Reporting Misconduct Policy

All members of the University community are expected to conduct University-related business with honesty and integrity, and must comply with all governing rules, regulations and policies. This includes:

  • employees (faculty and staff) and
  • students and individuals employed by the University, using University resources or facilities, or receiving funds administered by the University and
  • volunteers and other representatives when speaking or acting on behalf of the University.

Read the full Administrative Policy: Reporting Suspected Misconduct

Retaliation Policy

No member of the University community may retaliate against an individual because of the individual’s good faith participation in:

  • reporting or otherwise expressing opposition to, suspected or alleged misconduct;
  • participating in any process designed to review or investigate suspected or alleged misconduct or non-compliance with applicable policies, rules, and laws; or
  • accessing the Office for Conflict Resolution (OCR) services.

A causal relationship between the good faith participation in one of these activities and an adverse action is needed to demonstrate that retaliation has occurred.

Read the full Administrative Policy: Retaliation

University Policy Program

The University Policy Program supports the Policy Owners, the President's Policy Committee, and Responsible Officers throughout the policy lifecycle.

Conflict of Interest Program

A conflict of interest may exist when University employees have financial and business relationships with external business entities. The Conflict of Interest Program works with employees to manage conflicts of interest, where they exist.

Compliance Risk Reviews


The Office of Institutional Compliance (OIC) is charged with maintaining a compliance program that is in alignment with the Federal Sentencing Guidelines’ elements of an effective compliance program. An important component of this criteria is monitoring the effectiveness of an organization's compliance efforts. The Chief Compliance Officer implemented Compliance Risk Reviews in the summer of 2017 as a way for the OIC to meet this criteria. This approach to monitoring provides an in depth look at priority risk areas and fostering a culture of continuous compliance improvement.

Compliance Risk Reviews (CRR) are a proactive process of collaborative, cross-disciplinary, cross-educational gap analysis and mitigation of the Institution’s compliance efforts. The scope of the CRR varies from a focused look at compliance efforts related to one regulation or policy (e.g. HIPAA) to a broad view across a class of regulations or policies (e.g. privacy regulations).

Continuous compliance improvement process

Compliance risk reviews align with two elements of effective compliance programs, per the Federal Sentencing Guidelines.

  • Risk identification and prioritization
  • Monitoring, auditing, and evaluating

Identifying risk areas to schedule for review is a collaborative process. Information is gathered from outside resources, such as the Society of Corporate Compliance and Ethics, the B1G Compliance Officer Network, and the Minnesota Compliance Officer Network. Incidents occurring in the compliance arena both locally and nationally are considered. Key regulatory changes and internal compliance and risk management conversations with the University’s compliance partner network, Executive Oversight Compliance Committee, and the Audit and Compliance Committee of the Board of Regents also influence which risk areas are on a regular schedule for review. As of 1/1/18, there are 34 risk areas that are planned for review in a 5 year cycle. Other risk areas are identified as reviews to be conducted “as needed”. This list can change depending on a number of factors.

  • Purchasing
  • Athletics - Title IX
  • Campus Safety
  • Conflicts of Interest
  • Discrimination and Affirmative Action
  • Biological & Lab Safety
  • Food Safety
  • Occupational Safety
  • Export Controls
  • Housing ADA
  • Cybersecurity
  • Acceptable Use - Information Technology
  • International Activities & Programs
  • Programs Involving Minors
  • Program Integrity Rules
  • Animal Research
  • Accounts Payable
  • Athletics - NCAA Compliance
  • Clinical Services
  • Disabilities and Accommodations
  • Donors and Gifts
  • Environmental Safety
  • Hazardous Materials
  • Controlled Substances
  • Financial Aid
  • Housing - Title IX
  • Immigration/International Students & Employees
  • Intellectual Property/Technology Transfer
  • Lobbying and Political Activities
  • Privacy - Patients
  • Human Participant Research
  • Sexual Misconduct

The CRR process replaces what was known as the “Legal-Compliance Reporting Process (LCRP).” LCRP had been used by the University for more than 12 years as a method of monitoring compliance efforts through a system of self-reporting. This process had its strengths, but was retired in favor of a more collaborative process between compliance stakeholders and the OIC. We believe that the collaborative, cross-disciplinary, cross-educational elements of the CRR process make it far more effective. For questions please contact the Chief Compliance Officer Boyd Kumher

Timeline Key Activities
Weeks 1-3
  • Office of Institutional Compliance (OIC) researches the subject matter (risk area)
  • OIC drafts the topic-specific risk assessment tool and identifies participants/compliance partner for the risk
  • Reviews internally within OIC and adjusts the scope of the assessment, as needed
Week 4
  • Compliance partner and OIC meet (90-120 minutes) and discuss the overall process
  • Review scope, tool, and proposed timeline for this specific tool
Weeks 5-7
  • Compliance partner reviews the draft risk assessment tool
  • Prepares recommendations for adjusting scope, tool, timelines
  • Compliance partner and OIC meet to go over recommendations and rationale
Weeks 8-13
  • Compliance partner completes the self assessment
  • Submits to OIC
Weeks 14-16
  • OIC reviews the responses to the self assessment
  • Meets (60 minutes) with compliance partner to discuss – identify gaps/corrections
  • In-field verification completed, if needed
Weeks 17-20
  • Follows up on any outstanding matters
  • Summarizes the outcomes and report to the President, Executive Oversight and Compliance Committee, and others as needed