Our Program

Program Overview

The Compliance and Ethics Program, lead by the Office of Compliance and Ethics, is a proactive program through with RIT maintains a culture of integrity while it navigates in good faith the complex laws, regulations and standards by which it is bound.  The Compliance and Ethics Program is comprised of the (1) Compliance and Ethics Management Framework, which gives the RIT Community a broad overview of the management and governance structure of the Compliance and Ethics Program, (2) RIT Compliance and Ethics Program Standards and Responsibility Matrix, which details the duties and responsibilities of each key member of the RIT Community as it relates to the Program, and (3) policies and procedures developed by the university to address university, statutory, and regulatory requirements.

Compliance and Ethics Program


The Compliance and Ethics Program is run by a coordination of individuals and committees with varying levels of authority and different areas of expertise within the university.

An effective compliance program requires the commitment of senior leadership and middle management to ensure effective internal controls and adherence to high ethical standards. RIT’s Compliance and Ethics Program reflects a strong commitment by the President, the Board, and senior and operational leadership to comply with all applicable laws and regulations to operate the university in a manner consistent with the highest levels of integrity and ethical conduct. The governance responsibility of ensuring effective implementation of the Compliance and Ethics Program at RIT is shared among the following parties, proportionate with their roles, functions and areas of control.

  Download: Governance Overview

The Board of Trustees retains the ultimate responsibility for legal and regulatory compliance and determining the appropriate level of compliance risk the Board is willing to accept in RIT’s business activities. The Board, with Senior Leadership, sets the “tone at the top” for the entire university.

The Audit Committee of the Board of Trustees is delegated by the Board to oversee the legal and regulatory compliance activities of the university and has the ultimate responsibility to ensure university compliance with applicable laws, regulations, policies, and procedures. The Audit Committee approves all significant Compliance and Ethics Program activities and must provide timely reports on the Compliance and Ethics Program and particular compliance matters to the full Board of Trustees. The details of the Audit Committee’s responsibilities related to the Compliance and Ethics Program are in the Compliance Elements & Responsibility Matrix.

The Enterprise Risk Committee ("ERM") Subcommittee of the Board of Trustees oversees the risks affecting the university on an enterprise level. The Subcommittee approves the annual Institute Risk Map, and it reviews and provides advice on the mitigation/treatment plans for the top risks each year.

Below the Board, the university has three risk and compliance committees. This structure allows for more comprehensive oversight of regulations and requirements by administrators and operational managers than a single compliance officer could provide alone. This structure facilitates the sharing of best practices and recent developments with compliance contacts across the university. It also provides a forum for raising awareness on risk and compliance activities around the university.

The risk and compliance committees provide guidance and support for the operation of the Compliance & Ethics Program and support the Assistant Vice President of Compliance & Ethics in all aspects of the implementation of the Compliance & Ethics Program.

The Executive Risk and Compliance Committee (“ERCC”) assists the Audit Committee of the Board of Trustees and the Assistant Vice President of Compliance & Ethics in fulfilling their compliance and ethics responsibilities.  The ERCC is co-chaired by the Senior Vice President of Finance and Administration and the Provost. With the Board of Trustees, the ERCC sets the “tone at the top” and monitors key risk and compliance areas. 

The University Risk and Compliance Committee (“URCC”) is comprised of other administrators and operational managers who have responsibilities in the major compliance areas of the university. These include, among other areas, employment, student affairs, academic affairs, research, enrollment management, financial aid, development and alumni relations, diversity and inclusions, and finance. The URCC is co-chaired by the General Counsel and the Assistant Vice President of Compliance & Ethics. The URCC is responsible for overseeing, evaluating, and validating the risk and compliance issues identified by the University Risk and Compliance Network.  Operational managers for areas under which a risk falls are also responsible for managing the identified risks.

The University Risk and Compliance Network (“URCN”) is a group of individuals identified by Operational Management as the point of contact for Compliance & Ethics Program responsibilities in their working areas. The members of the URCN are responsible for the day-to-day functional compliance activities attendant to their designated compliance areas and serve as subject matter experts on key operational and strategic risk and compliance areas. The URCN works with the Assistant Vice President of Compliance & Ethics to revise and update the Compliance Inventory as applicable to their compliance areas. The URCN is expected to coordinate and collaborate with OCE on compliance initiatives and new compliance obligations and to meet with OCE periodically on the status of compliance initiatives in their compliance areas. Their responsibilities related to the Compliance & Ethics Program are further detailed in the Compliance Elements & Responsibility Matrix.

In addition to the basic structure of the Compliance Management Framework, there are other parties who play vital roles in RIT’s Compliance Management Framework. Many of these individuals are members of the various Compliance Committees. Others are not part of the formal Government and Accountability Structure but step in to assist the Compliance & Ethics Program when appropriate.

  • Directs policy and sets the “Tone at the Top”
  • Monitors progress in key risk and compliance areas
  • Provides updates and recommendations to the ERM SubCommittee of the Board
  • Recommends allocation of resources
  • Oversees creation and implementation of Institute Risk Map
  • Identifies and monitors progress in key risk and compliance areas
  • Supports coordination of risk and compliance activities across the university
  • Reviews updates, recent developments and best practices
  • Serves as subject matter experts on key risk and compliance areas
  • Provides information on risk and compliance activities for their area to URCC as needed

Code of Ethical Conduct and Compliance (C00.0)

President David C. Munson

Letter from the President of Rochester Institute of Technology

 Dear Tigers,

I am pleased to present RIT’s Code of Ethical Conduct and Compliance. This Code was developed to inform, guide, and protect us in all we do at the university.

To that end, each of us must commit to living out RIT’s Core Values and complying with RIT policies and procedures, as well as all applicable laws in our work.  I am proud to be at RIT, rising toward preeminence as a global university, and gladly commit to this Code.  Thank you for joining me as we build RIT’s excellence through difference.

David C. Munson


Rochester Institute of Technology shapes the future and improves the world through creativity and innovation.  As an engaged, intellectually curious, and socially conscious community, we leverage the power of technology, the arts, and design for the greater good.  At the heart of this vision and mission is a commitment to excellence that extends to all aspects of our educational and research programs.  In pursuit of excellence, all members of the RIT community are expected to conduct their work in the highest ethical manner and to comply with the law and policies that govern activities and operations of the university.

In that spirit, the Code of Ethical Conduct and Compliance (the “Code”), along with university’s Core Values, Honor Code, Diversity Statement, and Commitment to Environmental Sustainability, provides a framework for acceptable standards of behavior and reinforces the principle that all members of the RIT community, including university officials and the Board of Trustees, have a responsibility to ensure that RIT conducts its business and pursues its mission ethically, legally, and with integrity.