1 / 60

UT Compliance Conference Monitoring Plans and Assurance Activities

UT Compliance Conference Monitoring Plans and Assurance Activities. California Institute of Technology Rick Moyer – Audit Director and Institute Compliance Officer March 29, 2006. Agenda. Caltech/JPL Compliance Program Overview Risk Assessments and Compliance Risk Matrix

moke
Download Presentation

UT Compliance Conference Monitoring Plans and Assurance Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UT Compliance ConferenceMonitoring Plans and Assurance Activities California Institute of Technology Rick Moyer – Audit Director and Institute Compliance Officer March 29, 2006

  2. Agenda • Caltech/JPL • Compliance Program Overview • Risk Assessments and Compliance Risk Matrix • Compliance Helpline • Compliance Assessments • Compliance Projects • Compliance Committees • Lessons Learned

  3. California Institute of Technology • Independent, private university • Located in Pasadena, CA with off-Campus facilities including the Jet Propulsion Laboratory, Palomar and the W.M. Keck Observatories • Consistently ranked as one of top national universities • $237+ million federal research annually • 30 Nobel laureates among faculty and alumni • Instruction for 900 undergrads and 1300 grad students, focused on science and engineering

  4. Jet Propulsion Laboratory • Leading U.S. center for planetary exploration • Mars Exploration Rovers and Reconnaissance Orbiter • Cassini (Saturn) • Deep Impact • $1.6 B Business Base; 5000 employees • JPL has a dual character • An operating division of Caltech • A Federally Funded Research and Development Center (FFRDC) under NASA • Essentially all work is performed under a prime contract between NASA and Caltech

  5. Compliance Program Overview • Multi-year effort • In-process for 3 years • Led by Director-Audit Services and Institute Compliance (ASIC) • Two FTEs plus Compliance Officer • Supported by Audit and Compliance Committee, President, Provost, VP Business and Finance, General Counsel

  6. Essential Elements of an Effective Compliance and Ethics Program • Standards and Procedures • Organizational Leadership and Culture • Reasonable Efforts to Exclude Prohibited Persons • Training and Communication • Monitoring, Auditing, and Evaluation of Program Effectiveness • Performance Incentives and Disciplinary Actions • Remedial Action Source: Federal Sentencing Guidelines

  7. Objective-Caltech Compliance Program • Ensure Caltech provides and maintains an institutional framework that gives assurance that all applicable rules & regulations, laws, policies and procedures are adhered to. • This will be accomplished through: • Identification of key compliance risk areas • Coordination of all compliance activities • Monitoring compliance activities on on-going basis • Training/awareness of compliance roles & responsibilities

  8. Compliance Charter • ASIC proactively helps management, faculty, and staff identify and reduce risks • Director of ASIC is the Institute’s Compliance Officer, reports to VP Business and Finance, President, Audit and Compliance Committee • Close coordination with General Counsel • Develop and implement annual risk-based plan • Serve as resource in developing or improving compliance related processes • Assist in development of Institute compliance policies or practices

  9. Compliance Charter • Facilitate the establishment of appropriate compliance committees and coordinate with such committees • Assist in the development and delivery of compliance related training • Promote compliance awareness • Provide compliance advisory services • Evaluate emerging compliance trends and implement best practices • Administer Compliance Helpline

  10. Compliance Officer • Coordinate, and provide oversight of, Institute’s compliance function to ensure risks are effectively and expeditiously assessed and reported • Serve as advisor and counselor to all levels of personnel in the Institute; assist offices throughout Institute by coordinating the interpretation of and compliance with laws, regulations, and contract provisions • Obtain input from senior leadership to complete compliance planning process

  11. Compliance Officer • Schedule and perform compliance reviews as planned, requested, or deemed necessary • Develop and foster development of self-assessment programs to distribute compliance responsibilities more broadly among management • Prepare annual report for the Trustees and senior management

