Compliance and Ethics Program

Governance and Oversight

An effective compliance program relies on senior leadership and management commitment to the goal of ensuring robust internal controls and upholding the highest ethical standards.

RIT's Program demonstrates strong dedication from the President, Board, and senior and operational leadership to comply with laws and regulations and operate the university with utmost integrity and ethical conduct. Additionally, three internal risk and compliance committees guide and support the Program's implementation and operation. For further details on governance and oversight, see the Compliance Program Roles and Responsibilities.

Risk Identification and Assessment

RIT conducts an annual enterprise-wide risk assessment, which includes a review of all legal and compliance risks, with a goal to identify, analyze, and prioritize top risks for the university. Top enterprise risks require the attention of senior leadership and documented risk response plans to ensure proper management. This process requires collaboration with and input from a wide variety of individuals on campus, including subject matter experts, operational management, senior leadership, and the Board of Trustees.

Policies and Procedures

In addition to the Compliance Policy and Code of Ethical Conduct (C00.0), RIT has policies and procedures to address legal and regulatory requirements. You can find these policies in the University Policies Manual, which is available online for easy access.

Training and Communication

Education and training clarify expectations and responsibilities and minimize legal, financial, and physical risks for employees and the university. RIT is committed to providing training that equips employees for their roles, with a focus on employees who work in control functions and high-risk areas. OCE oversees the university’s Policy on Mandatory Training (C.25).

Confidential Reporting and Investigation

RIT provides multiple avenues for individuals to confidentially report misconduct without fear of retaliation. Internal departments conduct thorough reviews of all allegations, and qualified investigators ensure impartial investigations. Issues related to fraud, corruption, sexual misconduct, and allegations by protected groups receive special attention. Depending on the findings, corrective actions, up to and including termination, may result, and reports may be elevated to the appropriate senior leaders.

Third-Party Management

RIT actively monitors interactions with external parties to ensure ethical and compliant business practices. Third-party management includes oversight of research partners and sponsors, vendors and suppliers, and business associate adherence to Information Security policies and standards. OCE also oversees Conflicts of Interest and Commitment for all staff and faculty, including ensuring management plans are documented as needed for third-party relationships.

Continuous Improvement, Monitoring, and Review

RIT actively oversees high-risk activities and consistently evaluates processes and procedures within the Compliance and Ethics Program. OCE collaborates closely with Internal Audit, Compliance, and Advisement (IACA) to ensure thorough reviews are regularly conducted of areas with elevated risk. Furthermore, the Program ensures ongoing adaptation and evolution through annual updated risk assessments to identify current enterprise risks.

Compliance Partners Council

The Compliance Partners Council (referred to as the “Council”) consists of university employees who primarily handle compliance-related responsibilities. The Council's purpose is to create a platform for sharing best practices and ideas related to managing compliance and ethical issues, concerns, or challenges. The Council aims to foster continuous improvement and promote adherence to the university’s policies, procedures, and ethical standards across all levels.

All RIT Employees

All RIT employees have a responsibility to comply with regulatory, legislative, and internal policies and procedures relevant to their roles. This includes identifying, managing, and reporting any compliance breaches. Additionally, employees must attend scheduled compliance training and promptly report and escalate any compliance concerns, issues, or failures in alignment with the policy.