Our Program

A faculty member and student talking in a studio.
 

Compliance and Ethics Program

Program Overview

The Compliance and Ethics Program, lead by the Office of Compliance and Ethics, is a proactive program through which RIT maintains a culture of integrity while it navigates in good faith the complex laws, regulations and standards by which it is bound. The Compliance and Ethics Program is comprised of the (1) Compliance and Ethics Management Framework, which gives the RIT Community a broad overview of the management and governance structure of the Compliance and Ethics Program, (2) RIT Compliance and Ethics Program Standards and Responsibility Matrix, which details the duties and responsibilities of each key member of the RIT Community as it relates to the Program, and (3) policies and procedures developed by the university to address university, statutory, and regulatory requirements.

Compliance and Ethics Program

Framework

  1. Code of Ethical Conduct & Compliance

    Code of Ethical Conduct & Compliance

    The Compliance Policy and Code of Ethical Conduct (C00.0) is the foundation of the Compliance & Ethics Program. It embodies the expectation that the RIT Community will act ethically and in compliance with applicable laws and policies in all activities on behalf of the university. It applies to all members of the RIT Community and to their conduct while representing RIT, utilizing RIT resources, on RIT property, and/or attending RIT functions.

     

  2. Compliance & Ethics Management Framework with Roof highlighted

    Oversight

    The Board of Trustees provides oversight for the Compliance & Ethics Program and Enterprise Risk Management, determines the appropriate level of risk the Board is willing to accept in RIT's business activities, and sets the "tone at the top" for the entire university. The Risk and Compliance Committees provide guidance and support for the operation and implementation of the Compliance & Ethics Program.

  3. Policies & Procedures

    Policies & Procedures

    Policies and procedures specify the requirements developed by the university to address statutory and regulatory requirements. When creating key policies and procedures, various stakeholders are consulted to ensure the standards from policies and procedures are both applicable and implementable at the university. RIT maintains a University Policies Manual online to ensure university policies and procedures are easily accessible at all times.

  4. Risk Assessments

    Risk Assessments

    RIT conducts an annual enterprise-wide risk assessment, which includes a review of legal and compliance risks. This process involves individuals from subject matter experts who undertake the university’s day-to-day activities, operational management, senior management, and the Board to ensure the assessments broadly cover the university. After identification, risks are analyzed, prioritized and mitigated through quantifiable impact and likelihood scales. This process is completed each year and allows for new risks to be identified, assessed, and properly managed.

  5. Training and Communication

    Training and Communication

    RIT is committed to providing training to its employees to equip them to do their jobs. Special focus is given to providing training and resources to employees in control functions and high risk areas. Trainings are provided in multiple formats to support varying accessibility needs. Communication by Senior Leadership reaffirms to the entire RIT community the university’s commitment to compliance and ethics.

  6. Reports and Responses

    Reports and Responses

    RIT provides an avenue for individuals to report misconduct and noncompliance. The Ethics and Compliance Hotline is an anonymous option available both online and by phone to the RIT community. There are also designated individuals on campus who are trained and ready to receive reports confidentially and without retaliation. All allegations are reviewed, and investigations are conducted impartially by qualified personnel. Special attention is given to issues related to fraud, corruption, sexual misconduct, and allegations made by protected classes of individuals. Reports are elevated. Allegations are reported to senior leadership as appropriate. Corrective action is implemented, up to and including termination, upon findings of responsibility.

  7. Continuous Improvements

    Continuous Improvements

    RIT monitors high-risk activities and continuously reviews processes and procedures within the Compliance & Ethics program. OCE partners with Internal Audit to ensure detailed reviews of high-risk areas are conducted. Additionally, risk assessments are updated annually, so the program can continue to evolve based on current risks.

  1. 2019
  2. 2019
  3. 2019
  4. 2019
  5. 2019
  6. 2019
  7. 2019

  Download: Compliance Management Framework.pdf

Oversight

An effective compliance program requires the commitment of senior leadership and middle management to ensure effective internal controls and adherence to high ethical standards. RIT’s Compliance and Ethics Program reflects a strong commitment by the President, the Board, and senior and operational leadership to comply with all applicable laws and regulations to operate the university in a manner consistent with the highest levels of integrity and ethical conduct. The governance responsibility of ensuring effective implementation of the Compliance and Ethics Program at RIT is shared among the following parties, proportionate with their roles, functions and areas of control.

