Business Procedures Manual

Fiscal Affairs Division

16.2 DOAA and Other External Auditors

(Last Modified on February 15, 2024)

Institutions of the University System of Georgia (USG) are subject to audits, special reviews and other engagements regularly conducted by the state Department of Audits and Accounts (DOAA), federal auditors, personnel from the USG Office of Internal Audit, Ethics and Compliance (OIAEC), institutional internal auditors, and other third-party auditors.

OIAEC is under the direction of the Vice Chancellor of Internal Audit, Ethics & Compliance/Chief Audit Officer (CAO) and is comprised of the Board of Regents (BOR) OIAEC staff and institutional internal auditors. OIAEC exists to support the BOR, system administration, and institutional administrations in meeting their governance, risk management and ethics and compliance responsibilities while helping to maintain a culture of accountability and transparency and improve organizational and operational effectiveness and efficiency. OIAEC provides independent and objective assurance, compliance and consulting services to the BOR, the Chancellor, and institutional leadership in order to add value and improve operations. OIAEC activity helps the University System Office (USO) and USG institutions accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, ethics and compliance, and internal control processes.

OIAEC conducts the following types of engagements:

  1. operational, financial and information technology assurance engagements of USG institutions and the USO;
  2. system-wide reviews of specific programs and processes;
  3. consulting services to the USO and to USG institutions; and,
  4. special reviews and investigations.

To accomplish these objectives, OIAEC personnel are authorized to have full, free, and unrestricted access to all property, personnel, and records to the extent permitted by law. The USG Human Resources Administrative Practice Manual (HRAP) details additional employee responsibilities pertaining to cooperating with internal audits, reviews and authorized investigations. OIAEC personnel are charged with providing records in their possession the same level of protection provided by the record steward or owner in accordance with USG data protection standards. Audits performed by OIAEC personnel shall adhere to the International Standards for the Professional Practice of Internal Auditing published by The Institute of Internal Auditors.

DOAA is charged by law with providing audit services for all state agencies. Since the USG is an organizational unit of the State of Georgia, DOAA conducts individual financial audit engagements at several selected institutions along with specific audit testing at others as deemed necessary to provide audit coverage needed to express an opinion on the State’s Annual Comprehensive Financial Report (ACFR). DOAA also performs federal financial assistance testing at selected institutions as needed for the Statewide Single Audit Report. From time to time the DOAA may also provide special reports for institutions seeking re-accreditation. The Associate Vice Chancellor for Accounting and Reporting serves as primary audit liaison between the USG and the DOAA.

Various federal agencies conduct audits and investigations associated with federal funds, programs, and/or regulated activities administered by USG entities. USG entities may be subject to additional third-party assurance engagements insofar as the third-party has the legal or contractual authority to conduct an assurance engagement or review.

(Last Modified on February 2, 2024)

The internal audit function may be comprised of several models:

  1. A dedicated auditor model where an institution employs audit professionals specifically to serve the needs of the institution;
  2. A shared auditor or regional model where audit professionals are assigned and funded by multiple institutions; and,
  3. A system office model where the OIAEC staff provides internal audit services for the USG system as a whole or assists with engagements at individual institutions as needed.

For institutional models either dedicated or shared, the institutional chief auditor (ICA) has a direct reporting relationship to the president of his or her institution(s) and to the USG Chief Audit Officer (CAO). Board Policy 7.9.2 and the USG internal audit charter specifies the duties and responsibilities associated with the ICA’s reporting relationships. The institutional president and the CAO approve institutional audit charters. Further duties of the CAO and the ICAs are specified in the internal audit charter and in the CAO’s internal audit manual.

The ICA at each institution must submit an audit plan to the CAO in accordance with guidance provided by the CAO. Any modifications to an institution’s audit plan must be approved by the CAO. The CAO will review and approve the audit plans, and utilizing a risk-based approach, will develop a system-wide audit plan. The implementation of the system-wide audit plan will be coordinated with the institutional internal audit plans and with external assurance providers to minimize duplication of effort and disruption of auditee operations. The CAO has the authority to direct the ICAs to audit specific functions at their institutions. Additionally, each ICA will submit engagement reports to the CAO for summary reporting to the Board and for the annual report to the BOR Committee on Internal Audit, Risk, and Compliance (IARC Committee).

The ICAs must meet periodically with the CAO to discuss engagements, issues and observations relevant to the USG’s Internal Audit function.

