www.richmond.edu web results only

Web Results

Directory Results

Compliance Matters Newsletter

Welcome to Compliance Matters - a monthly newsletter highlighting all things compliance.

Expand All
  • October/November 2024

    Welcome to the October/November edition of Compliance Matters, a newsletter about all things compliance.

     

    IN THIS ISSUE ...

    Cybersecurity Awareness Month

    Learn how to stay safe on line.

     

    National Ethics and Compliance Week

    Join your fellow Spiders in observing this national celebration.

     

     Guest Corner:  Environmental Health and Safety  

    Learn what this important campus office does to help keep our workplace safe.

     

     Cybersecurity Awareness Month

    Did you know that October is National Cybersecurity Awareness month?  In honor of that national celebration, the University’s Information Security Office has provided the following Cybersecurity Tips for Travel.

    As the holidays get closer you might be booking your tickets, figuring out what to pack, and buying gifts for loved ones. This also is a great time for cyber criminals to ruin the holiday spirit by targeting online holiday activity and devices. To keep your holiday travel and devices secure use the cybersecurity tips below.

    -Double check your multi-factor authentication (MFA) settings.

    -Change or update passwords. Consider using a password manager; UR provides free licenses for LastPass Password Manager.

    -When online shopping choose a secure drop-off location and require a signature for pickup if possible.

    -Avoid connecting to unsecure public Wi-Fi.

    -Turn on device tracking and/or remote wiping options in case it is lost or stolen.

     

    For more information on securing your devices while traveling visit the Travel & Tech website:

    https://is.richmond.edu/infosec/spidersecure-training-program/traveltech.html

     

     

    National Ethics and Compliance Week

    November 3 – 9, 2024 is National Ethics and Compliance Week.   Keep a lookout for games, prizes and compliance office appearances throughout the week.  Learn more at Richmond.edu/compliance and click on the National Ethics and Compliance promo button.

     

     

    GUEST CORNER:  Environmental Health and Safety (EHS)

    By Mike Miller, Director EHS

    The office of EHS has two full time employees - Michael Bowles, Fire Safety Technician and myself, Mike Miller, Director. We are hoping to add a third EHS professional in 2025. The Office is part of Public Safety which is led by AVP/Chief of Police Dave McCoy.

    EHS’s mission is to provide a campus that is safe for faculty, staff, students, and visitors and to protect the environment. We are also committed to fostering partnerships and collaborating with stakeholders, providing exemplary service to our customers, identifying risks to our community, and continuing to improve the safety programs here on campus. Our goal is to go beyond just compliance.

    Our services include:

    Fire Safety                                                      Radiation Safety                                            

    Hazardous Waste Control and Removal             Chemical and Biological Safety

    Laboratory Safety                                           Animal Safety

    Environmental Management                            Overall Safety Training

    General and Construction Safety                      Accident Investigations

    Indoor Air Quality and Mold                             Emergency Response

                                         

     

    We are currently shifting many of our inspection programs to a new software package called Campus Optics. This will standardize and improve inspections which in turn will make for a safer campus environment.

    If you have any questions or concerns about your work area, please contact us at (804)289-8721. Additional information is available on or website at https://ehs.richmond.edu/

     

     

  • August/September 2024

    Welcome to the 2024-25 Academic Year and the first edition of Compliance Matters, a newsletter about all things compliance.

     

    IN THIS ISSUE ...

    What’s is a Name?

     The Compliance Office is changing its name!

     

    One Stop Reporting

    Launch of report.richmond.edu.

     

    Annual Compliance Training

    New academic year, new training launch – sort of …

     

    New Policies

    Check out the new and revised policies that have been added to the Policy Library.

     

     Guest Corner:  URPD and the ASR/ Clery Act

    Ever wonder what the Clery Act is all about?  Read this edition’s guest column to learn more!

     

     The Compliance Office is Changing its Name

    Exciting News!  We are now the Office of Compliance, Title IX and Non-Discrimination.   We changed our name to better reflect the work we do on a daily basis – namely supporting our campus community through our continued commitment to fostering a safe and inclusive campus.  Whether it is a compliance concern, a discrimination and harassment issue or a sexual misconduct incident, we are committed to addressing your concerns and supporting you through the process.

    Be on the lookout for our newly designed website to learn more about our work and for valuable resources.

