Duke | OARC

We provide assurance and compliance program services across the entire institution, including Duke University, Duke University Health System, and DUMAC.  

As a service provider within Duke, we consider first the needs of our stakeholders.  With this approach, we foster open and collaborative relationships, risk-focused engagement and opportunities to identify improvements to governance, financial and operational processes and procedures.  Communication with our stakeholders and staff development support our mission to advance and integrate risk awareness, internal controls and compliance requirements as well as to collaborate on proactive and innovative improvements to business processes.

OARC's charter charges the office with performing independent internal audits, planning and overseeing the university risk management process, and overseeing the institutional ethics and compliance program.  It is designed to help fulfill the fiduciary responsibilities of the Duke governing boards.

Governance Structure and Independence

To ensure OARC's independence, the chief audit, risk and compliance officer reports administratively to the president of the university and the chancellor for health affairs, and functionally to the boards and audit committees.


Leigh P. Goller, Chief Audit, Risk and Compliance Officer

Annual Report

Annual Report for the Fiscal Year Ended June 30, 2023.

Annual Report


Office of Audit, Risk and Compliance (OARC) talent and resources advance and integrate risk awareness, internal controls and compliance requirements; collaborate on proactive and innovative improvements to business processes; and provide high-quality audit and advisory services to university and health system stakeholders. 

As part of our mission, we strive to:

  • Recruit and develop high-caliber people
  • Be leaders within Duke and our profession
  • Deliver recognized value to our stakeholders

For information about Duke Privacy.

For information related to patient privacy, breach of PHI or health related privacy, please contact DUHS Compliance Office: 919-668-2573 or email: MCAdmin Compliance.

We each have an obligation to be aware of and promote compliance with laws, regulations, rules, policies and expectations within our areas of responsibility. The institutional compliance program guides us in these responsibilities through a set of policies and procedures, combined with culture, management ownership, operational expertise, monitoring and objective assurance.

Duke relies on a federated compliance structure with institutional oversight. The president designates the executive vice president (EVP) as the compliance risk owner and the chief audit, risk and compliance officer as the compliance assurance owner. The EVP delegates particular institutional responsibilities to area-specific compliance officers.

OARC guides and enables continuous improvement of the compliance culture and related compliance activities, including compliance maturity and the speak-up program. We collaborate with compliance programs across the university, to enable continuous improvement, increase compliance culture awareness, produce risk-based assurance, perform central coordination and oversight for fulfilling the federal standards for an effective compliance program.

The Duke Office of Audit, Risk & Compliance offers excellent opportunities to invest your career with an office committed to Duke's Values and to individual success, personal achievement, professional development, and career advancement.

Apply for a position(s) through Duke Careers and search the Requisition ID#.



Duke’s Values in Action is a statement of our responsibilities that ensures we perform to the best of our abilities, act with integrity, and comply with applicable laws, rules, regulations, professional and accreditation standards and Duke policies and procedures. This presents the principles that guide our work, research, study and volunteer activities on behalf of Duke.  Our ability to provide the very best of education, healthcare, research and community engagement depends upon the commitment of each one of us toward these shared ideals for a supportive workplace environment, positive interactions with others, and stewardship of our resources.

Please follow this link to read more about Duke's Values in Action.



Our audit teams perform audits, assurance reviews and risk assessments for both the university and the health system. 

University Audit Director:  Joanna Rojas 919-613-7674 / joanna.rojas@duke.edu

Health System Audit Director:  Leigh Baxter 919-613-7637 / leigh.baxter@duke.edu

Information about Internal Audit

Sponsored Programs Assurance and Research Compliance

Sponsored Programs Assurance and Research Compliance (SPARC) performs risk-based sponsored programs and clinical research reviews to support Duke’s research enterprise. SPARC engagements evaluate process design efficiency, transactional effectiveness and internal controls against risk tolerance and operational objectives, as well as applicable federal regulations and Duke policies. Engagements support Duke’s goal of promoting and maintaining research integrity and excellence and ensuring effective sponsored program administration, oversight and reporting.

Contact SPARC Director: Vanessa Peoples 919-684-3612 / vanessa.peoples@duke.edu

More information about SPARC

Compliance Services

Compliance Services includes the following areas:

  • Compliance Liaison Program: identifying compliance risk owners across Duke University; gathering information from the group at least annually regarding their monitoring activities, any noncompliance, applicable external regulations, and internal policies, procedures and training in place to manage identified risks
  • Conflict of Interest Administration: conflict of interest assessment and monitoring for employees with key administrative responsibilities and for offices with significant access or influence
  • Incident/Case Management:  case management coordination and incident investigation, helpline administration; triage as appropriate to other areas at Duke based upon incident type
  • Policy Administration:  Duke University policy library maintenance, update and review coordination with content owners and policy stewardship for the Duke community 

For more information please contact Summer Webbink / 919-613-7634.



Duke is committed to appropriate oversight and takes safeguarding sensitive and/or regulated information seriously, promoting responsible stewardship of information assets institution-wide.

Duke University Privacy Statement

For information related to patient privacy, breach of PHI or health related privacy, please contact DUHS Compliance Office: 919-668-2573 or email: MCAdmin Compliance.

Visit Duke Privacy


The Chief Audit, Risk and Compliance Officer facilitates institutional risk assessments monitoring risk action plans owned by senior leaders.

For information regarding insurance coverage and risk, please contact:

Duke UniversityChristopher Boroski, Director, Corporate Risk Management / 919-684-6226 / https://finance.duke.edu/insurance/

Duke Health: Jennifer Adams, Assistant Vice President, Risk Management, DUHS and Director, Clinical Risk Management / 919-684-3277


Consumer Information

In accordance with federal regulations set forth under the Higher Education Act of 1965, as amended, below is a summary of consumer information that must be made available to all students at Duke University.

Consumer Information