Institutional audit staff are responsible for performing appropriate audit procedures to verify corrective action of each issue rated as material. Corrective action follow-up will continue until issue(s) are closed or resolved. OIAEC auditors shall verify corrective action for those institutions without an institutional internal audit function.

The CAO reports directly to the Chancellor and to the IARC Committee as required in Board Policy. The CAO is responsible for overseeing all phases of the internal audit function, both at the system level and institutional level. At the system office the CAO is supported by an Executive Director of Internal Audits and an Executive Director of Information Technology Audits along with a staff of audit professionals. The system office audit staff perform system-wide engagements as well as selected campus engagements. If a campus does not have an institutionally funded internal audit function, the system office staff will provide required engagement services for that campus.

16.2 DOAA and Other External Auditors

(Last Modified on August 14, 2020)


16.2.1 DOAA Engagements

(Last Modified on January 30, 2024)

DOAA, as part of the legislative branch of state government, is the external independent auditor of the USG. DOAA conducts financial audits, compliance audits, performance audits, agreed upon procedure engagements and other engagements as deemed necessary to meet management objectives. When performing audit engagements, DOAA reviews USG’s internal control structure and operations to determine the scope of the examination and reliability of the entity’s financial data.

The Official Code of Georgia (OCGA) 50-6-3 states, in part:

“The Department of Audits and Accounts shall audit all state institutions…”.

OCGA 50-6-6 states in part:

“It shall be the duty of the Department of Audits and Accounts to thoroughly audit and check the books and accounts of…the several units of the University System of Georgia.”

Final reports from DOAA are copied to the Chief Fiscal Officer, the Associate Vice Chancellor for Accounting & Reporting, the CAO, BOR IARC Committee Chairs and ICAs. DOAA will perform appropriate follow up procedures to verify that corrective action has taken place for all significant deficiencies and material weaknesses. Any unfavorable exceptions will be reported to the Associate Vice Chancellor for Accounting & Reporting, the CAO and the Chief Fiscal Officer.


(Last Modified on February 2, 2024)

USG Office of Internal Audit, Ethics and Compliance will perform the following types of engagements as determined by the approved audit plans:

  1. Assurance Services – This type of engagement involves the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding the adequacy and effectiveness of internal controls, the quality of performance in carrying out assigned responsibilities and evaluating risk exposures related to an entity’s governance, operations and information systems.
  2. Consulting Services – This type of engagement is advisory in nature, related to client service activities. These engagements are intended to add value by making recommendations to improve an organization’s culture, governance, risk management, and control processes. These are generally performed at the request of the client and may include counsel, advice, facilitation and training.
  3. Blended Services – Engagements that are structured to combine both assurance and consulting services.
  4. Investigations – Engagements conducted to evaluate and substantiate allegations of unethical behavior related to fraud, waste, abuse, or other wrongdoing and improper activities that may involve the potential misuse or misappropriation of resources.

Additional information on selection criteria and decision process for determining types of engagements may be found in Section 2100 of the USG’s Internal Audit Guide.

16.4 Internal Audit/Engagement Process

(Last Modified on January 30, 2024)

The engagement process as described below begins with the development of the audit/engagement plan and ends with the issuance of the final report and any follow-up of significant or material exceptions.


16.4.1 Audit/Engagement Plan

(Last Modified on January 30, 2024)

Internal audit professional standards mandate the development of a risk-based audit plan. Audit plans are to be developed by gaining an understanding of the entity’s strategies, key business objectives, associated risks and risk management processes. Audit plans are fluid and must be periodically reviewed and updated in response to changes in organizational risks. The risk assessment process will focus on issues that present a high degree of risk to the USG and/or USG institutions. Issues will be identified through:

  • gathering information on fundamental management activities, governance processes and core operational and system controls;
  • evaluating collected information to identify potential risks; and,
  • assessing potential risks by likelihood, impact, and magnitude.

The risk assessment process will be ongoing and will include input from the BOR, USG and institutional leadership, the IARC Committee of the Board of Regents and other sources as appropriate. Issues presenting a high degree of risk will be further analyzed to determine which internal audit engagement best addresses the identified risk. Engagements may be pursued at the system-level or at an institutional-level.

As discussed in Section 16.1, based on guidance provided by the CAO, ICAs shall submit an annual institutional audit plan for review and approval by the IARC Committee and CAO. These plans will include narratives describing the risk assessment process and the list of identified risks. The CAO shall utilize the institutional audit plans and system-wide risk assessments to develop a system-wide internal audit plan, which will be submitted to the IARC Committee for approval. Any revisions to institutional audit plans must be approved by the CAO. Also, the CAO shall inform the IARC Committee of any significant changes. Minor revisions to audit plans do not require approval by the CAO. The CAO shall provide written notification to auditees that the institution/audit area has been included on the audit plan.