  12. Monitoring and Assurance • Macro • Risk Assessment • Heat Map • Compliance Universe/Matrix • Compliance Helpline • Micro • Audits (ASIC) • Self-assessments (Management) • Compliance Assessments • Compliance Projects • Compliance Committees

  13. Risk Assessment Objective • Obtain updated information from our customers on: • Risk • Compliance • Financial • Operational • Reputational • Strategic • Significant Changes within Organizations • Control Environment • Modify Audit and Compliance Plan as necessary

  14. Caltech Risk Assessment - Process • Comprehensive assessment of Campus & JPL • 30+ interviews at both Campus and JPL • Reviewed • OSR Annual Report • JPL Contract • JPL Score Card and Self Assessment • JPL Visiting Committee Report • Board Minutes

  15. Campus Risk Profile–Heat Map(Financial and Operational Risks) Text Legend Previously Audited (FY) FY2006 Plan To be addressed in the future Previously Audited (FY) + FY2005 Plan High Information Privacy (05) Grants & Contracts Management (05) Immigration & Visa Processing (04) Student Affairs (03) Business Continuity Planning Deferred Maintenance (04) Interface with JPL (04) Endowment (05) Environmental, Health & Safety (05) PROBABILITY Human Subjects Moderate Auxiliary Services (03) Animal Subjects (02) Off-Campus Facilities (05) Security Gifts & Restricted Funds (04) Construction Management (05) Human Resource Management Conflict of Interest Acquisition (05) Property Management (04) Financial Reporting (03) Technology Licensing Executive Expenses (05) Low Low Moderate High IMPACT October 1, 2005

  16. Compliance Matrix • Identify key compliance risk areas at Campus and JPL (Compliance Universe) • Campus - 16 Functional Areas; 55 Risk Areas • JPL - 14 Functional Areas; 59 Risk Areas • Review similar information for peer institutions • PwC Risk Assessment • Identify cognizant offices and key contacts

  17. Federal Grants & Contracts Mgmt. Gifts & Restricted Funds Institute Finances Endowment Procurement Property ES&H Animal Subjects Human Subjects Student Affairs Human Resources Business Ethics and Conflicts of Interest Physical Plant/Facilities Technology Transfers Security IT Compliance MatrixCampus Functional Areas

  18. Caltech Compliance Matrix

  19. Compliance Helpline • Establish confidential reporting mechanism, including provision for anonymous reporting • Provides students, faculty, and staff means to: • Obtain advice • Communicate concerns • Reporting methods • Compliance website: http://asic.caltech.edu/helpline.htm • Phone call: (626) 395-8787 or (888) 395-8787 • US Mail: 565 S. Wilson, Pas, CA 91106 • Email: helpline@caltech.edu

  20. Compliance Assessments • Interview key contacts and jointly assess each risk area for the following: • Awareness of external compliance requirements • Documented policies and procedures • Training • Monitoring • Identify gaps • Obtain customer concurrence • 65 Assessments completed in FY 2005

  21. Corrective Action Plans • Work with cognizant management to establish corrective action plans for identified gaps • Who? • What? • When? • Corrective Action Matrix • Continuous improvement activities • 26 CAPs established in FY 2005/06

  22. Compliance Projects • Generally come from management requests • Mutually agreed upon objectives • Generally address one or more of the following advisory services: • Compliance Policies and Procedures • Awareness and Training • Self-Assessment Functions

  23. Compliance Projects • Grants and Contracts Management • Animal Care • Lab Safety • Controlled Substances • Environmental Management Integration • Export Controls

  24. Grants Management Background • In 2002, ASIC performed two academic division audits and noted in both cases significant improvement was required over grants management • ASIC reported that many of the issues would best be addressed on Institute-wide basis

  25. Grants Management Key Compliance Drivers • OMB A133 • OMB A110 • OMB A21 • Grant and Contract provisions Project Objective • Strengthen grants management processes and facilitate development of appropriate policies, procedures, and training

