One of the responsibilities of senior management and department heads is the management of financial resources to accomplish the mission and objectives of the department and university. Management’s attitudes should support ethical values and good business practices. A manager should promote compliance with university policies and procedures through his or her actions as well as through unit policies and procedures. He or she should ensure that employees also support ethical values and have the technical competence for the position. Policies and procedures should be written, provided to all staff and expectations for compliance communicated to staff. There should be no tolerance for fraud or conflicts of interest. Disciplinary action should be consistently applied to all employees.

Managers must support compliance with university policies and procedures if they expect employees to comply with university policies and procedures. Business activities should be designed so that no single employee will be responsible for all aspects of a transaction. This will limit opportunities to misappropriate assets or conceal other intentional misrepresentations in the department’s accounts.

Employees such as department heads, business managers and principal investigators responsible for account accuracy should:

  • Ensure that monthly reports of account activity are reviewed to determine that all transactions are accurate and complete, and that adequate supporting documentation exists to substantiate all transactions;
  • Verify that all entries made to each account are appropriate; comply with university policy; and are allowable based on the restrictions, if any, of the funding source; and
  • Take corrective action to resolve inappropriate transactions posted to the account.

An internal control system is the process that management uses to provide reasonable assurance that the university’s goals and objectives will be achieved. It is the management of business risks and is a dynamic process that changes as personnel and circumstances change. The system includes organizational design, written policies and procedures, operating practices and physical barriers to protect assets and all personnel. The system should be designed to discourage occurrences of errors or irregularities and to identify, within a reasonable time frame, errors or irregularities that may occur.

The internal control system provides for safeguarding of assets, proper recording of transactions and the efficient and effective accomplishment of the University’s goals and objectives including compliance with federal, state and university rules and regulations.

The manager, who is responsible for the accomplishment of goals and objectives, is also responsible for establishment; maintenance and monitoring of the internal control system that helps ensure the accomplishment of those goals and objectives. He or she is responsible for the sound financial condition of the unit, protection of the university’s assets, including its human resources, and compliance with federal, state and university rules, regulations and procedures. He or she must ensure that the funds entrusted to the unit are used appropriately.

The manager may delegate some of the related duties but cannot delegate accountability and responsibility.

The University Policy Manual provides USU employees with policies and procedures that act as an employment contract. All university employees are expected to be familiar with and abide by the policies set forth in the manual. Institutional officials have a responsibility to become familiar with university policies and communicate the principles espoused in them to employees and students who are under their supervision. Policies enumerated below are among those that are based on principles of sound ethical conduct.
USU’s policies that impact sponsored research activities are maintained within Section 5 of the USU Policy Manual, encompassing policies from #531, “Research” to #536, “Intellectual Property” and an additional subsection for Sponsored Projects from 580-599. Policies contain top level guidance for meeting regulatory and ethical obligation when conducting research at USU. Procedures associated with some of these policies have been developed to provide specific step-by-step instructions to allow individuals to complete the implementation steps required under USU policies and federal and local regulations.
The Sarbanes-Oxley Act of 2002 was passed by the U.S. Congress in response to serious lapses in ethical standards at the highest levels of notable U.S. corporations. Even though the Act does not directly impact universities, many institutions of higher education have adopted concepts from the Act that provide greater transparency in operations and a higher level of accountability, especially among senior administrators. Based on the requirements of Sarbanes-Oxley, The National Association of College and University Business Officers (NACUBO) has issued recommendations that represent best practice among universities with regard to strengthening the ethical base for institutional operations. This Guide – along with the Administrative Code of Conduct, the establishment of the Internal Audit Services hotline and adherence to GAO guidelines for auditor independence – represents the implementation of the NACUBO recommendations at USU.

In addition to Sarbanes-Oxley, USU’s policies and procedures comply with federal regulations including 42 CFR Part 50, “Dealing with and Reporting Misconduct in Science; ” 45 CFR, Parts 46 & 94; and 21 CFR Parts 50 & 56 governing research involving human participants and institutional management of conflicts of interest arising from or related to that research. USU also adheres to cost and accounting principles as set forth in Circular A-21, published by the Office of Management and Budget.

