The Compliance and Risk Program is part of New York University’s overall Enterprise Risk Management (ERM) Program and follows generally accepted standards for establishing and maintaining an effective compliance program. These standards have a number of key elements that have been incorporated into the University’s Compliance and Risk Program, including an effective compliance program structure, compliance risk assessments, monitoring and corrective action plans, and compliance policies, training and communication.
Effective Compliance Program Structure
- Governance: The University’s governing authority, through the Audit and Compliance Committee of the Board of Trustees, is knowledgeable about the content and operation of the University’s Compliance Program and exercises reasonable oversight over its implementation and effectiveness.
- Executive Oversight: Through the University Compliance and Risk Steering Committee, high-level management exercises overall responsibility for the Compliance Program.
- Day-to-Day Oversight: Designated responsible compliance and risk officers exercise day-to-day responsibility for the Compliance and Risk Program. Their activities are coordinated through several compliance and risk committees whose members include administrative and academic officers as well as representatives of the University’s global campuses.
- University’s Chief Global Compliance Officer: assists in coordinating the University’s compliance activities and reports regularly the results of these activities directly to high-level management and the Audit and Compliance Committee.
Compliance Risk Assessments
- A primary purpose of the University’s Compliance and Risk Program is to identify and assess significant compliance risks and implement internal controls to reduce these risks. As noted above, the University’s Compliance Program is part of an overall ERM Program and its regular, periodic risk assessments are based on the International Organization for Standardization (ISO) 31000, an internationally accepted ERM standard.
Monitoring and Corrective Action Plans
- Reasonable steps are taken to achieve compliance through systems of monitoring, auditing and reporting suspected wrongdoing without fear of reprisal.
Compliance Policies, Training and Communication
- Effective compliance communication to all levels of employees is achieved through readily available compliance policies found at nyu.edu/policies; training programs on these compliance policies and the University’s Code of Ethical Conduct; compliance publications and newsletters, and systems for responding to individual inquiries and complaints.