Our Program

Program Overview

The Compliance and Ethics Program, lead by the Office of Compliance and Ethics, is a proactive program through with RIT maintains a culture of integrity while it navigates in good faith the complex laws, regulations and standards by which it is bound.  The Compliance and Ethics Program is comprised of the (1) Compliance and Ethics Management Framework, which gives the RIT Community a broad overview of the management and governance structure of the Compliance and Ethics Program, (2) RIT Compliance and Ethics Program Standards and Responsibility Matrix, which details the duties and responsibilities of each key member of the RIT Community as it relates to the Program, and (3) policies and procedures developed by the university to address university, statutory, and regulatory requirements.

Compliance and Ethics Program


  1. Code of Ethical Conduct & Compliance

    Code of Ethical Conduct & Compliance

    The Compliance Policy and Code of Ethical Conduct (C00.0) is the foundation of the Compliance & Ethics Program. It embodies the expectation that the RIT Community will act ethically and in compliance with applicable laws and policies in all activities on behalf of the university. It applies to all members of the RIT Community and to their conduct while representing RIT, utilizing RIT resources, on RIT property, and/or attending RIT functions.


  2. Compliance & Ethics Management Framework with Roof highlighted


    The Board of Trustees provides oversight for the Compliance & Ethics Program and Enterprise Risk Management, determines the appropriate level of risk the Board is willing to accept in RIT's business activities, and sets the "tone at the top" for the entire university. The Risk and Compliance Committees provide guidance and support for the operation and implementation of the Compliance & Ethics Program.

  3. Policies & Procedures

    Policies & Procedures

    Policies and procedures specify the requirements developed by the university to address statutory and regulatory requirements. When creating key policies and procedures, various stakeholders are consulted to ensure the standards from policies and procedures are both applicable and implementable at the university. RIT maintains a University Policies Manual online to ensure university policies and procedures are easily accessible at all times.

  4. Risk Assessments

    Risk Assessments

    RIT conducts an annual enterprise-wide risk assessment, which includes a review of legal and compliance risks. This process involves individuals from subject matter experts who undertake the university’s day-to-day activities, operational management, senior management, and the Board to ensure the assessments broadly cover the university. After identification, risks are analyzed, prioritized and mitigated through quantifiable impact and likelihood scales. This process is completed each year and allows for new risks to be identified, assessed, and properly managed.

  5. Training and Communication

    Training and Communication

    RIT is committed to providing training to its employees to equip them to do their jobs. Special focus is given to providing training and resources to employees in control functions and high risk areas. Trainings are provided in multiple formats to support varying accessibility needs. Communication by Senior Leadership reaffirms to the entire RIT community the university’s commitment to compliance and ethics.

  6. Reports and Responses

    Reports and Responses

    RIT provides an avenue for individuals to report misconduct and noncompliance. The Ethics and Compliance Hotline is an anonymous option available both online and by phone to the RIT community. There are also designated individuals on campus who are trained and ready to receive reports confidentially and without retaliation. All allegations are reviewed, and investigations are conducted impartially by qualified personnel. Special attention is given to issues related to fraud, corruption, sexual misconduct, and allegations made by protected classes of individuals. Reports are elevated. Allegations are reported to senior leadership as appropriate. Corrective action is implemented, up to and including termination, upon findings of responsibility.

  7. Continuous Improvements

    Continuous Improvements

    RIT monitors high-risk activities and continuously reviews processes and procedures within the Compliance & Ethics program. OCE partners with Internal Audit to ensure detailed reviews of high-risk areas are conducted. Additionally, risk assessments are updated annually, so the program can continue to evolve based on current risks.


The Compliance and Ethics Program is run by a coordination of individuals and committees with varying levels of authority and different areas of expertise within the university.

An effective compliance program requires the commitment of senior leadership and middle management to ensure effective internal controls and adherence to high ethical standards. RIT’s Compliance and Ethics Program reflects a strong commitment by the President, the Board, and senior and operational leadership to comply with all applicable laws and regulations to operate the university in a manner consistent with the highest levels of integrity and ethical conduct. The governance responsibility of ensuring effective implementation of the Compliance and Ethics Program at RIT is shared among the following parties, proportionate with their roles, functions and areas of control.

  Download: Governance Overview

The Board of Trustees retains the ultimate responsibility for legal and regulatory compliance and determining the appropriate level of compliance risk the Board is willing to accept in RIT’s business activities. The Board, with Senior Leadership, sets the “tone at the top” for the entire university.

The Audit Committee of the Board of Trustees is delegated by the Board to oversee the legal and regulatory compliance activities of the university and has the ultimate responsibility to ensure university compliance with applicable laws, regulations, policies, and procedures. The Audit Committee approves all significant Compliance and Ethics Program activities and must provide timely reports on the Compliance and Ethics Program and particular compliance matters to the full Board of Trustees. The details of the Audit Committee’s responsibilities related to the Compliance and Ethics Program are in the Compliance Elements & Responsibility Matrix.