  Download: Governance Overview

The Board of Trustees retains the ultimate responsibility for legal and regulatory compliance, and determining the appropriate level of risk the Board is willing to accept in RIT’s business activities. The Board, along with senior leadership, sets the “tone at the top” for the entire university. The Board has delegated oversight of the legal, regulatory compliance, and risk activities of the university to the Risk and Audit Committee of the Board of Trustees. The Risk and Audit Committee reviews all significant Compliance and Ethics Program activities. It also approves the annual Institute Risk Map, and ensures that senior  leadership is regularly and responding to the top enterprise risks. 

The university has three internal risk and compliance committees. This structure allows for more comprehensive oversight of regulations and requirements by administrators and operational managers than a single compliance officer could provide alone. The structure facilitates the sharing of best practices and recent developments with operational leaders across the university. It also provides a forum for raising awareness on risk and compliance activities around the university.

The risk and compliance committees provide guidance and support for the operation of the Compliance & Ethics Program and support the Associate Vice President of Compliance & Ethics in all aspects of the implementation of the Compliance & Ethics Program.

The Executive Risk and Compliance Committee (“ERCC”) assists the Risk and Audit Committee and the Associate Vice President of Compliance & Ethics in fulfilling their compliance and ethics responsibilities. The ERCC is co-chaired by the Senior Vice President of Finance and Administration and the Provost. With the Board of Trustees, the ERCC sets the “tone at the top” and monitors key risk and compliance areas. 

The University Risk and Compliance Committee (“URCC”) is comprised of administrators and operational managers across the university who have responsibilities in the major areas of the university. These include, among other areas, employment, student affairs, academic affairs, research, enrollment management, financial aid, development and alumni relations, diversity and inclusions, and finance. The URCC is co-chaired by the Associate Vice President of Compliance & Ethics and the Associate Vice President of Global Risk Management Services. The URCC is responsible for overseeing, evaluating, and validating the risk and compliance issues identified by the University Risk and Compliance Network. Operational managers for areas under which a risk falls are also responsible for managing the identified risks.

The University Risk and Compliance Network (“URCN”) is a group of individuals identified by operational management as the point of contact for key risk and compliance activities in their working areas. The members of the URCN are responsible for the day-to-day functional risk and compliance activities attendant to their designated compliance areas and serve as subject matter experts on key operational and strategic risk and compliance areas. The URCN works with the Associate Vice President of Compliance & Ethics to identify and score risks applicable to their operational areas.

In addition to the basic structure of the Compliance Management Framework, there are other parties who play vital roles in RIT’s Compliance Management Framework. Many of these individuals are members of the various internal compliance committees.

  • Directs policy and sets the “Tone at the Top”
  • Monitors progress in key risk and compliance areas
  • Provides updates and recommendations to the Risk and Audit Committee of the Board
  • Recommends allocation of resources
  • Oversees creation and implementation of Institute Risk Map
  • Identifies and monitors progress in key risk and compliance areas
  • Supports coordination of risk and compliance activities across the university
  • Reviews updates, recent developments, and best practices in key risk and compliance areas
  • Serves as subject matter experts on key risk and compliance areas
  • Provides information on risk and compliance activities for their area to URCC as needed

Code of Ethical Conduct and Compliance (C00.0)

President David C. Munson

A Message from the President

 Dear Tigers,

I am pleased to present RIT’s Code of Ethical Conduct and Compliance. This Code was developed to inform, guide, and protect us in all we do at the university. To that end, each of us must commit to living out RIT’s Core Values and complying with RIT policies and procedures, as well as all applicable laws in our work. I am proud to be at RIT, rising toward preeminence as a global university, and gladly commit to this Code. Thank you for joining me as we build RIT’s excellence through difference.

David C. Munson

_________________________________________________________________________________________________

Rochester Institute of Technology shapes the future and improves the world through creativity and innovation. As an engaged, intellectually curious, and socially conscious community, we leverage the power of technology, the arts, and design for the greater good.  At the heart of this vision and mission is a commitment to excellence that extends to all aspects of our educational and research programs. In pursuit of excellence, all members of the RIT community are expected to conduct their work in the highest ethical manner and to comply with the law and policies that govern activities and operations of the university. In that spirit, the Code of Ethical Conduct and Compliance (the “Code”), along with university’s Core Values, Honor Code, Diversity Statement, and Commitment to Environmental Sustainability, provides a framework for acceptable standards of behavior and reinforces the principle that all members of the RIT community, including university officials and the Board of Trustees, have a responsibility to ensure that RIT conducts its business and pursues its mission ethically, legally, and with integrity.