16.4.2 Engagement Scheduling and Notification

(Last Modified on January 30, 2024)

Client management will be contacted prior to the intended start of an engagement to provide preliminary information about the project and the process for conducting the work.

A formal engagement letter, to include the engagement scope, will be sent to the institution president (for institutional engagements) or to the senior executive responsible for an activity (for USO and USG-wide engagements) prior to beginning the engagement. The letter will detail specific information needed for the engagement and any logistical assistance that might be required.

The client will be responsible for identifying a representative to serve as the engagement team’s primary contact during the engagement. The client will also identify a key contact person for each function reviewed, as needed. The engagement team leader is responsible for scheduling and facilitating an entrance conference with the client’s senior management.


16.4.3 Conducting the Engagement

(Last Modified on August 14, 2020)

Internal Auditors are obligated by professional standards to act objectively, exercise due professional care, and collect sufficient, competent, relevant, and useful information to provide a sound basis for engagement opinions, observations and/or recommendations.

Work performed will be documented in working papers. Information included in the working papers must be sufficient, competent, relevant, and useful to provide a sound basis for engagement issues, observations and/or recommendations. Working papers may include schedules and analyses, documents, write-up, and flow charts. Evidential matter may also be obtained through interviews and observations.

Upon the conclusion of the fieldwork, the engagement team will summarize the engagement issues, observations and recommendations necessary for preparation of the engagement draft report. The engagement team will also meet with the client’s management team to discuss the issues, observations and recommendations noted. At this time, any concerns that the client may have with issues, observations and recommendations, will be resolved to the extent possible.


16.4.3.1 Utilizing Sampling Techniques in an Engagement

(Last Modified on January 30, 2024)

Sampling may be used to test less than 100% of a population. In sampling, the engagement team accepts the risk that some or all errors may not be found which could lead to erroneous conclusions. When sampling is used, the engagement team must:

  1. determine the type of sampling to be used,
  2. decide on the number of items to be selected, which should be based on the engagement team’s understanding of the relative risks and exposures of the areas reviewed, and
  3. apply the results to the entire population subject to testing as appropriate.

Other substantive procedures may also be used to test accuracy of populations when sampling is not deemed appropriate or cost effective. Substantive procedures may consist of target testing, analytical procedures and physical verification.


16.4.4 Engagement Close-Out and Report Preparation

(Last Modified on January 30, 2024)

At the conclusion of the engagement, the engagement team will prepare a draft report that details the engagement executive summary, background, issue ratings (for assurance engagements), engagement observations, and recommendations. This draft report will be shared with the client’s management prior to conducting a formal exit conference.

At the exit conference, the engagement team will review the draft report with management, focusing on ratings, observations and recommendations with specific emphasis on areas where improvement is needed. Disagreements should be resolved to the extent possible before final engagement closure. For any issues or observations noted, management provides corrective action plans and/or final responses in writing within 15 working days after the exit conference. If management fails to respond, that will be noted in the final report.

After the exit conference, the engagement team will prepare a final report, taking into account any revisions resulting from the exit conference and other discussions. When changes have been reviewed by ICA and/or CAO, along with an evaluation of the client’s written responses for inclusion in the final report, the report will be issued.

The CAO’s approval is required for release of all internal audit reports performed by OIAEC system office personnel. Institutional engagement reports will be approved for release by the ICA, but a copy must also be submitted to the CAO. All material issues are summarized for reporting to the IARC Committee.


16.4.5 Follow-Up Review

(Last Modified on January 30, 2024)

Follow-up is required of all issues classified as material. Each material issue shall be reviewed by appropriate internal audit personnel until the issue is closed or resolved. Significant issues may be reviewed after being reported as closed but this review is not required. The actions taken to resolve the issues are to be reviewed and may be tested to ensure that the desired results were achieved. In some cases, managers may choose not to implement an issue recommendation and to accept the risks associated with the issue reported. The follow-up review will note this as an unresolved exception. The CAO shall periodically report the status of material issues to the IARC Committee to include the status of issues not closed in a timely manner.

Open or partially resolved engagement issues/findings will be maintained and periodically updated in the USG Internal Audit function enterprise system.