The State of Utah has also enacted laws that require integrity in the conduct of the affairs of government institutions and their employees. These include the “Utah Public Officers’ and Employees’ Ethics Act” (67-16 Utah Code Annotated), and the “State Money Management Act” (51-7 Utah Code Annotated).

USU’s Office of Compliance Assistance is charged with the responsibility, under the direction of the provost, to monitor changes in the regulatory environment within which the University operates; to assist in the campus-wide dissemination of information concerning ethics-based regulations and policies; and to implement appropriate management systems to ensure compliance.


HIPAA (US Health Insurance Portability and Accountability Act of 1996) is a federal act aimed at allowing individuals to maintain health insurance, even when they change employment. The act is complex and involves several separate rules. Two of them that affect activities at USU are the Privacy Rule and the Security Rule. The Privacy Rule has been codified in Title 45 of the Code of Federal Regulations (CFR), Parts 60 and 64. Compliance with the rule is overseen by the Office of Civil Rights. This new regulation became effective 14 April 2003, and was developed to ensure that an individual’s Protected Health Information (PHI), including information about the individual’s physical or mental health, will be protected from disclosure except as permitted by the individual, or as necessary for the delivery of medical treatment to the individual. HIPAA does not replace any existing federal, state, or other law that gives individuals superior privacy protections. This regulation affects any research performed by faculty, staff or students at USU that creates and electronically transfers data, or that otherwise represents a research activity such as: clinical trials, chart reviews, epidemiological studies, behavioral and social science studies, and basic science research activities. Survey research is included among activities to which HIPAA applies.

The university is under obligation to comply with HIPAA’s Privacy Rule in order to avoid criminal or civil liability, and to protect its research participants from harm.

All university employees are entrusted with protecting the property, equipment and other assets of the University. Per USU Policy # 344, Use and Security of University Property, “All University property should be safeguarded against possible loss or misuse. University employees must take reasonable precautions to ensure the security of people, facilities, property and vehicles.” Responsibilities of this trust include actions ranging from locking doors and cabinets to reporting observed patterns of unusual behavior.

All property, supplies and services purchased with university funds should be used only in the operation of the business of the University. Misuse of assets takes on many forms and can involve some deception or misrepresentation of facts and information for personal gain as well as deliberate appropriation of property or funds for personal use.

A major factor in safeguarding assets and ensuring the ethical use of University resources is a departmental organization that establishes clear lines of authority and responsibility and segregates, where practical, the operating and reporting functions of the department. Deans, department heads and administrative personnel are responsible to administer this policy for employees within their departments and coordinate the use and security of University property.

Conflicts of interest can have a chilling effect on the public’s perception of an institution. USU has established policies for both individual and institutional conflicts of interest, along with the Office of Compliance Assistance, a unit within the Provost’s Office. USU’s approach to conflicts of interest rests on four pillars:

•Education of the university community concerning conflicts of interest
•Reporting of conflicts and potential conflicts by employees and the institution
•Management of identified conflicts
•Transparency of the conflict management process

Individual Conflicts of Interest
Both federal regulations and state statutes require USU to report and manage the conflicts of interest of its employees. USU’s policy states that a conflict of interest exists whenever “a University employee owes a professional obligation to the University, which is or can be compromised by the pursuit of outside interests.” The diagram below illustrates how outside interests may impact university interests by introducing bias into the decision-making process.

COI Image

This definition draws an important distinction between the existence of a conflict of interest and a potential negative outcome. USU does not take the view that a conflict of interest is inherently bad for the University. In fact, employees who are appropriately engaged in outreach to the community, industry and their professions will often have a conflict arise.

