What is a Compliance Matrix?
A compliance matrix framework enhances compliance primarily through the actions of a decentralized matrix of institutional office and officers, coordinated and assisted by a small central compliance function with a reporting relationship to the institutions governing board. A matrix connects individual components, coordinates their operations, and represents the institutional perspective. A matrix helps to ensure institutional compliance of policies, standards, laws and regulations in adherence with Stanford’s Seven Elements of Ethics and Compliance Excellence.
Compliance area owners and subject matter experts reside within the functional units/departments. Compliance area owners are responsible for the direct oversight and operations related to risk mitigation and monitoring activities associated with their respective compliance area. Across all of these categories, it is critical that the University ensure the right individuals have working knowledge to identify risk that, if not addressed, could result in significant harm to the institution.
The University's Compliance Matrix was created in 2001 with 18 major compliance areas expanding to 25 major areas by early 2017. It highlighted three levels of compliance responsibility: 1. Cognizant Cabinet Member, 2. Functional Responsible Office / Officer, and 3. Primary Operation of Responsibility. Some compliance areas listed were broad (e.g. Human Resource, and Global Operations) and others were very specific (e.g. Export Controls). While sufficient in identifying a limited set of compliance areas and their stakeholders, opportunities were identified to enhance the Compliance Matrix to make it a more useful and comprehensive resource for the University Community.
2017 Compliance Matrix Enhancement
A significant update to the Compliance Matrix was initiated in fiscal year 2017 by benchmarking and collecting information from internal and external resources. The goal of the update is for the Compliance Matrix to serve as a self-service resource in order to promote consistent, reliable guidance for the Stanford Community.
The enhanced Compliance Matrix categorizes 54 specific compliance areas into 16 broad compliance areas and includes information on:
- Cabinet Member(s) responsible for the 16 broad compliance areas,
- Responsible Office(s) for all 54 specific compliance area,
- Descriptions and examples of the specific compliance area’s regulatory requirements, - New Content
- Examples of applicable policies, and state and federal regulations, for the specific compliance areas, - New Content
- Resources available for the specific compliance areas identified, i.e. trainings, websites, internal policies, handbooks and guidelines. - New Content