16.5.1 Overview & Applicability

(Last Modified on August 14, 2020)

It is the policy of the University System of Georgia (USG) to comply with applicable laws, rules, and regulations and to encourage ethical conduct as detailed in the USG Ethics Policy (see Board Policy 8.2.18.1 USG Ethics Policy). The USG Ethics and Compliance Program (Program) refers to the USG policies, procedures, and trainings designed to ensure ethical conduct and compliance with applicable laws, rules and regulations. The Ethics and Compliance Policy applies to all USG institutions and the University System Office.

Adhering to federal guidelines is also important for an effective ethics and compliance program. These guidelines prescribe two overarching requirements:

  1. An organization shall exercise due diligence to prevent and detect criminal conduct, and
  2. An organization shall otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

16.5.2 Objectives

(Last Modified on August 14, 2020)

Program objectives are to:

  1. Identify applicable laws, regulations, policies, and contractual requirements which pertain to each institution and to the USG;
  2. Assess compliance risks and manage accordingly;
  3. Ensure that responsibility for ensuring compliance has been properly assigned to responsible personnel;
  4. Monitor compliance with applicable requirements; and,
  5. Provide training and expertise to meet compliance requirements.

16.5.3 Framework

(Last Modified on August 14, 2020)

An effective Program is designed to meet the following elements and ensure that:

  1. Standards of Conduct: Standards have been adopted that require compliance with applicable law;
  2. Oversight by Senior Leadership: High-level personnel have been assigned the authority and responsibility to implement the Program and ensure that the Board of Regents (BOR) is periodically updated on Program status;
  3. Accountability of Senior Leadership: Individuals with substantial discretionary authority and/or charged with implementing the Program have not engaged in illegal activities or other conduct inconsistent with an effective compliance program;
  4. Training & Awareness: Program requirements and ethical standards are periodically communicated to all employees through effective training and regular communication;
  5. Monitoring, Evaluating and Reporting: Effective monitoring is implemented to detect misconduct, evaluate Program effectiveness, and provide a reporting system whereby employees can report misconduct without fear of retribution;
  6. Enforcement of Standards: Program standards are enforced through appropriate incentives and sanctions; and,
  7. Ongoing Program Improvements: Responses to misconduct are appropriate and reasonable steps are taken to prevent further offenses to include modifying the Program to prevent and detect violations of the law.

16.5.4 Implementation

(Last Modified on October 20, 2020)

An institution-wide approach to compliance shall be adopted by all USG institutions. Compliance processes must be embedded into the institution’s management systems and processes. Each institution President or designee shall develop a campus compliance framework and associated procedures to:

  1. Identify and document key regulatory and compliance areas;
  2. Assess compliance risks to determine appropriate management action(s);
  3. Identify management infrastructure and/or oversight committees within the institution that have responsibility for ensuring compliance with identified regulatory and compliance areas, as applicable, (examples may include athletics, research (including human subject research), finance and administration, and programs serving non-student minors);
  4. Develop risk and mitigation strategies and steps to implement them;
  5. Provide initial and ongoing compliance and education training;
  6. Provide for systematic assessments to evaluate and audit compliance and report on progress;
  7. Communicate compliance ownership and significant or revised regulations to oversight committees, management and stakeholders.

16.5.5 Accountability

(Last Modified on October 20, 2020)

There are multiple offices within the USG that have responsibility for compliance activities. The Chancellor shall designate a position responsible for coordinating the Program system-wide.


16.2.2 Third-Party Engagements

(Last Modified on January 30, 2024)

Third-party auditors may conduct audits, reviews, agreed upon procedures or other special engagements at various BOR institutions or the system office. These engagements are not a substitute for audit work done by DOAA as required by OCGA 50-6-3, as they are normally engagements performed as part of regulatory requirements or upon request of the Chief Fiscal Officer, the Associate Vice Chancellor for Accounting & Reporting, or the CAO.

It is the responsibility of local institution officials, either the campus auditor or, if none exists, the chief business officer (CBO), to be cognizant of third-party audits and associated issues. Institutional management shall notify the ICA, CAO, and the Chief Fiscal Officer of any third-party engagements. Copies of final reports must be submitted to the Chief Fiscal Officer and the CAO.


16.4.6 Exception Ratings

(Last Modified on August 14, 2020)

Individual ratings are assigned to each assurance engagement observation contained in reports issued. All issues are included in the audit report but “Comments” are not presented in a full audit finding format. The scales for the USG Internal Audit rating systems are listed below.