  26. Grants Management • Project Approach • Partnered with Academic Divisions, Finance, and OSR to establish working groups that addressed: • Cost Transfers • Payroll Distribution Confirmations • Service Centers • Roles and Responsibilities • Purchasing • Subrecipient Monitoring • NIH Salary Cap • Cost Sharing

  27. Grants Management Partnership Roles • Academic Divisions • Provided valuable input to P&Ps, monitoring, and training; implemented corrective actions • OSR and Finance Directors • Developed/revised P&Ps, monitoring, and training • OGC • Assisted with compliance and legal guidance • ASIC • Facilitated compliance working group meetings and provided leadership toward product and material milestones

  28. Grants Management Benefits Developed and implemented P&Ps and Training to educate faculty and staff on the importance of: • Adequately monitoring financial status of projects • Ensuring grants are charged in accordance with cost principles and CAS • Ensuring cost transfers are supportable, reasonable, and allowable • Ensuring procurements are made in compliance with specific award requirements and P&Ps • Ensuring timely submission of progress and technical reports • Ensuring proper business use of discretionary funds

  29. Animal Care and Use Program Background • February 2002 - Caltech applied for The Association for Assessment and Accreditation of Laboratory Animal Care (AAALAC) accreditation • March 2002 - AAALAC accreditation team conducted preliminary program evaluation of Institutional Animal Care and Use Program (IACUC) • August 2002 – Formal accreditation review

  30. Animal Care and Use Program Key Compliance Drivers • The accreditation team focuses on seven key compliance areas that include: • The Institution • IACUC • Animal Use and Care Standards • Veterinary Care • Personnel Qualifications and Training • Occupational Health and Safety • Facilities

  31. Animal Care and Use Program Project Objective • Ensure Caltech is adequately prepared for accreditation review and achieves accreditation Project Approach • Partnered with OGC, IACUC members, and key stakeholders • Improved program weaknesses prior to the AAALAC accreditation site visit • Identified strengths and opportunities for improvement

  32. Animal Care and Use Program Partnership Roles • IACUC Chair and OLAR Director • Developed/revised P&Ps, and strengthened monitoring and training • Provost, Directors of ES&H and Physical Plant • Facilitated corrective actions • OGC • Assisted with compliance and legal guidance, reviewed management corrective actions • ASIC • Compared external reqmts to internal P&Ps, reviewed monitoring and training, evaluated implementation, provided gap analysis, reviewed management corrective actions

  33. Animal Care and Use Program Benefits • Roles and responsibilities were clarified • Policies and procedures were revised and strengthened • Monitoring processes were enhanced to increase the frequency of reviews and ensure the full compliment of requirements were being addressed • Additional training was provided • Caltech received full AAALAC accreditation • March 2003

  34. Laboratory Safety Background • In 1990, Caltech EH&S developed written Chemical Hygiene Plan to meet basic administrative and lab safety requirements • EH&S conducts informal annual review of Chemical Hygiene Plan to ensure compliance with state requirements specified in CCR, Title 8, Section 5191 • The Chemical Hygiene Plan was last updated to reflect changes in 2002

  35. Laboratory Safety Key Compliance Drivers • Federal Occupational Safety and Health Administration (OSHA) • California Code of Regulations (CCR) requires written Chemical Hygiene Plan • Chemical Hygiene Plan • clearly defined lines of responsibility • rules governing std operating procedures • personal protective equipment • hygiene practices • emergency procedures

  36. Laboratory Safety Project Objective • Determine adequacy of Chemical Hygiene Plan and assess compliance Project Approach • Partnered with EH&S • Compared Chemical Hygiene Plan with federal and state regs and assessed adequacy and completeness • Conducted walkthroughs of labs • Evaluated monitoring processes • Identified strengths and opportunities for improvement