     

    One Stop Reporting

    Have you ever had a concern but were confused as to who to report it to?  Maybe it was a concern about a campus community member, a Title IX issue, or even a cybersecurity concern.   This summer, the University launched report.richmond.edu -a one stop reporting site where you can get information on who and how to report your concerns.   Check it out!

    Annual Compliance Training

    With the start of the new academic year comes the launch of our annual compliance training.   Well, normally.   This year with the implementation of Workday, we are delaying our annual compliance training launch until after January, 2025 for all continuing faculty and staff.  New faculty and staff will continue to be assigned the required compliance trainings upon hire.

    Keep a look out for an announcement about the launch of annual training with our new platform Workday at the start of the New Year.

     

    New Policies

    The Office of Compliance aims to bring awareness to the Richmond community about new and updated university-wide policies and guidelines. 

    In this issue, we introduce the following new or revised policies: 

    Policy Prohibiting Discrimination

    Policy on Prohibiting and Responding to Discrimination Based on Protected Status- Students

    Policy on Prohibiting and Responding to Discrimination Based on Protected Status- Faculty and Staff

    Interim Policy on Prohibiting and Responding to Sexual Harassment/Sexual Misconduct-Students

    Interim Policy on Prohibiting and Responding to Sexual Harassment/Sexual Misconduct- Faculty and Staff

    Interim Policy on Prohibiting and Responding to Sex Discrimination – Students

    Interim Policy on Prohibiting and Responding to Sex Discrimination – Faculty and Staff

    Policy Regarding Pregnancy, Childbirth, Lactation, and Related Conditions for Faculty and Staff

    Youth Protection Policy

    Please visit the Policy Library to find the latest and revised policies and guidelines.  For guidance on developing new policies or revising an existing policy, please see https://policy.richmond.edu/development/index.html  directly for further assistance.

     

    GUEST CORNER:  URPD and the ASR/Clery Act

    By Nick Myers, Public Safety Compliance Analyst, University of Richmond Police Department

     

    What is the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act)?

     

    • A landmark federal law adopted in 1990 and amended in 1998, now called the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, section 485(f) of the Higher Education Act of 1965, requires institutions of higher education to disclose campus crime statistics and security information.

     

    • Designed to provide information about safety related policy, procedures, programs and statistics about crime in our Clery geography.

     

    • As a major component of the Clery Act, an Annual Security and Fire Safety Report is published by October 1st of each year.

     

    What is an Annual Security and Fire Safety Report (ASR) and who puts it together?

    • The ASR contains Clery defined crime statistics for the three previous years of reported incidents, as well as all fires that occurred during the previous three years in on‐campus student housing.

     

    • The report explains how we alert the campus community to potential dangers.

     

    • There is valuable information on campus safety prevention and awareness education measures, safety related policies, procedures, practices and programs.

     

    • The Department of Public Safety is responsible for the compiling and the distribution of the ASR. Statistical information is requested from local law enforcement, in other states, and in international locations, when the property is considered university non‐campus property under the Clery Act.

     

    • The report is distributed to all enrolled students and current employees via email. All prospective students and employees can obtain a printed copy upon request from the University Police Department or by visiting the website.

     

    Why should I review the Annual Security and Fire Safety Report?

    • Current students and employees can reference the reports to increase their awareness and gather information on personal safety measures they can take.

     

    • Prospective students and their families can use the report to enhance their decision-making process.

     

    • The report assists community members to become aware of what is happening regarding safety on our campus, which is significantly strengthened when everyone takes an active role supporting the well-being of fellow Spiders.
  • Summer 2024

    Welcome to the last edition of Compliance Matters for the Academic Year.   We wish everyone a restful and productive summer.

     

    IN THIS ISSUE ...

    Privacy Tips When Traveling

    Ideas on how to keep your data safe while traveling

     

    Summer Checklist

    A short checklist to help you make ethical decisions and stay compliant 

     

     Guest Corner:   Youth Protection Program on Campus

     

    Privacy Tips When Traveling

    Vacation plans?  Booking vacations and travel can put your personal information at risk!   Here are a few tips from Norton to keep your data safe while traveling:

    • Book travel from secure websites

    Be sure you are using the official company website when you book your travel.  Look for https in the URL to be sure it is secure

     

    • Enable passcodes and PINS on mobile devices before you leave

    Be sure to set a password lock on your devices to make it harder for anyone to get into your phone or laptop if it is left unattended.

