Duke Alert Bar


David Falcone
David J. Falcone
Director of Privacy, Ethics and Compliance
University Compliance Officer

Duke University Compliance Program Accountability and Assurance

See Policy (approved and issued by the university president on March 20, 2017)


New in 2018

Please click this link for information relating to the recent email that you may have received regarding Administrative Conflict of Interest Reporting.


Duke University Compliance Program

The Duke University Compliance Program provides oversight for compliance activities across the entire university. There are three sections which perform compliance review and advisory activities; Research Compliance Assurance (RCA), Privacy, Ethics and Compliance Program, and Sponsored Programs Assurance (SPA). The Chief Ethics and Compliance Officer (CCO) reports to the Audit, Risk and Compliance Committee of the Board of Trustees through the Chief Audit Executive and the President.


Program Overview

This overview memorandum provides a description of the significant components of the Duke University Compliance Program and how the program fulfills the federal standards for an effective compliance program (PDF).

The Duke University Compliance Program:

  • Exercises oversight responsibility for compliance and ethics activities across Duke
  • Provides oversight of compliance liaisons
  • Ensures fulfillment of the federal standards for an effective compliance program
  • Provides advice and guidance to senior leadership related to compliance risks
  • Administers the Duke University Privacy Program
  • Conducts proactive compliance reviews in the highest priority compliance risk areas; and
  • Evaluates and responds to instances of noted noncompliance.


Code of Conduct

Duke University’s Statement of Ethical Principles and Code of Conduct 

This document serves as a statement of principles and responsibilities for the full Duke community. Members of the Duke University community include Duke University Health System trustees, senior officials, faculty, staff, students, student employees, student leaders and university-authorized volunteers acting on behalf of Duke. 

School of Medicine and School of Nursing faculty and staff and DUHS personnel are also subject to the Duke Health code of conduct; Duke Integrity in Action.  Both the Code of Conduct and the Integrity in Action emphasize that confidentiality of individuals reporting violations of laws, rules or policies will be maintained to the extent practicable, and individuals reporting issues in good faith will be protected from retaliation.

The non-retaliation and non-retribution policy is contained in the Code of Conduct for the University and Duke Health.  Confidentiality of individuals reporting violations of laws, rules or policies will be maintained to the extent practicable, and individuals reporting violations in good faith will be protected from retaliation.


Compliance Program Standards and Responsibilities

The U.S. Federal Sentencing Guidelines describe the required elements it considers when determining whether an organization has an effective compliance program: “an organization shall (1) exercise due diligence to prevent and detect criminal conduct, and (2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.” 

Duke has insured it meets all elements of federal guidance for an effective compliance program. 


Compliance Assurance Framework

OARC has developed a Compliance Assurance Framework using the Institute of Internal Auditors’ three lines of defense model to describe the roles of management, compliance, and audit in assuring compliance at Duke.  Management, the first line of defense, is responsible for culture and process (controls, risk tolerance and monitoring).  Compliance, the second line of defense, is responsible for ethics oversight, coordination of the compliance liaison program, administration of the Duke University privacy program, coordination of compliance advisory and facilitation services and the conduct of centralized compliance reviews in areas of highest priority compliance risks.  Internal Audit, the third line of defense, is responsible for conducting horizontal audits of processes that support sponsored programs administration and compliance, and vertical audits of business units with suspected challenges.  Audits focus on process efficiency and effectiveness as well as root cause analysis for confirmed issues.  


Conflict of Interest Policies

Duke University policies require the disclosure, review, and, where necessary, management of relationships that could be considered or perceived as a conflict of interest.

The Financial COI Policy applies to the entire Duke community including all faculty and staff.  The Institutional COI Policy relates to Duke's potential conflicts rather than those related only to an individual.  Lastly, there are specific COI policies related to Duke University Trustees and Duke University Health System Directors.

The Compliance Program is involved in the conflict of interest (COI) governance process by:

  • Participating in the COI related committees including: SOM and Campus COI, Administrative COI, Institutional COI, and COI Advisory.
  • Performing reviews of the COI process.
  • Review of Trustee COI disclosures and developing conflict management plans.
  • Advising on administrative and institutional COI issues and processes.
  • Communication of COI matters to the Audit, Risk and Compliance Committee.

Below are the COI policies.  Please contact Duke University Compliance Program (link sends e-mail) for questions relating to:

Call Research Integrity Office or Office of Research Support for additional question relating to:


Office of Export Controls

The Duke University Compliance Program works with the Office of Export Controls to provide assistance with activities in embargoed/sanctioned countries.  Travel and/or financial transactions may be restricted in these countries.  Please contact the Office of Export Controls before engaging in any activities involving these countries.


Statement Regarding 21 CFR Part 11

Duke University Health System Statement Regarding 21 CFR Part 11

Duke University Health System (DUHS) utilizes various electronic records systems for treatment, payment and operations. Based on analysis of these systems and an understanding of current regulations, DUHS believes these systems meet HIPAA Security Standards and CMS requirements. These systems have not been 21 CFR Part 11 certified.  DUHS continues to review regulatory requirements and best practices related to the use and security of electronic records systems. Policies and procedures will be revised and developed as requirements dictate.

FDA Notice of Intent to Use Electronic Signatures [21 CFR 11.100(c)]


Compliance Vacancies

  • Senior Compliance Auditor - Research Assurance Compliance:  Requisition # 401414573

Apply for position through the Duke HR Website.