Report Item Rating Scale

  • Advisory (Consulting Engagements only)
    • Categorized by area reviewed
    • Used to identify recommendations contained in a consulting engagement report

Assurance Engagements Rating Scale

Likelihood Impact/Magnitude
Low Medium High
Not Likely No Issue Comment Moderate
Likely Moderate Significant Material
  • No Issue
    • Engagement Team did not identify any reportable issue
  • Comments
    • Nominal or minor violations of procedures, rules, or regulations.
    • Issue(s) identified are not likely but could have a medium impact on the organization.
    • Minor opportunities for improvement.
    • Not included in report but are communicated to management during the exit conference or at the end of the engagement.
  • Moderate
    • Violation of policies/procedures/laws and/or lack of internal controls that either does or could pose a notable level of exposure to the organization.
    • Issue(s) identified are (a) either not likely but could have a high impact or are (b) likely and could have a low impact on the organization.
    • Notable opportunities to improve effectiveness and efficiency exist.
    • Corrective action is needed by management in order to address the noted concern and reduce risks to a more desirable level.
  • Significant
    • Violation of policies/procedures/laws, and/or lack of internal controls that either does or could pose a substantial level of exposure to the organization.
    • Issue or issues identified are likely and could have a medium impact on the organization.
    • Substantial opportunities to improve effectiveness and efficiency exist.
    • Prompt corrective action by management is essential in order to address the noted concern(s) and reduce the risk to the organization.
  • Material
    • Violation of policies/procedures/laws and/or unacceptable level of internal controls that either does or could pose an unacceptable level of exposure to the organization.
    • Issue or issues identified are likely and could have high impact on the organization.
    • Major opportunities to improve effectiveness and efficiency exist.
    • Immediate corrective action by management is required.

16.4.7 Quality Assurance/External Assessments

(Last Modified on January 30, 2024)

A quality assurance and improvement program is critical to maintaining the efficiency and effectiveness of an internal audit operation. All USG internal audit departments must develop a quality assurance and improvement program. Assessments are required to be updated periodically with results reported to appropriate leadership and the CAO.

Also, professional standards require that external assessments must be conducted at least once every five (5) years by a qualified, independent assessor or assessment team from an outside organization. The CAO is required to have discussions with the Board to determine:
* The form and frequency of the external assessment;
* The qualifications of independency of the external assessor or assessment team, including any potential conflicts of interest.

Additional information on quality assurance requirements and external assessment may be found in Section 1300 of the USG’s System-Wide Audit Manual.


(Last Modified on August 14, 2020)

The USG is committed to the highest ethical and professional standards of conduct in pursuit of its mission to create a more educated Georgia. This mission demands integrity, good judgment and dedication to public service from all members of the USG Community. USG employees have an affirmative duty to report wrongdoing in a timely manner and to refrain from retaliating against those who report violations or assist with authorized investigations. The USG also is committed to preventing and detecting fraud, waste, abuse, and other forms of wrongdoing and taking action when wrongdoing occurs. It is the policy of the USG to refer all criminal acts to law enforcement for investigation.

16.6.1 Conduct to Report

(Last Modified on August 14, 2020)

Wrongdoing is defined under this policy as violations of USG policies, state or federal law, violations of ethical and professional conduct and fraud, waste or abuse. Examples of wrongdoing include but are not limited to: USG Code of Conduct violations, discrimination, harassment, research misconduct, academic misconduct and privacy violations.


16.6.2 Where to Report

(Last Modified on January 30, 2024)

Events presenting an immediate threat to life or property or that are obvious criminal acts should be reported to law enforcement. Employees should report other wrongdoing or concerns through the administrative processes and procedures established by their institutions and the USG. Reporting options related to wrongdoing or concerns for the USG include the Office of Internal Audit, Ethics and Compliance, the USG Office of Legal Affairs and the USG Office of Human Resources. Wrongdoing and concerns also can be reported anonymously on the Ethics and Compliance Reporting Hotline, which is available 24 hours a day, 7 days a week at:

https://www.usg.edu/audit/compliance/reporting_contacts


16.6.3 Protection against Retaliation - Whistleblower Protection

(Last Modified on January 30, 2024)

Protections Afforded: USG employees may not interfere with the ability of another employee to assert rights afforded to them by policy or law or report concerns or wrongdoing, and may not retaliate against an employee who has asserted rights afforded to them by policy or law, reported concerns or wrongdoing, has cooperated with an authorized investigation, has participated in a grievance or appeal procedure, or otherwise objected to actions that are reasonably believed to be unlawful, unethical or a violation of USG policy. Violations of this policy may result in disciplinary action, which may include the termination of employment.