     

     

    • Turn off Bluetooth

    Be sure to turn off automatic Bluetooth connectivity in public places.  Don’t let anyone pick up your signal and gain access to your device.   It can happen even without your knowledge

     

    • Use only password-protected Wi-Fi networks

    If you need to access the internet, be sure to use password protected networks. Avoid connecting to free public Wi-Fi!

     

    • Use a VPN

    Even if you are using a Wi-Fi protected network, you can increase your security by using a VPN (Virtual Private Network).   This allows your data to travel encrypted.

     

    • Check sensitive accounts regularly

    Check your sensitive financial accounts regularly even when on vacation.   The sooner you catch fraudulent behavior the better.

     

    • Leave your smart devices in the hotel safe

    Store all the smart devices that you will not need during the day in your hotel safe.  This could include your laptop and smartwatches.

     

    • Don’t post your vacation plans on social media

    Don’t broadcast your location on social media.  Bad actors will be able to determine that you are not at home.  Wait until you return to share all your fabulous pictures and stories.

     

    • Have fun!

    Take steps to secure your data but don’t forget to relax and have fun!

     

     

    Summer Checklist

    In higher education, summer usually gives us all a time to catch our breath.   For some, the workload is lighter and that makes it a great time to check off some ethics and compliance To-Do’s.   Below is a list of questions to help you make ethical decisions and stay compliant.

     

     

     

     

    • Is your role subject to regulatory oversight? If so, do you know the requirements?

     

     

    • Are your policies and procedures up to date with current regulations and requirements?

     

    GUEST CORNER:  Youth Protection Policy

    By Yahneet Govine, Risk Management Program Manager

     

    The Youth Protection Policy (YPP) is designed to safeguard the well-being of minor participants in University-sponsored youth programs and ensure that every interaction involving minors adheres to the highest standards of safety and professionalism.

     

    Key components of the Youth Protection Policy include:

     

    • Program Registration

    All programs involving minors must be registered with the Office of Risk Management at least thirty (30) days prior to the program start date.

     

    • Screening

    Program staff must clear a biennial background check prior to participation in programs involving minors.

     

    • Training

    Program staff must complete training on recognizing the signs of child abuse.

     

    • Supervision

    Program staff must supervise participants at all times by ensuring adequate staff-to-participant ratios are observed.

     

    • Mandatory Reporting

    All University employees and volunteers are Mandated Reporters and have the individual responsibility to immediately report the suspected abuse or neglect of a minor.

     

    • Program Reviews

    The Office of Risk Management selects programs to review for compliance with the Youth Protection Policy and provides recommendations for process improvement. 

     

    By adhering to the established guidelines and promptly reporting any concerns, we contribute to creating a safe and nurturing environment where minors can thrive.  For more information about hosting a youth program, please visit risk.richmond.edu or contact Yahneet Govine

  • March/April 2024

    IN THIS ISSUE ...

     

     

    Conflicts of Interest

    Do you know how to disclose a conflict of interest?

     

    The Travel Registry

    Why do you need to register your business travel?

     

    Compliance Training

    A big thank you!

     

    Guest Corner: March Madness – Athletic Compliance   

    Learn about the University’s Office of Athletic Compliance Services.

     

    Conflicts of Interest

    Questions about conflicts of interest are one of the most frequent questions submitted to the Compliance Office. A conflict of interest occurs when personal interests affect or appear to affect an employee’s professional judgment in performing any University duty or responsibility.   As employees, we have an obligation to act in the University’s best interests when making decisions on the job. 

    Sometimes, it is difficult for us to recognize our own conflicts of interest.  We feel confident that we are acting with good intentions and with the University’s best interest at heart, without pausing to think critically about how are actions might appear to those around us.  That’s why it is so important to be aware of potential or perceived conflicts that might crop up.  

    The basic standard for dealing with conflicts of interest is simple: if you believe a conflict of interest exists, then treat the situation as if a conflict does exist until you have disclosed and resolved the potential conflict with your supervisor, manager, director, or Human Resources.

    The University’s Conflict of Interest policy and the Nepotism and Personal Relationship policy are helpful resources and provide additional information on recognizing a conflict of interest and how to report it.   

     

     

     

    The Travel Registry

    Faculty and staff traveling internationally on University business must complete the online Travel Registry.  Once you register your travel, you will receive a confirmation email with information about your international travel coverage provided by the University.  

