Frequently Asked Questions (FAQ)
What is the difference between Compliance assessments and Audit projects?
There are distinct differences between compliance assessments and audit projects. The compliance assessment process allows us to first understand the control framework and validate the existence of compliance controls. If we do identify potential gaps (control weaknesses), we have the opportunity to work proactively with management to address them in a timely manner. The culmination of the assessment does not lead to the issuance of a formal report, but rather the finalization of our compliance assessment template. The information collected during the assessment is maintained in a confidential manner. Audit projects are typically scheduled at a later date to evaluate the adequacy and effectiveness of internal controls, including a much more thorough examination in order to render an audit opinion. ASIC does issue a formal audit report to senior management and the work papers can be viewed by external governing parties. All compliance assessment and audit information is available to the Board upon request.
What are the essential elements for an effective ethics and compliance program?
Caltech’s Institute Compliance Program (ICP) is tailored after the United States Federal Sentencing Guidelines (FSG), Chapter Eight §8B2.1 “Effective Compliance and Ethics Program”that describes the elements for an effective compliance program. These guidelines are the “gold standard” by which organizations are measured to demonstrate that compliance is an integral part of their culture. The objective of the ICP is to ensure the Institute maintains a framework that reinforces the importance of good stewardship of all Institute funds and adhering to applicable rules, regulations, laws, policies, and procedures.
Essential Elements of an Effective Compliance and Ethics Program (Federal Sentencing Guildelines - Chapter 8, Section 2)
The Institute Compliance Program is aligned with the elements of an Effective Compliance and Ethic Program, as detailed in the US Federal Sentencing Guidelines, Chapter 8B2.1. The intent of U.S. Federal Sentencing Guidelines is to encourage self-governance efforts, including the assessment of specific Program elements listed here that assist with due diligence in seeking to prevent and detect criminal conduct.
The Elements are highlighted below:
- Promote an Ethical and Compliant Culture
- Standards, Policies, and Procedures
- Organizational Leadership, Oversight, and Authority
- Reasonable Efforts to Exclude Prohibited Persons
- Communication and Training
- Monitoring and Auditing
- Evaluate Program Effectiveness
- Independent Reporting Mechanism
- Enforcement and Disciplinary Actions
- Response and Prevention
- Periodic Risk Assessments
Who is the Insitute Chief Compliance Officer?
Pam Koyzis, the Executive Director of Audit Services and Institute Compliance (ASIC), serves as the "Institute Chief Compliance Officer" at Caltech and is a champion for ethics and compliance activities. She reports administratively to the Vice President for Business and Finance with direct reporting lines to the President and to the Audit and Compliance Committee of the Board of Trustees.
If I see something that may put the Institute at risk, what should I do?
If you have concerns about potential violations of Institute policies, laws or regulations, unethical behavior, conflicts of interest, actual or suspected fraud, or other improper actions, please report your concerns to your supervisor or manager, Human Resources, the Chief Institute Compliance Officer, the Office of General Counsel or by calling the Caltech Hotline at (626) 395-8787. The Hotline offers the Campus community a way to both obtain advice and report behavior that may jeopardize the integrity of the Institute. Students, faculty, and staff may contact the confidential Hotline or contact the Chief Institute Compliance Officer directly. Hotline communication can be anonymous.
What types of risk is the Institute concerned about?
We all have a tendency to associate risk with financial matters, but the Institute faces many types of risk. The Institute broadly defines risk as any issue that could impact the Institute's ability to achieve its objectives. With that said, risk really does apply to many aspects of our work.
What types of compliance training is provided at Caltech?
General compliance training at Campus and JPL is conducted using a variety of formats including classroom, online, and written materials. Employees receive general compliance training during new employee orientation. The Code of Conduct and JPL's "The Ethics Handbook" are distributed to new employees at Campus and JPL respectively. Both documents are also available online. In addition, specialized training sessions that specifically target key regulatory compliance requirements are available at both Campus and JPL. At JPL, annual ethics, export controls, and information technology training are mandatory.
If you have a question that has not been answered above, please contact us via email at firstname.lastname@example.org.