Conduct Prohibited: Retaliation is any action or behavior that is designed to punish or harm an individual for reporting concerns or wrongdoing, asserting a right afforded to them by policy or law, cooperating with an investigation, participating in a grievance or appeal procedure or otherwise objecting to conduct that is unlawful, unethical or violates USG policy. Retaliation includes, but is not limited to, dismissal from employment, demotion, suspension, loss of salary or benefits, transfer or reassignment, denial of leave, loss of benefits, denial of promotion that otherwise would have been received, and non-renewal. Other actions such as increased scrutiny, verbal abuse, and spreading false rumors are also prohibited.

Written Procedures: Each institution shall maintain written procedures for receiving and investigating allegations of actions that violate the USG’s policy prohibiting retaliation. Violations of this policy should be reported through the administrative processes and procedures established by each institution. Alleged retaliation by an employee assigned to the University System Office should be reported to the Vice Chancellor for Human Resources.

False Reports / False Information: This policy does not protect an employee who files a false report or who provides information without a reasonable belief in the truth or accuracy of the information. Any employee who knowingly files a false report or intentionally provides false information during an investigation may be subject to disciplinary action, which may include the termination of employment.


16.6.4 Investigation of Malfeasance

(Last Modified on January 30, 2024)

Malfeasance is any conduct or act carried out by a public official that cannot be legally justified or conflicts with the law including, but not limited to, fraud, waste, and abuse. The USG Office of Internal Audit, Ethics and Compliance (OIAEC) has the primary obligation for investigating reported malfeasance involving the USO, institutional senior administrators, and institutions without an institutional internal audit department. Institutional internal audit departments or the office charged with Ethics Line oversight have the primary obligation for malfeasance investigations at institutions. However, the institutional internal audit department should be made aware of all incidents of employee malfeasance.

OIAEC and institutional internal audit departments may contact other departments, including the office of legal affairs, public safety, and human resources, to establish the necessary team to proceed with the review or investigation. The investigative team will attempt to keep source information as confidential as possible.


16.6.5 Malfeasance Reporting

(Last Modified on January 30, 2024)

Incidents involving suspected criminal malfeasance by an employee derived from the Ethics Line or otherwise must be reported to the USG Office of Internal Audit, Ethics and Compliance once an initial determination has been made that employee malfeasance may have occurred. Malfeasance reports involving financial fraud should also be sent to the Vice Chancellor for Fiscal Affairs. Malfeasance reports should be marked confidential and submitted in draft form. Malfeasance reports should include:

• Institution’s name and point of contact, including the email address and phone number;
• Description of the incident, including the incident time, date, location, improper activity, and estimated loss to the institution (if any);
• Known suspect information, including the employee name, title, employment status (administrative leave, pending termination, etc.), and supervisor’s name; and,
• Current case status, including law enforcement involvement and the results of any internal audit investigation.

The USG Chief Audit Officer, in consultation with the USG Office of Legal Affairs, shall transmit employee malfeasance reports to the Georgia Department of Law or other prosecutorial or law enforcement organizations that would be appropriate. The transmittal letter shall include an incident summary and may include a recommendation as to whether to pursue further investigation. Notifications will also be made, as appropriate, to other state and federal offices to include the Department of Administrative Services for cases involving State Purchasing Cards, Fleet Fuel Cards and Mandatory State Contracts.


16.7.1 Purpose

(Last Modified on January 31, 2024)

The Ethics and Compliance Reporting Hotline (Ethics Line) was implemented in January 2008 as part of a comprehensive ethics and compliance program that was designed to promote the highest standards of ethical and professional conduct within the USG. The Ethics Line allows concerns to be reported confidentially by phone or on-line. The Ethics Line is administered by a third-party vendor that provides for confidential communication. The Ethics Line does not replace existing reporting mechanisms, including reporting concerns to an employee’s supervisor, but rather serves as an additional reporting option. Each institution has an Ethics Line web address and a telephone number assigned to it. A list of the web address and telephone number for each institution can be accessed from the following web address:

https://www.usg.edu/audit/compliance/reporting_contacts


16.7.2 Procedures

(Last Modified on August 14, 2020)

This policy sets forth the minimum requirements for the administration of each institution’s Ethics Line. Other institutional or USG policies may provide further guidance relating to allegations of specific conduct, such as sexual harassment, academic misconduct, poor work performance, and conflicts with other employees.