    Specifically, registering your travel can activate the University’s authorized international health insurance, political and natural disaster evacuation, facilitate the University’s emergency assistance, and provide you with important pre-departure information/support, as needed and where applicable on your travel.

    You will also receive helpful resources on the impact of export control regulations on your travel including a helpful checklist to assist you in determining if further steps are needed for your trip.

    You can find the registry here

     

    Compliance Training

    A big thank you to all faculty and staff who completed the compliance training modules by the March 1 deadline.  Compliance training lays the groundwork for a healthy workplace culture where we can discuss issues, and head off potential problems before they arise.

    If you have not yet completed the modules, it is not too late.  Please go to Talent Web, find the trainings in your transcript and hit the launch button.  

     

    GUEST CORNER:  Athletic Compliance – March Madness  

    By Ryan Colton, Deputy Athletics Director and Chief of Staff

    What is the role of the Office of Athletics Compliance Services?

    The Office of Athletics Compliance Services’ mission is to promote a culture of shared responsibility, accountability, and compliance with NCAA, conference, and University rules and regulations.  The Athletics Compliance Office is designed to ensure that the University’s intercollegiate athletics program is operated within the rules and regulations of the National Collegiate Athletic Association (NCAA), the University, the Atlantic 10 Conference, the CAA Football Conference, and the Patriot League (Women’s Golf).  Compliance with these rules and regulations is the shared responsibility of everyone associated with the University of Richmond.

     

    What are the important NCAA rules University employees must be aware of?

    As an employee of the University, you would likely be considered a Representative of Athletics Interests under the NCAA’s broad definition of the term. 

    NCAA legislation consists of two main rules that govern the conduct of representatives of athletics interests: 

    • Representatives of athletics interests cannot recruit; and

     

    • Representatives of athletics interests cannot give impermissible benefits to student-athletes (current or prospective) or their friends or families.

     

    Other important rules and responsibilities UR employees must know.

    Listed below are a few more specific rules that could apply to your interactions with University of Richmond prospective student-athletes:   

    Transportation  - University of Richmond employees cannot provide personal transportation to prospects or prospects’ family members. 

    Benefits – University of Richmond employees cannot provide prospects or prospects’ family members any money, items of value (e.g., t-shirts, hats, souvenirs), or discounts on items or services unless the same benefits are provided to the general public, the general student population or to all prospective students. 

    In-person contacts – Face-to-face recruiting contact between a prospect and an employee of the University that is directed by a University of Richmond coach or otherwise related to athletics is prohibited unless it occurs (a) on the University of Richmond campus; or (b) if off-campus, during a prospect’s official visit and within 30 miles of campus. 

    Telephone calls – University of Richmond employees are not permitted to call prospects regarding the athletics program or at the direction of University of Richmond coaching staff member. Employees of the University may receive calls from prospects so long as those calls are unrelated to athletics. All athletically related questions must be directed to the Department of Athletics. 

    Electronic communications (e.g., Email, text messaging, Facebook, Twitter) – In most sports, emails to a prospect that relate to athletics are prohibited until September 1st of the prospect’s junior year. Like telephone calls, employees of the University can receive electronic communications from prospects provided the communications do not relate to athletics. 

    Publication of a prospect’s recruitment – University of Richmond and its employees are prohibited from publicizing the recruitment of any prospect or prospect’s visit to campus (e.g., posting a picture of a prospect’s athletically-related visit on social media). 

     

    ASK BEFORE YOU ACT:  The OACS is a resource for the Spider Community.

    The forgoing does not constitute an exhaustive list of areas to which NCAA rules and regulations may apply to your interactions with prospective or current student-athletes. Therefore, if you ever have a doubt concerning permissible actions – ASK BEFORE YOU ACT!

    The University of Richmond Office of Athletics Compliance Services is here to assist you whenever you have questions about NCAA legislation.  If you have any questions or concerns regarding NCAA rules and regulations, please do not hesitate to reach out.

     

     

  • January/February 2024

    IN THIS ISSUE ...

    How to Prevent Ethical Backslides

    Learn how we can avoid one.

     

    How Can You be Compliant in the New Year?

    A helpful checklist for the new year.

     

    Guest Corner: Workers’ Compensation  

    Learn about the University’s Workers’ Compensation Program.

     

     

    HOW TO PREVENT ETHICAL BACKSLIDES

    Richmond works hard to train staff and faculty in ethics and compliance.   Many other universities and other organizations do this as well.  So how come we still read about scandals and controversies in the areas of ethics and compliance?  One of the reasons – ethical backslides.

