Compliance in the higher education sector is a big deal, a really big deal.
Compliance failures can be incredibly damaging for the 4000+ universities and colleges throughout the US, especially with increasing media vigilance. There have been many high-profile examples of costly fails. For example, consider Title IX, which provides protections against gender-based exclusion or discrimination in educational programs that receive federal financial assistance. Throughout the past 10 years, countless universities have found themselves faced with Title IX lawsuits claiming lax, discriminatory and neglectful policies that foster cultures of sexual violence. These cases have included the following costly settlements:
Obviously, the costs of litigation can reach large sums (some cases have even exceeded $5 million), and siphon precious funds from important educational delivery and research. But it’s important to note that compliance in the higher education sector is incredibly complex. If you check out the list of federal laws and regulations that govern colleges and universities published by National Association of College and University Attorneys, you will see there are literally hundreds of standards and regulations that must be adhered to. Within each are requirements, and within each requirement are nested sub-requirements, and so on. Any given higher education institution could easily be subject to thousands of compliance requirements. Many of these requirements are niche and specific to certain functions within these schools, faculties and research departments, increasing the challenges of addressing multiple and complex compliance requirements.
Compliance with these regulations ensures essential protections for numerous stakeholders, including students, families, employees and the general public, and ensures institutions are accountable for the way they spend federal funds. But compliance is also an enormous administrative burden on colleges and universities. A 2015 study into the sector estimated the cost of managing compliance in the US higher education sector at $27 billion.
Consequences of non-compliance are not just monetary
The most obvious penalties of major compliance failures are monetary fines and expenses, but there are other negative outcomes, including restrictions on programs and/or student resources, potential lawsuits, and damage to the reputation and financial stability of your institution. Consider grants for a moment. The OMB-A133 regulations have strict requirements that are heavily regulated, and often audited. Lack of compliance in this area could lead to loss of grants, a major source of capital for colleges and universities. That is a severe example, and there are many more examples of non-compliance that could negatively impact a school from a variety of perspectives.
Reputational damage is also a factor. For example, according to the Institute for the Study of Labor, Title IX investigations, settlements, and media coverage all have material influences on the enrollment levels of female students. In fact, the study reveals that schools who have been impacted by Title IX investigations see a decrease of 16% in first-year female students, and a 22% decrease in second-, third-, and fourth-year female students. Assuming a school has 10,000 students (2,500 freshmen), and an annual tuition of $15,000, that amounts to $30.7 million in potential lost tuition revenue due to students choosing competing institutions. And then there may also be further damage resulting from failure to attract or retain quality faculty staff.
Stop managing compliance in silos
To be effective at managing compliance, higher education institutions need to implement a culture that prevents compliance failures. An effective compliance program is comprised of a culture that encourages ethical conduct and a commitment to compliance activities. This is achieved through coordination and collaboration among the various business areas and divisions, with the key stakeholders (e.g., internal audit, compliance, general counsel, human resources, etc.) all involved.
But in ACL’s experience, compliance management in higher education institutions today isn’t typically conducted in such a centralized/coordinated fashion. Instead, compliance is managed in silos, often by program administrators who may not necessarily be compliance experts. Let’s be honest, these administrators have pressing work demands, priorities and issues within their programs, which means that compliance often becomes an afterthought—maybe even a “check mark” exercise—as other priorities take precedence.
When compliance is managed in silos, how can overall effectiveness be measured? How can you know if your compliance activities will satisfy oversight bodies and/or regulators? How can controls and policies be linked back to requirements to demonstrate the robustness of compliance programs? The short answer is that it’s really difficult. With no centralized function or view into compliance activities, most schools are compiling spreadsheets, relying on accurate data entry, and then rolling that information up the chain. This model doesn’t typically map to policies or controls, and certainly doesn’t incorporate data or analytics. And finally, what about reporting, and nice-looking compliance dashboards that make it possible for senior leadership to easily digest complex compliance information? The ACL GRC software platform makes it possible to achieve all of these things and ensure that you are meeting your compliance obligations more easily.
The smart way to manage your compliance requirements
The best way to help coordinate compliance activities is to ensure that all stakeholders are working in an integrated way, with consistent tools and resources. If you don’t have a clear view of your compliance risk, the threats of compliance violations are inherently real. So, how do you get that big-picture view and ensure that you are meeting your compliance requirements? By investing in easy-to-use technology like ACL GRC, you can better manage your institution’s largest compliance risks while keeping regulators at bay. The risks outlined in this blog are serious, but in terms of the overall landscape of higher education compliance requirements, they are just the tip of the iceberg. Make sure you are doing all you can to avoid damaging compliance failures.
Six Ways to Reduce the Burden of Compliance
ACL’s Chief Product Officer, Dan Zitting, and Chief Technology Officer, Keith Cerny, detail six simple principles you can implement to make compliance easier.