findings.
    • Evaluate the overall compliance program and work with risk management and other relevant personnel to
    develop appropriate recommendations for process and control improvements.

    SCOPE

    The scope of our engagement will include the review of policies, procedures and internal controls currently in
    place within the university’s compliance regulation management function around the university’s regulatory and
    compliance management process and use of the Compliance Portal.

    APPROACH AND REPORTING

    IA will perform the following:


    • Hold discussions with risk management (and other applicable departments, including: general council,
    athletics, financial aid, human resources, accreditation and program approval, and office of campus life).
    • Review existing policies, procedures and training to verify they are adequate to address regulatory
    requirements.
    • Review current compliance processes and controls to verify adherence to university policies. Consider
    procedures around monitoring and tracking of compliance to applicable laws and regulations.
    • Review best practices regarding methodologies for managing compliance with higher education regulations.
    • Identify process and control enhancement opportunities (including those related to policies).
    • Review and validate findings with process owners.
    • Work with university management to develop appropriate recommendations for improvement opportunities.

    At the conclusion of the review, we will provide management with a report that summarizes project objectives,
    scope and approach, procedures performed, process background, observations, and recommendations.

    SPECIALIST COORDINATION

    University A’s internal audit team will include the following specialists throughout the execution of this project:
    • Internal Audit and Quality Assurance – Person D, Associate Director

    2 Source: www.knowledgeleader.com
    • Internal Audit (IT) and Data Analysis – Person C, Managing Director

    IDENTIFICATION OF FRAUD RISK

    We will consider the likelihood of fraud risk, as well as identify any potential improvements to prevent and/or
    detect fraud as it relates to the specific processes included within this review. Should any potential indicators of
    fraud be discovered, the project sponsor will be notified immediately to discuss next steps.

    SUPERVISION AND REVIEW OF WORK PAPERS

    All work performed by internal audit seniors and consultants will be reviewed by internal audit management before
    being turned over to University A. Internal audit management will capture review comments either in an electronic
    file or directly on hardcopy. All final reviewed deliverables will be updated and maintained on-site in hard copy
    form and electronically on either internal audit’s client/project SharePoint site or in University A’s audit portal.

    In addition, it will be the responsibility of internal audit management and the internal audit team to determine when
    to involve the managing director. At a minimum, a member of the project management team (listed above under
    Specialist Coordination) will participate in internal audit-facilitated update meetings and presentations to discuss
    any identified exceptions or observations as well as project status, progress and other administrative matters.

    The internal audit and quality assurance lead will not sign off on each individual test performed but will review, at
    minimum, the consolidated listing of observations and exceptions.

    TIMING & LOGISTICS

    Commencement of fieldwork: March 20XX

    Conclusion of fieldwork: April 20XX

    The fieldwork is planned to be performed primarily by a consultant and senior consultant with review and
    oversight to be provided by the manager, person E and associate director, person D.

    BUDGET

    It is estimated that the compliance and regulation management review will be completed in approximately XX
    hours with an anticipated staffing mix per the breakdown below. Should the scope of our project change, we will
    modify our estimates accordingly and notify university management immediately.

    PLANNING

    Level Hours

    Managing Director X

    Associate Director X

    Manager X

    Senior Consultant X

    Total X

    3 Source: www.knowledgeleader.com
    EXECUTION

    Level Hours

    Associate Director X

    Manager X

    Senior Consultant X

    Total X

    WRAP-UP

    Level Hours

    Managing Director X

    Associate Director X

    Manager X

    Senior Consultant X

    Total X

    CONTACTS

    The key client contact information is as follows:

    Name Title/Dept Phone # Email

    Person A Assistant Vice President of Risk XXXXXXXXXX persona@university.com


    Management and Safety Services

    Person B Executive Director, Risk, Safety XXXXXXXXXX personb@ university.com


    and Transportation Programs,
    Risk Management and
    Environmental Health and Safety
    Services

    4 Source: www.knowledgeleader.com
    INTERNAL AUDIT TEAM
    The key internal audit team contact information is as follows:

    Name Title/Dept Phone # Email

    Person C Managing Director XXXXXXXXXX personc@company.com

    Person D Associate Director XXXXXXXXXX persone@company.com

    Person E Manager XXXXXXXXXX personf@company.com

    Person F Senior Consultant XXXXXXXXXX persong@company.com

    5 Source: www.knowledgeleader.com

    You might also like