    It is important to remember that unethical behavior didn’t start out that way.   Behavior often snowballs.   Perhaps there is unrealistic pressure to perform that drives employees to commit unethical or illegal acts. 

    How can we avoid this snowball effect? 

    Keep ethics at the forefront by creating a culture that encourages employees to report problems.  You often hear this described as a “speak up” culture. 

    Good ethical practices don’t just happen.  They need to be worked on continuously by everyone within the University.   You have to live it every day.

    You can help in these efforts by completing compliance trainings: familiarize yourself with all the policies and procedure that apply to your job duties and follow them:  support your colleagues’ ethical behavior with positive reinforcement; and report problems to your supervisor or to the Compliance Helpline (804) 287-1800.

    These tips were taken from:  Business Ethics: What Everyone Needs to Know by J.S. Nelson and Lynn A. Stout (https://global.oup.com/academic/product/business-ethics-9780190610265?cc=us&lang=en&)

    HOW CAN YOU BE COMPLIANT IN THE NEW YEAR?

    Every New Year’s, plenty of people create resolutions to learn a new skill, stop a bad habit, or create a good one.  Why don’t we apply this to our Richmond life as well.   Below is a checklist to help you stay compliant during the year:

     

    What do you do when you come across an compliance or ethical issue?

    • Know where to locate your department policies: https://policy.richmond.edu/library/index.html?
    • Stay current with changing laws and regulations that apply to your department; ask your supervisor to keep you and your team updated
    • Develop a best practices guide for your work and your team’s work
    • Report any potential issues to your supervisor or to the compliance helpline (804) 287-1800
    • Contact the Compliance office if you have any questions regarding potential issues. We are here as a resource. 

     

     

    GUEST CORNER:  WORKERS’ COMPENSATION 

    By Robin Walinski, Risk Management Specialist 

     Q:  What is workers’ compensation?

    Workers’ Compensation (WC) is a type of insurance that provides benefits to employees who are injured on the job or develop an occupational illness due to their employment.  The most common WC benefits are Medical – coverage for medical bills and expenses related to the injury or illness; and Wage Loss Replacement – reimbursement to the employee for lost wages when unable to work due to medically-authorized time away from work.

    Q: Who is eligible for workers’ compensation benefits?

    Employees who suffer work-related injuries or illnesses may be eligible for benefits under the Virginia Workers’ Compensation Act.  Eligible employees include faculty, staff, and student employees whether full-time or part-time.  To qualify, the injury or occupational illness must be in the course and scope of the employee’s job duties.

    Q: How does the claims process work?

    When an employee is injured due to their work activities, the employee should report the injury to their supervisor immediately, but no later than 30 days from the date of injury, and before seeking medical treatment.  The employee’s supervisor will initiate the claims process by completing the Supervisor’s First Report of Injury found on the Risk Management website.  Next, the supervisor will provide the employee with the Approved Panel of Physicians and alert Risk Management to the location the employee has chosen for medical care so that an authorization for treatment can be sent.  Risk Management will notify the University’s WC insurer of the incident.

    Q: What happens the next day after an injury?

    After receiving medical treatment, the employee will be given a Work Status Note that states when the employee is able to return to work and/or provides any work restrictions.  It is the employee’s responsibility to provide the Work Status Note their supervisor after each medical visit.  Failure to do so could impact or delay the employee’s WC benefits.  The supervisor must notify Risk Management if the employee is unable to work at any time during the claims process.

    Q:  Will I receive phone calls from anyone regarding my injury?

    Yes, the injured employee should expect to be contacted by individuals from the following areas: department supervisor, Risk Management, the WC insurer, and medical providers.  It is very important to take these calls and remain in communication throughout the claims process.  Failure to do so could impact or delay the employee’s WC benefits.

    Q:  Who should I contact if I have further questions regarding the WC Process?

    Feel free to contact the Risk Management team if you have any questions regarding Workers’ Compensation coverage or procedures.  Our office number is 804-289-8824 and we can be reached by email at:  risk@richmond.edu

    For more information, the Virginia Workers’ Compensation brochure can be found at: https://workcomp.virginia.gov/sites/default/files/documents/Workers-Compensation-Brochure.pdf.

  • November/December 2023

    IN THIS ISSUE ...

