Our Program

Program Overview

The Compliance and Ethics Program, lead by the Office of Compliance and Ethics, is a proactive program through which RIT maintains a culture of integrity while it navigates in good faith the complex laws, regulations and standards by which it is bound. The Compliance and Ethics Program is comprised of the (1) Compliance and Ethics Management Framework, which gives the RIT Community a broad overview of the management and governance structure of the Compliance and Ethics Program, (2) RIT Compliance and Ethics Program Standards and Responsibility Matrix, which details the duties and responsibilities of each key member of the RIT Community as it relates to the Program, and (3) policies and procedures developed by the university to address university, statutory, and regulatory requirements.

Compliance and Ethics Program


An effective compliance program requires the commitment of senior leadership and middle management to ensure effective internal controls and adherence to high ethical standards. RIT’s Compliance and Ethics Program reflects a strong commitment by the President, the Board, and senior and operational leadership to comply with all applicable laws and regulations to operate the university in a manner consistent with the highest levels of integrity and ethical conduct. The governance responsibility of ensuring effective implementation of the Compliance and Ethics Program at RIT is shared among the following parties, proportionate with their roles, functions and areas of control.

  Download: Governance Overview

The Board of Trustees retains the ultimate responsibility for legal and regulatory compliance, and determining the appropriate level of risk the Board is willing to accept in RIT’s business activities. The Board, along with senior leadership, sets the “tone at the top” for the entire university. The Board has delegated oversight of the legal, regulatory compliance, and risk activities of the university to the Risk and Audit Committee of the Board of Trustees. The Risk and Audit Committee reviews all significant Compliance and Ethics Program activities. It also approves the annual Institute Risk Map, and ensures that senior  leadership is regularly and responding to the top enterprise risks. 

The university has three internal risk and compliance committees. This structure allows for more comprehensive oversight of regulations and requirements by administrators and operational managers than a single compliance officer could provide alone. The structure facilitates the sharing of best practices and recent developments with operational leaders across the university. It also provides a forum for raising awareness on risk and compliance activities around the university.

The risk and compliance committees provide guidance and support for the operation of the Compliance & Ethics Program and support the Associate Vice President of Compliance & Ethics in all aspects of the implementation of the Compliance & Ethics Program.

The Executive Risk and Compliance Committee (“ERCC”) assists the Risk and Audit Committee and the Associate Vice President of Compliance & Ethics in fulfilling their compliance and ethics responsibilities. The ERCC is co-chaired by the Senior Vice President of Finance and Administration and the Provost. With the Board of Trustees, the ERCC sets the “tone at the top” and monitors key risk and compliance areas. 

The University Risk and Compliance Committee (“URCC”) is comprised of administrators and operational managers across the university who have responsibilities in the major areas of the university. These include, among other areas, employment, student affairs, academic affairs, research, enrollment management, financial aid, development and alumni relations, diversity and inclusions, and finance. The URCC is co-chaired by the Associate Vice President of Compliance & Ethics and the Associate Vice President of Global Risk Management Services. The URCC is responsible for overseeing, evaluating, and validating the risk and compliance issues identified by the University Risk and Compliance Network. Operational managers for areas under which a risk falls are also responsible for managing the identified risks.

The University Risk and Compliance Network (“URCN”) is a group of individuals identified by operational management as the point of contact for key risk and compliance activities in their working areas. The members of the URCN are responsible for the day-to-day functional risk and compliance activities attendant to their designated compliance areas and serve as subject matter experts on key operational and strategic risk and compliance areas. The URCN works with the Associate Vice President of Compliance & Ethics to identify and score risks applicable to their operational areas.

In addition to the basic structure of the Compliance Management Framework, there are other parties who play vital roles in RIT’s Compliance Management Framework. Many of these individuals are members of the various internal compliance committees.

  • Directs policy and sets the “Tone at the Top”
  • Monitors progress in key risk and compliance areas
  • Provides updates and recommendations to the Risk and Audit Committee of the Board
  • Recommends allocation of resources
  • Oversees creation and implementation of Institute Risk Map
  • Identifies and monitors progress in key risk and compliance areas
  • Supports coordination of risk and compliance activities across the university
  • Reviews updates, recent developments, and best practices in key risk and compliance areas
  • Serves as subject matter experts on key risk and compliance areas
  • Provides information on risk and compliance activities for their area to URCC as needed

Code of Ethical Conduct and Compliance (C00.0)

President David C. Munson

A Message from the President

 Dear Tigers,

I am pleased to present RIT’s Code of Ethical Conduct and Compliance. This Code was developed to inform, guide, and protect us in all we do at the university. To that end, each of us must commit to living out RIT’s Core Values and complying with RIT policies and procedures, as well as all applicable laws in our work. I am proud to be at RIT, rising toward preeminence as a global university, and gladly commit to this Code. Thank you for joining me as we build RIT’s excellence through difference.

David C. Munson


Rochester Institute of Technology shapes the future and improves the world through creativity and innovation. As an engaged, intellectually curious, and socially conscious community, we leverage the power of technology, the arts, and design for the greater good.  At the heart of this vision and mission is a commitment to excellence that extends to all aspects of our educational and research programs. In pursuit of excellence, all members of the RIT community are expected to conduct their work in the highest ethical manner and to comply with the law and policies that govern activities and operations of the university. In that spirit, the Code of Ethical Conduct and Compliance (the “Code”), along with university’s Core Values, Honor Code, Diversity Statement, and Commitment to Environmental Sustainability, provides a framework for acceptable standards of behavior and reinforces the principle that all members of the RIT community, including university officials and the Board of Trustees, have a responsibility to ensure that RIT conducts its business and pursues its mission ethically, legally, and with integrity.