16.7.3 Implementation

(Last Modified on August 14, 2020)

To implement this policy, each institution shall implement procedures for receiving, investigating and resolving Ethics Line reports. The Ethics Line is an additional method of reporting concerns and wrongdoing, but does not replace existing processes for reporting, investigating and resolving reports of wrongdoing. As such, a policy for receiving and reviewing specific allegations of misconduct already may be in place at each institution. Reports received on the Ethics Line do not require institutions to establish a duplicate process for investigating such concerns or wrongdoing. The procedures established at each institution, however, must comply with the provisions of this policy.


16.7.4 Administration and Responsibility for the Ethics and Compliance Reporting Hotline

(Last Modified on August 14, 2020)

The President of each institution shall appoint an administrator who will serve as the Ethics Line Coordinator. The Ethics Line Coordinator will be responsible for the efficient and effective operation of the Ethics Line to include:

  1. Ensuring the Ethics Line is easily accessible from the institution’s webpage;
  2. Ensuring awareness of the Ethics Line at the institution by staff, faculty and students. Awareness efforts may include posters, internal communications, awareness activities, interdepartmental webpages, orientation material, social media and messaging from institutional leadership;
  3. The timely resolution of all reports received; and
  4. Ensuring access to the Ethics Line is properly restricted to those who need access and removing access from those who should no longer have access due to a change in their employment status or job duties.

Each USG institution is encouraged to establish a triage committee to review and manage reports received on the Ethics Line. Triage committee members may include representatives from internal audit, the office of legal affairs, compliance, human resources, public safety/campus police, information security or other functions at the discretion of the institutional President. However, all reports received regarding potential fraud, waste and abuse must be shared with the USG Office of Ethics and Compliance. Issues involving members of the triage committee or institutional executive management shall be referred to the USG Office of Ethics & Compliance for remediation and/or investigation.


16.7.5 Confidentiality

(Last Modified on August 14, 2020)

All employees involved in the process of receiving and investigating reports of wrongdoing must exercise due diligence and reasonable care to maintain the integrity and confidentiality of the information received. All USG employees must ensure they comply with state and federal laws regarding whistleblower protection.


16.7.6 Investigative Processes

(Last Modified on April 12, 2022)

A. Evaluation: Each institution will include in its procedures, a process for evaluating and resolving complaints received on the Ethics Line, assigning a case manager, establishing and maintaining communications with all appropriate parties, establishing an estimated timeframe for the resolution of reports received, and ensuring that cases are properly documented and closed. The evaluation process shall also include determining if the concerns raised in the report should be directed to a particular supervisor for remediation or to a department or office for investigation in accordance with previously established policies and procedures of the institution.

B. Case Manager: A case manager will be assigned to all Ethics Line reports received. The case manager will be responsible for the proper handling of the case, including determining if the case should be directed to a department or office in accordance with previously established policies and procedures, the assignment of additional investigators (if needed), conducting interviews, documenting all relevant information in the case file, ensuring that timely communication is maintained with all appropriate parties, including the reporter and the accused, ensuring that any required corrective action is taken, and closing the case in the case management system in a proper and timely manner. If a case is directed to another department or office for remediation, the case manager maintains the responsibility to ensure the case is properly resolved, that appropriate communication is maintained with all parties and for closing the case in the case management system.

C. Communication with the Reporter / Complainant: A response to the reporter / complainant shall be made within two (2) business days of the receipt of the Ethics Line report that, at a minimum, acknowledges receipt of the report. The reporter also may be asked to provide additional details to assist in evaluating and resolving the matter reported. The reporter shall be kept informed of the status of the investigation and shall be notified concerning the resolution of the case and, when appropriate, the action taken.

D. Communication with Named Persons: Named persons alleged to have committed a violation shall be notified of the allegations made and shall be kept informed of the status of the investigation. Notification shall be made at the time and to the extent that the case manager determines that it will not adversely affect the integrity of the investigation. Notifications should be coordinated with both the applicable institution’s Office of Human Resources and the named person’s supervisor or supervisory chain.

E. Corrective Action: Any recommended corrective action pertaining to USG employees will be taken by or coordinated with the institution’s human resources department. Corrective action includes, but is not limited to, recommended training, retraining, counseling, reprimands, suspensions and the termination of employment, consistent with the institution’s progressive discipline policy and other applicable policies.

F. Closing the case: Once all necessary investigative acts have been completed and properly documented, the administrative process to properly and promptly close the case must be completed. These closure processes shall minimally include: notifying the reporter/ complainant, documenting the resolution and action taken, and making the required entries in the case management system in a manner that properly documents the date on which the case is closed.