    Compliance Week Recap:

    Did you miss Compliance week?  Keep reading for a recap of the week and the winners of our great prizes.

     

    Holiday Phishing Attacks

    Be on the lookout for these potential attacks!

     

    Guest Corner: Internal Audit 

    Come meet our Associate Vice President for Internal Audi

     

     

    COMPLIANCE WEEK RECAP

    On November 6 – 10, 2023, the Compliance Office celebrated our annual Ethics and Compliance Week observation.   The Week was a chance for all employees to learn about compliance and ethics and have a little fun too. 

    The Week started with a dedicated website announcing a Jeopardy game, a word find and an athletic compliance challenge.   Each day, Compliance Bytes featured an important Word of the Day.  The Director of Compliance participated in the Morning Blend for the Faculty Hub with a presentation on “Sexual Misconduct and Your Role as a Faculty Member”.  If you missed the presentation, the Hub has archived the talk.  The week ended with a compliance table at the Benefits Fair.

    Prize Alert

    For all those that participated in the activities and games, thank you!!   If you are curious as to who won the prizes, see below

    Richmond Swag Bundle – Ingrid Lasrado

    Women’s Basket Ball tickets – Kristen Ball

    Men’s Basketball tickets – Kathy Ziegenfus

    Richmond Sweatshirt – Bryan Moyer

    Basketball signed by both men’s and women’s basketball coaches – Danise Stetson  

     Done but Not Gone

    Although Ethics and Compliance Week is over, it doesn’t mean that resources are gone.  Check out the Compliance website:  Richmond.edu/compliance for helpful information and resources.

    HOLIDAY PHISING ATTACKS

    Between Thanksgiving and New Year’s Day, cybercriminals are especially active.  As we are thinking about family, time off, and gifts, we may pay less attention to the many emails we receive, order confirmations, promotional offers and e-cards.  This is when cybercriminals try to lure you into action.  Don’t be a victim.  Check out these helpful tips:

    Gift card scams

    Many holiday scams involve buying and selling fake gift cards or tricking you into paying someone with a gift card. If you receive an urgent call or email asking for payment via gift card, assume it is a scam. According to the Federal Trade Commission (FTC), real businesses and government agencies will never request gift cards as payment. If you purchase gift cards in a store, carefully examine the PIN to ensure it hasn’t been altered, and get a receipt so that you can verify the purchase in case the card is lost or stolen.

    Charity scams

    Hackers often take advantage of people’s goodwill by creating fake charities, such as GoFundMe campaigns. Before donating money or sharing any information, do your research — double-check that the URL and charity details are legitimate.

    Online Shopping

    As more folks opt for the convenience of online shopping, it’s important to consider these best practices to stay safe this season.

    • Use secure Wi-Fi
      Shopping online while using public Wi-Fi at places like restaurants, hotels and airports is risky. If you need to make purchases on the go, connect to a virtual private network or use your phone as a hotspot for secure shopping.
    • Think before you click
      If you receive a sales offer via email or text that seems unbelievable, it could be a phishing scam. Keep an eye out for the classic signs of phishing, like typos and grammar mistakes, suspicious links and unusual email addresses. To verify an offer, go directly to the company’s website rather than clicking a link.
    • Consider payment options
      Because most credit card companies offer more consumer protections, credit cards are a safer form of payment than debit cards. Fraudulent debit card charges can also take 30-60 days to be reversed, during which time your account may be frozen. Consider using a virtual credit card number or third-party payment service such as Amazon Pay, PayPal, Google Pay or Apple Pay to avoid entering your credit card information directly.

     

    GUEST CORNER:  Internal Audit

    By Du’Neika Easley, Associate Vice President for Internal Audit

    Du’Neika Easley, Associate VP of Internal audit has been with the University since 2012. After spending almost three years in the Office of Planning & Budget, she transitioned to Internal Audit. She is a Certified Public Accountant with 20 years of auditing experience.

     

    1. What is Internal Audit’s role at the University of Richmond?

     

    Internal audit provides independent, objective reviews of the University’s business processes, as the third line of defense in managing risk. We gather information throughout the audit process and make recommendations to improve internal controls and compliance with University policies or other regulations.

     

    1. How does Internal Audit determine which areas to audit?

     

    Each year Internal Audit develops a project plan to review areas of potential risk. Risks are assessed through conversations with leadership, data from the University’s Enterprise Risk Management process, and trends in higher education. The Board of Trustee’s Audit and Compliance Committee approves the final plan.

