To: University Leadership

From: Edward Feser, Provost and Executive Vice President

16 November 2018

Dear OSU Community:

Over the past four years, the Office of Audit Services and the Office of University Compliance have partnered to reduce critical operational and compliance risks at OSU, with the Office of General Counsel serving in an advisory role. Those efforts have enhanced our ability to manage risks related to cybersecurity, lab safety, natural hazards, and more. In addition, we have taken significant steps to prevent and respond to sexual violence and increase employees’ knowledge of key risks through the implementation of critical employee training.

Following the departure of Chief Compliance Officer Clay Simmons, President Ray and I proposed a realignment of our audit, compliance, and risk functions to the OSU Board of Trustees. The Board subsequently approved our recommendation to fold the Office of Compliance into the Office of Audit Services. The new unit—named the Office of Audit, Risk and Compliance (OARC)—takes advantage of operational synergies between auditing and compliance.

The organizational change is cost neutral and aligned with professional standards. Benefits include:

  • Better communication among the functions mentioned above;
  • An improved ability to create effective and efficient mitigation strategies; and
  • Expanded opportunities for staff growth and succession planning.

OARC’s mission includes:

  1. Auditing: Through the performance of independent internal audits, provision of objective assurance and advice aimed at improving university operations, helping the University accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving risk management, control, and governance processes.
  2. Risk Management: Oversight of the university-wide risk assessment program by creating and maintaining a framework for effectively identifying, assessing, and managing risk. Note that the role will not include supervision of the enterprise risk services department that assists departments in their individual risk management assessments and administers the University’s insurance programs.
  3. Compliance: Oversight of the institutional compliance program and the distributed processes that support compliance across the University.

Patti Snopkowski will serve as OSU’s Chief Audit, Risk and Compliance Executive. A search for a Director of Compliance, reporting to Patti, is underway. The Office of General Counsel will continue to provide all legal advice and counsel on legal risk priorities.

The Director of Compliance will continue to be advised by a Compliance Executive Committee, chaired by the Provost. Other members of the committee are the Vice President for Finance and Administration, the Vice President for Research, the General Counsel, the Senior Vice Provost for Faculty Affairs, the Faculty Senate President, and the Chief Audit, Risk and Compliance Executive.

OARC’s new web site provides useful information and resources. In addition to managing the university accountability and integrity hotline, OARC is the immediate point of contact for questions about compliance, risk, and audit matters. When appropriate, the office will refer issues to other campus units, including the Division of Finance and Administration and the Office of General Counsel.

Please let Patti or me know if you have any questions about this realignment.

Sincerely,

Edward Feser
Provost and Executive Vice President