Purpose Statement

The purpose of the university compliance program is to foster a culture of compliance and accountability that is consistent with DePaul's mission.

At the direction of the Audit Committee of the Board of Trustees, DePaul University began an effort in July 2003 to implement an enterprise-wide institutional compliance initiative addressing a number of activities that fall under the framework of "Managing our Business" and "Managing our Risk."

Managing our Business

In August 2003, the Office of Institutional Compliance was formed. The department is responsible for implementing the "Managing our Business" activities, which include:

• Management Standards Training
• Management Standards Quality Assurance Reviews (QARs)
• Manager Control Self-Assessment (MCSA) Certifications
• General Compliance Training​

Managing our Risk

In addition, the Compliance office is responsible for coordinating the "Managing our Risk" activities, including the work of the compliance department and reporting the results to the Compliance Officer, the Executive Compliance Committee (Joint Council subcommittee) and the Audit Committee of the Board of Trustees. The "Managing our Risk" portion of DePaul's compliance program includes the following appointments and activities:

• Executive Compliance Committee​: Joint Council subcommittee. Membership includes responsible parties for each high-risk area along with the Director of Compliance and Risk Management and the Director of Internal Audit.
• Risk Assessments and Monitoring Plans
• Peer reviews
• Reporting and follow-up
• Annual review of high-risk list

DePaul's Compliance High-Risk List

A subset of the Joint Council subcommittee met to identify DePaul's high-risk areas in July 2003. This high-risk list was reviewed and refined by the Compliance Officer, the Associate Vice President for Institutional Compliance and the Director of Internal Audit in the fall of 2003. The high-risk list was further refined by the Audit Committee of the Board of Trustees in December 2003.

The criteria used to identify areas as high risk include the likelihood of non-compliance occurring (generally due to complexity or inherent risks) and the consequence of non-compliance, especially as it relates to the risk of a federal or state audit, financial loss, harm to people and damage of DePaul's reputation. DePaul's high risks are in the following areas:

• Personnel and community-related risks
• Information-related risks
• Administrative management-related risks
• Research-related risks
• Athletics-related risks