     

    Risk Assessment Process

     

    1. What is a common misconception people often have about Internal Audit?

     

    There are two common misconceptions. The first being that our goal is to find errors. While this may occur it’s not the goal. The audit process is designed to be collaborative and support our auditees in addressing concerns. The second misconception is that we “approve” or define the appropriate internal controls. On the contrary, we only make recommendations. Management is responsible for determining which controls to implement based on a number of factors including feasibility and resources.

     

    1. What other services does internal audit offer?

     

    Internal audit is available to provide advice on policies, procedures, and process changes. As previously mentioned, we must remain independent, but we offer our industry knowledge to support management in making decisions.   We are always just a phone call or email away!

     

     

  • October 2023

    IN THIS ISSUE ...

    Political Activity on Campus

    A description of what political activity is allowed

     

    Don’t Forget Compliance Education

    Reminders for your training

     

    Compliance and Ethics Awareness Week

    Mark your calendars!

     

    Guest Corner: John Craft

    Recognizing Cybersecurity Month

     

     

    Political Activity on Campus 

    Watch television or surf the web for just 10 minutes these days and you can’t miss the fact that we are deep in political campaign season.

    You might not know that the University is prohibited by law from participating, directly or indirectly, or intervening in political campaigns.  This restriction is essential to the University maintaining its status as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

    However, there are situations when the University’s facilities and resources can be used in connection with political campaigns.  You can find detailed information on these exceptions in the Policy on Political Campaign Activities on Campus

    Please remember that this policy does not apply to or restrict in any way the discussion of political issues, teaching of politics or campaign-related subjects, or academic research involving political issues, or campaigns.

     

    Don’t Forget Compliance Education!

    If you haven’t yet already done so, don’t forget to complete your compliance training.  All Faculty and Staff and Administrators are assigned annual training in the areas of Cybersecurity, Harassment and Discrimination Prevention and FERPA (Family Educational Rights and Privacy Act) if you access to student educational records.

    Your training invites will come from Kris Henderson, Director of Compliance, and you can find the training on Talent Web on the Human Resources website (hr.richmond.edu) 

    If you have any questions, reach out to khender3@richmond.edu

     

    Compliance and Ethics Awareness Week!

    Mark your calendars for November 5-11, 2023 for the University’s observance of National Compliance and Ethics Awareness Week.

    The week is a chance for faculty and staff to learn about compliance on campus and to celebrate our collective efforts to make UR a wonderful place to work. 

    The week will bring online activities and compliance officer appearances – all with opportunities to win some fun prizes.

    We look forward to your participation!

     

    GUEST CORNER:  Cybersecurity Awareness Month

    By John Craft, Director of Information Security

    October is Cybersecurity Awareness Month, and this is a great time of year to think about securing your digital life.  In this age of ever-increasing reliance on technology in our daily lives, securing your data and devices is of the utmost importance. Think about how many times you use technology in your daily life.  It may be that trip to the coffee shop or grocery store, getting gas, registering for an event, or just sending a message to your friends or family through email or social media.  All of these could be impacted if you do not remain aware of cybersecurity risks and take steps to protect yourself.

    Research estimates that a successful cyber-attack occurs every 39 seconds and that by 2025 cybercrime will cost the world $10.5 trillion annually.  Statistics like those are very daunting and might easily discourage you.  However, you are very unlikely to be a victim of cybercrime if you follow some fundamental best practices for your information security.

    1. Use multifactor authentication (MFA) whenever it is available for your accounts. MFA has been proven to stop 99.9% of account compromise attacks.  Don’t delay, enable MFA!
    2. Don’t reuse your passwords. If your password is compromised, every account that uses that password is at risk.  Make sure you are using strong, unique passwords for every account.  UR makes this simple by offering all students, faculty, and staff a FREE LastPass Premium account. Just search for “LastPass” on the UR website for instructions on how to get this.
    3. Update your systems and applications. Vulnerabilities are regularly discovered in the software on our systems and applications. Make sure you are applying security updates regularly to ensure a bad actor cannot take advantage of unpatched vulnerabilities.
    4. Think before you click. Never click on a link in an email or an untrusted website without thinking about the circumstances. Phishers try to impersonate someone you trust or instill a false sense of urgency to make you click without thinking.  So, stop and ask yourself “Do I trust this link?” before clicking.  That simple process can save you from a world of grief if you fall for a phishing scam. Always remember – if it sounds too good to be true, it most likely is not!
    5. Back up your critical data. Everyone has heard of the dangers of ransomware. Having a secure backup of your data, protected by MFA, can help you sleep better at night knowing that you can always restore your data if needed.
    6. Monitor your credit reports. What used to be a difficult and time-consuming process has become much easier in recent years. Ensure that you take the time to annually review your credit report with the major credit bureaus. Information security has a page dedicated to protecting yourself from identity theft at https://is.richmond.edu/infosec/securityawareness/tips/idtheft.html.

