Duke University Statement of Compliance Principles

Purpose

Our institutional culture is built upon our history and values. Our shared values—respect, trust, inclusion, discovery and excellence—are more than aspirations. They are the beliefs and behaviors that we expect of ourselves and our colleagues. These are the ideals that we must uphold in order to earn and maintain our reputation for quality and integrity, and to inspire confidence with each other, and the world which we both serve and rely on for our future viability. Our values dictate our conduct and drive our culture. Putting these values into practice requires that we accept our responsibilities to one another—to think and act in ways that are ethical, legal and just, and that demonstrate courage, compassion, service, accountability and commitment in all we do on behalf of Duke. 

This Compliance Statement describes how Duke University and its schools, centers, institutes, and other units and controlled affiliates (collectively, “we” or “Duke”) establish, implement and monitor the institutional compliance program and execute various compliance responsibilities.   

Some individual Duke business units may have their own compliance policies or additional compliance statements that may supplement this Compliance Statement when appropriate.

Context

The regulatory and legal environments in which Duke operates are highly dynamic. This complexity requires us to constantly evaluate and strengthen our compliance activities by understanding and informing the Duke community of key requirements, working to minimize administrative burden, having resources to provide guidance in real time, and encouraging individuals to speak up so concerns can be readily addressed. Duke’s commitment to compliance excellence is reinforced through leadership engagement, mission and values alignment, integration with enterprise risk management, support for compliance program talent, investment in tools and resources, and collaborative engagement with Duke’s staff, faculty and governing boards.

Duke is innovative, entrepreneurial, and courageous in tackling the most difficult challenges to advance knowledge and understanding. Policies, rules, regulations and laws are a necessary reality of any large organization, but the breadth and variety of rules applying to the academy create a uniquely complex environment. 

At the highest level, an effective compliance program provides vital guardrails that help us achieve our aspirations and objectives while managing the realities of external requirements and works to devise fit-for-purpose mitigation and processes to manage risks. A balanced and effective compliance environment simultaneously supports shared ownership of individual inquiry, programmatic success and institutional oversight.

Organizational Framework

Everyone at Duke is responsible for compliance – we all have a part to play. The Institutional Ethics and Compliance (E&C) Program is designed to help us achieve our mission responsibilities by promoting ethical behavior, accountability, risk management and shared ownership.

Duke’s compliance organization structure is based on the federated, or decentralized, model: 

• Executive sponsors set the cultural tone and oversee institutional compliance risk management and alignment with mission.
• The compliance program leadership establishes institutional program priorities, promotes program maturity and monitors effectiveness of decentralized activities.
• The compliance risk owners are senior leaders with designated responsibility to design and implement processes that support compliance objectives, and for monitoring the reliability and success of those processes.
• Subject matter expertise is embedded in many operational areas. The network of champions, liaisons and transaction specialists are accountable to compliance risk owners. 

Additionally, the Institutional Compliance Advisory Committee (ICAC) and the Compliance Leaders Group (CLG) provide engaged, coordinated and proactive measures for the institutional compliance risk management program.  

Image

Regulatory Framework

Duke activities and transactions are governed by a combination of internal and external directives, with an overarching expectation of effective processes and performance monitoring.

• Duke Policies & Procedures: internally developed principles of action that interpret how we meet external requirements and align with our values and mission.
• Sponsor / Agency Guidance, Terms and Conditions: the enforceable conditions of formal agreements with external parties, and the specific expectations that support responsibility, accountability and stewardship of 3^rd party resources.
• State, Federal and Global Laws and Regulations: the body of legal and regulatory requirements that apply based on the activities conducted, the specific location of those activities, and the individuals involved in the activities.
• Program Effectiveness: Duke follows the US Department of Justice guidance regarding the elements of an effective compliance program.

The institutional compliance program is designed and operationalized in alignment with the US Department of Justice Guidance. Specifically, the Institutional Compliance Program within the Office of Audit, Risk and Compliance is charged to:

1. Assess compliance and identify emerging risks for evaluation and oversee a risk mitigation strategy.
2. Provide a confidential reporting channel and ensure concerns receive appropriate attention by the right office(s).
3. Maintain a comprehensive and readily searchable repository of institutional policies.
4. Ensure the governing board understands the compliance environment and receives reports on any significant issues.
5. Guide and disseminate the institutional ethics statement and related code of conduct.
6. Develop and deploy educational tools for leaders designed to foster holistic approaches to risk management.
7. Maintain the inventory of compliance obligations, activity owners, and external reporting requirements.
8. Ensure adequate 3^rd party due diligence and ongoing relationship management.
9. Monitor decentralized compliance activities to ensure reasonable and appropriate management.
10. Investigate or coordinate investigation of misconduct and track corrective action.

Contact Us

If you have any questions, comments, requests or concerns about this Compliance Statement or other compliance-related matters, please contact us as follows:

Chief Audit, Risk and Officer: Leigh P. Goller
Director, Institutional Compliance Program: Kelley Hikade
Email: oarc@duke.edu
Phone: 919-613-7630

Address:    
      Director, Institutional Compliance Program
      Office of Audit, Risk & Compliance
      Box 90436
      705 Broad Street, Suite 210
      Durham, NC 27708

Report a Concern

We speak up when words, behaviors or actions are not consistent with our values. It takes courage to come forward. Retaliation for reporting concerns in good faith is strictly prohibited. 

If you witness or are asked to participate in actions that are not consistent with our values, tell someone. 

• Ask your supervisor, department head, academic dean, residence advisor or ombudsman for advice.
• Access the Speak Up reporting webform (at values.duke.edu/speak-up-reporting) to submit information.
• Contact 800.826.8109 to discuss your question or report your concern. The toll-free number provided is available 24 hours per day and 365 days per year and is confidential and anonymous if you choose.

Duke commits to conducting a fair and expeditious inquiry and to use any information to correct errors, make improvements, and ensure accountability. To the extent possible, we protect confidentiality of individuals and information related to investigations. Should illegal activity be suspected or confirmed, the university has a duty to report those facts to the appropriate authorities.