G. Case Resolution: Reports which confirm a policy violation, identify significant safety or environmental concerns, substantial inefficiencies, or the identification of significant institutional risks should be closed as “Substantiated” or “Partially Substantiated”. There can be instances when an employee is cleared of wrongdoing, but the report is closed out as “Substantiated” or “Partially Substantiated” due to the finding of significant safety or environmental concerns, substantial inefficiencies or the identification of significant institutional risks. In all cases, the report and/or the notes in the case management system should indicate if an employee was cleared of allegations of wrongdoing, policy violations or unethical behavior.


16.7.7 Tracking and Analyzing Reports

(Last Modified on January 31, 2024)

Each institution shall analyze, track and monitor reports, at a minimum annually, to identify trends, address risks and incorporate ways to increase efficiency and effectiveness. Institutions should review performance metrics, to include the average days to close cases, and compare them to industry benchmarks to ensure appropriate oversight of the Ethics Line. Of particular value would be year-over-year comparisons of key performance metrics to include number of cases received, average days to close, complaint category and substantiation rates. Updates regarding the number and types of cases shall be periodically provided by the USO to the Board of Regents.


16.7.8 Access to the Ethics and Compliance Reporting Hotline and Other Reporting Processes

(Last Modified on January 31, 2024)

A. On-Line Link to Ethics Line: Each institution shall provide an on–line link to its Ethics Line on the home page of the institution’s website.

B. Additional Reporting Contact Information: Each institution is encouraged to publish all of the reporting options pertaining to that institution’s processes and procedures on one web page. Further, each institution is encouraged to provide a listing of alternative reporting contacts for suspected wrongdoing that is widespread or concerns the USG System as a whole. The additional reporting contacts should include but are not limited to the following:

  1. The Ethics Line for the USO
  2. The USG Chief Audit Officer
  3. The USG Legal Affairs Office
  4. The USG Office of Ethics & Compliance

16.8.1 Overview

(Last Modified on August 14, 2020)

The USG offer a variety of athletic camps, academic camps, clinics, after-school programs, enrichment classes and other activities which bring non-student minors to USG institutions. These activities are more abundant during the summer when most K-12 schools are not in session. These programs and activities are of great educational value and serve to benefit both the institution and the larger community. These programs and activities provide institutions with the opportunity to challenge, educate and mentor young people and to introduce them to their campus in a positive and meaningful way.


16.8.2 Implementing Procedures

(Last Modified on August 14, 2020)

BOR Policy 6.9 provides the general requirements for properly screening and training employees and volunteers who work in Programs Serving Non-Student Minors. In accordance with this policy, each institution is required to establish procedures to implement the policy requirements. The following USG threshold requirements must be included in each institution’s procedures:

A. Institutional Programming:

  1. Code of Conduct: Each institution must maintain a Code of Conduct for program staff and volunteers that addresses appropriate behavior and prohibited conduct when interacting with minors. This code should include the general prohibition against being alone with minors.
  2. Program Registration: Each institution must maintain a registry of authorized programs.
  3. Program Requirements: Before a program can be authorized, its program sponsors must have properly considered the following:
  • Qualifications of personnel leading and supervising the program;
  • Screening and background checks of staff and volunteers;
  • Supervision ratios;
  • Safety and security planning;
  • Response protocols for injury, illness, participant misconduct, and staff misconduct;
  • Transportation needs, if any;
  • Housing needs, if any;
  • Participation requirement forms; and
  • Licensing requirements of other government agencies.

4. Training: Each institution should maintain a training program that addresses mandatory reporting requirements, responsibilities and expectations, relevant institutional policies, safety and security procedures, and Staff Code of Conduct.

5. Screening & Background Investigations: Institutions must conduct background investigations and appropriate screening of all staff and volunteers working in programs for non-student minors in accordance with the USG Human Resources Administrative Practice Manual (HRAP). Personnel in charge of screening staff and volunteers should be aware of the inherent limitations of background checks and should seek to utilize other screening methods in addition to background checks, when possible, to include written applications, in-person interviews and reference checks.

B. Third-Party Programming -Facility Use Agreements:

Institutions licensing, leasing, or allowing the use of institutional facilities by non-USG entities for programs serving non-student minors must include language in a binding written agreement requiring the non-USG entity to comply with institutional policies on youth safety, background checks, training and minimum insurance requirements. In accordance with Board of Regents Policy 6.14.2, the form used for such agreements must be USG-approved.


↑ Top