  37. Laboratory Safety Partnership Roles • EH&S Director and Staff • Facilitated lab visits and discussions with Lab Safety Officers; served as SMEs to validate documentation and lab observations • ASIC • Compared external reqmts to internal P&Ps, reviewed monitoring and training, evaluated lab compliance, and prepared gap analysis matrix

  38. Laboratory Safety Benefits • Strengthened Chemical Hygiene Plan • Improved documentation of annual EH&S monitoring • Stressed importance of Lab Safety Officer role and training • Focused attention toward high risk compliance hazards such as: compressed gas cylinders; hazardous waste containers; hazardous chemical storage; and fume hoods • Verified availability of personal protective equipment and emergency eyewash and showers

  39. Controlled Substances Program Background • The Institute holds a Controlled Substance Registration Certificate from the Drug Enforcement Administration (DEA) for use of listed controlled substances in research • Caltech developed a Controlled Substances Policy in 2002

  40. Controlled Substances Program Key Compliance Drivers • The Federal Controlled Substances Act • California Uniform Controlled Substances Act • California Health and Safety Code

  41. Controlled Substances Program Controlled Substances Policy • Requirements include: • Adhering to established registration and procurement procedures • Maintaining security standards • Providing effective controls and operating procedures to prevent diversion • Maintaining accurate inventory, usage, and disposal records • Notifying appropriate authorities in event of loss or divergence

  42. Controlled Substances Program Project Objective • Assess adequacy of Caltech Policy on Controlled Substances and assess compliance

  43. Controlled Substances Program Project Approach • Partnered with OGC, EH&S, OLAR, Security, Biology and Chemistry academic divisions • Compared Policy with federal and state regs and assessed adequacy and completeness • Conducted walkthroughs of labs and offices • Reviewed procurement practices • Evaluated monitoring processes • Assessed training • Identified strengths and opportunities for improvement

  44. Controlled Substances Program Partnership Roles • Institute Registrant • Facilitated review of purchasing, receiving, storage, delivery, inventory, and disposal • EH&S • Scheduled and assisted with lab visits • Campus Security • Discussed process for investigating suspected diversions • OGC • Assisted with compliance and legal guidance • ASIC • Compared external reqmts to internal P&Ps, conducted lab inspections, reviewed docs, and interviewed lab personnel

  45. Controlled Substances Program Benefits • Improved Controlled Substances Policy • Heightened awareness of Controlled Substances risks • Clarified roles and responsibilities • Improved lab compliance • Improved EH&S monitoring • Strengthened security to prevent diversions • Developed specialized training modules

  46. Environmental, Health, and Safety Management System (EHSMS) Background • In March 2005, JPL’s Environmental Affairs Program Office (EAPO) issued the Environmental, Health, and Safety Management System Policy

  47. EHSMS Key Compliance Drivers • Section H-46 of the JPL Prime Contract • Executive Order 13148 • NASA NPR 8553.1A Project Objective • Independently assess “current state” implementation of EHSMS

  48. EHSMS EHSMS Policy • Requirements include: • Establishing written procedures at all org. levels • Allocating resources to address EHS programmatic and ops. considerations • Evaluating EHS hazards • Training employees • Ensuring integration with all business processes • Communicating EHS requirements to subcontractors • Monitoring EHSMS effectiveness and implement continuous improvement processes

  49. EHSMS Project Approach Partnered with EAPO to: • Compare contents of Prime Contract and Executive Order to the EHSMS Policy • Conduct interviews and review documentation to assess: • Performance goals • Environmental compliance audit programs • Environmental cost accounting principles • Annual progress reporting • Training • Developed gap analysis and opportunities matrix

  50. EHSMS Benefits • Enhanced EHSMS Policy by integrating subcontract requirements • Identified need to develop an EHSMS audit procedure • Identified need to develop an environmental cost accounting process • Provided feedback to EAPO manager regarding integration of EHSMS practices with business practices

More Related