The Enterprise Risk Committee ("ERM") Subcommittee of the Board of Trustees oversees the risks affecting the university on an enterprise level. The Subcommittee approves the annual Institute Risk Map, and it reviews and provides advice on the mitigation/treatment plans for the top risks each year.

Below the Board, the university has three risk and compliance committees. This structure allows for more comprehensive oversight of regulations and requirements by administrators and operational managers than a single compliance officer could provide alone. This structure facilitates the sharing of best practices and recent developments with compliance contacts across the university. It also provides a forum for raising awareness on risk and compliance activities around the university.

The risk and compliance committees provide guidance and support for the operation of the Compliance & Ethics Program and support the Assistant Vice President of Compliance & Ethics in all aspects of the implementation of the Compliance & Ethics Program.

The Executive Risk and Compliance Committee (“ERCC”) assists the Audit Committee of the Board of Trustees and the Assistant Vice President of Compliance & Ethics in fulfilling their compliance and ethics responsibilities.  The ERCC is co-chaired by the Senior Vice President of Finance and Administration and the Provost. With the Board of Trustees, the ERCC sets the “tone at the top” and monitors key risk and compliance areas. 

The University Risk and Compliance Committee (“URCC”) is comprised of other administrators and operational managers who have responsibilities in the major compliance areas of the university. These include, among other areas, employment, student affairs, academic affairs, research, enrollment management, financial aid, development and alumni relations, diversity and inclusions, and finance. The URCC is co-chaired by the General Counsel and the Assistant Vice President of Compliance & Ethics. The URCC is responsible for overseeing, evaluating, and validating the risk and compliance issues identified by the University Risk and Compliance Network.  Operational managers for areas under which a risk falls are also responsible for managing the identified risks.

The University Risk and Compliance Network (“URCN”) is a group of individuals identified by Operational Management as the point of contact for Compliance & Ethics Program responsibilities in their working areas. The members of the URCN are responsible for the day-to-day functional compliance activities attendant to their designated compliance areas and serve as subject matter experts on key operational and strategic risk and compliance areas. The URCN works with the Assistant Vice President of Compliance & Ethics to revise and update the Compliance Inventory as applicable to their compliance areas. The URCN is expected to coordinate and collaborate with OCE on compliance initiatives and new compliance obligations and to meet with OCE periodically on the status of compliance initiatives in their compliance areas. Their responsibilities related to the Compliance & Ethics Program are further detailed in the Compliance Elements & Responsibility Matrix.

In addition to the basic structure of the Compliance Management Framework, there are other parties who play vital roles in RIT’s Compliance Management Framework. Many of these individuals are members of the various Compliance Committees. Others are not part of the formal Government and Accountability Structure but step in to assist the Compliance & Ethics Program when appropriate.

  • Directs policy and sets the “Tone at the Top”
  • Monitors progress in key risk and compliance areas
  • Provides updates and recommendations to the ERM SubCommittee of the Board
  • Recommends allocation of resources
  • Oversees creation and implementation of Institute Risk Map
  • Identifies and monitors progress in key risk and compliance areas
  • Supports coordination of risk and compliance activities across the university
  • Reviews updates, recent developments and best practices
  • Serves as subject matter experts on key risk and compliance areas
  • Provides information on risk and compliance activities for their area to URCC as needed

Code of Ethical Conduct and Compliance (C00.0)

President David C. Munson

Letter from the President of Rochester Institute of Technology

 Dear Tigers,

I am pleased to present RIT’s Code of Ethical Conduct and Compliance. This Code was developed to inform, guide, and protect us in all we do at the university.

To that end, each of us must commit to living out RIT’s Core Values and complying with RIT policies and procedures, as well as all applicable laws in our work.  I am proud to be at RIT, rising toward preeminence as a global university, and gladly commit to this Code.  Thank you for joining me as we build RIT’s excellence through difference.

David C. Munson


Rochester Institute of Technology shapes the future and improves the world through creativity and innovation.  As an engaged, intellectually curious, and socially conscious community, we leverage the power of technology, the arts, and design for the greater good.  At the heart of this vision and mission is a commitment to excellence that extends to all aspects of our educational and research programs.  In pursuit of excellence, all members of the RIT community are expected to conduct their work in the highest ethical manner and to comply with the law and policies that govern activities and operations of the university.

In that spirit, the Code of Ethical Conduct and Compliance (the “Code”), along with university’s Core Values, Honor Code, Diversity Statement, and Commitment to Environmental Sustainability, provides a framework for acceptable standards of behavior and reinforces the principle that all members of the RIT community, including university officials and the Board of Trustees, have a responsibility to ensure that RIT conducts its business and pursues its mission ethically, legally, and with integrity.