    If you can integrate these fundamental practices into your digital lifestyle, you are much less likely to be a victim of cybercrime.

    UR Information Security is planning several events to celebrate Cybersecurity Awareness Month.  For a full listing of these events go to our website at https://is.richmond.edu/infosec/events/index.html.  Of note this year, we are hosting a Capture the Flag (CTF) competition that is open to all students, faculty, and staff.  This competition will have fun challenges for users of all skill levels and let you think like a hacker! Come join the fun the first week of November!

  • September 2023

    In This Issue...

    A Short Introduction

    Saying hello and setting up expectations for our newsletter

    What Exactly is Compliance?

    An introduction to newcomers and a refresher to returning employees

    Guest Corner: Maribel Street

    Staying prepared for emergencies during the fall semester

    Introducing Compliance Matters: What to Expect Here

    Welcome to the Compliance Matters Newsletter, Volume One!  We’re excited to present to you the latest and greatest from Richmond’s Compliance Office. 

    In this newsletter, you can expect to find the following:

    • Tidbits and information about the Office of Compliance and compliance-related issues
    • Reminders on compliance education and tools you’ll need
    • Guest appearances from other Richmond colleagues

    Regardless of who you are, compliance is an issue that effects everyone, at every level.   From faculty to students to staff, we hope this newsletter can be a source of information, clarity and interest as we pursue the highest standards of ethical conduct here at Richmond.

    The Office of Compliance is a resource that is available to all Richmond departments.  Please reach out for questions or use the Helpline 804 287-1800 or the online reporting form.  

    What Exactly is Compliance?

    By Kris Henderson, Director of Compliance

    Welcome to another academic year at Richmond.   I want to take this space to talk about what Compliance at Richmond is all about.   Richmond’s Compliance program is an ethics-based program not just a regulatory one.  What exactly does that mean?

    Let’s start with a few definitions.

    Compliance is the adherence to laws, regulations, policies and guidelines relevant to the University.  Our job is to provide guidance on understanding what’s required of each employee.  That’s why compliance education is so important.  You can’t follow a law, regulation or policy unless you know what it is.

    Ethics is concerned with what is right and wrong.  Ethics goes beyond what the law requires. It involves doing the right thing and following both the spirit and not just the letter of the law.

    Have you ever thought about why the speed limit on your local highway is what it is?   No matter what it is, 60 mph, 65 mph, 70 mph, a local “compliance” officer working with “business” stakeholders developed a policy regarding public safety that involved setting a speed limit and procedure for enforcement as well as discipline for violations.   That sounds like a strong compliance program.  But merely posting a standard, like a speed limit, does not ensure compliance. Wouldn’t it be great if everyone respected the standard because everyone knew it was the right thing to do and by following the standard it would make the organization a better place to work as well as being more effective?  That’s where a culture of ethics comes in working hand in hand with compliance.

    Guest Corner: Emergency Preparedness

    By Maribel Street, Director of Emergency Management 

    In observance of National Preparedness Month, the Office of Emergency Management is hosting a month-long series of events during September. National Preparedness Month exists to raise awareness about the importance of preparing for disasters and emergencies that could happen anytime, both on and off campus. 

    National Preparedness Month is a great opportunity for our campus to engage with emergency preparedness and safety, and we are thrilled to be part of that effort in welcoming everyone back to campus for the fall 2023 semester. This month’s activities include:

    September 13th 10-2pm Campus Forum – safety/preparedness fair with activities/info/swag/prizes

    September 22nd 7:30pm Westhampton Green - Disaster movie on the lawn (Student choice)

    September 28th 7pm Alice Haynes Room – Survival Cook Off Event

    For more information on National Preparedness Month and to learn more about the Office of Emergency Management download the UR SpiderSafe app!