The key to USU’s Conflict of Interest Policy (USU Policy #307) is to avoid allowing bias caused by any secondary interest to influence the discharge of the employee’s university-related duties. This is accomplished by providing for appropriate management of conflicts of interest as they arise. Institutional officials of the University have a duty to work with employees in their areas to provide oversight of conflicts of interest and to ensure that appropriate conflict management plans have been developed and submitted to the Conflict of Interest Committee of the University. USU’s federal compliance manager in the Office of Compliance Assistance provides support to USU’s administration and faculty as they eliminate or minimize the effects of individual conflicts of interest.

Institutional Conflicts of Interest
Institutional conflicts of interest arise whenever the financial or other interests of the university or of an institutional official acting within his or her authority on behalf of the university, may introduce bias into the decision-making processes of the institution. An example might be choosing a specific vendor for a purchase when the individual making the decision will be financially advantaged because of the transaction. Other institutional conflicts can exist when the University owns equity in start-up companies that are based on its inventions.

When conflicts exist, it is in the interest of both the individual and the institution to separate responsibilities for operations from responsibilities for finances. USU’s Institutional Conflict of Interest Policy, No. 310, provides for this separation. Institutional officials are uniquely affected by this policy because of their fiduciary responsibilities at the University – representing the interests of students, employees and the public at large. As with individual conflicts of interest, the university provides for proper disclosure, management and reporting of institutional conflicts of interest. These activities are overseen by the Office of Compliance Assistance.

Internal Audit Services

Internal Audit Service (IAS) has the responsibility for reviewing complaints and allegations of a fiscal or related compliance nature. This includes complaints and allegations made under the statutes of the State of Utah and university policy.

IAS performs these duties through an investigative process designed to address the complaint issues and to provide guidance with internal control issues that may develop as a result of the investigation.

There is no specific venue or format limiting how complaints/concerns must be communicated, but there is a basic need/expectation that the information provided will establish sufficient predication for review.

Complaints/concerns are received from a variety of sources and venues:

•Direct from the complainant as a specific communication (in-person, through letter/email or phone call or established hotlines)
•Referral from colleges and university offices
•Audits or other Internal Audit Services engagements
•Through the news media

The Internal Audit Services hotline (435-755-7118) is a resource for all university faculty and staff to raise issues, seek advice and report concerns related to proper business conduct and ethical dilemmas. This telephone hotline has been designated to receive information about improprieties or other concerns. If calling after hours please leave a voice mail. Internal Audit Services will respond to your concern(s) in a timely and professional manner. The hotline has been designed to ensure anonymity unless the caller provides their name.

Overview of Investigation Process

The first step is generally a preliminary fact finding stage to determine if the complaint presents the predication needed for an investigative review. If the complaint may be more appropriately addressed by another area such as Human Resources for personnel issues, Student Services for student issues, Office of Affirmative Action/Equal Opportunity for affirmative action issues, USU Police Department for criminal issues, university counsel for legal issues, it is referred to the appropriate area.

After the preliminary review, assistance may be requested from the unit head, the university’s general counsel, or the university police department. For each investigation, assigned Internal Audit Service’s personnel must document their independence from the issues presented.

Fact-finding and evidence gathering procedures should be as objective as possible. Employee interviews are conducted as necessary. Evidence gathered should be from sources independent of the unit or subject employee when possible.

At the conclusion of the investigation, a report is issued to appropriate management and, if necessary, to prosecuting officials.

In the scientific endeavor, no principle is of greater importance than integrity. The advancement of knowledge relies on the collaboration of theorists and experimentalists through a system of information sharing that takes place primarily in scientific publications. Though these publications are “refereed” by fellow scientists, it is a moral imperative that the information submitted accurately and completely reflects the findings of the authors. Each article is used by colleagues in subsequent inquiries as a launching point. It follows that scientific progress relies wholly on the integrity of scientists in truthfully reporting their observations. Whenever there is a breakdown in this honor system, progress is impeded, and the public trust is lost. Years may be spent in attempting to replicate results that were never actually observed.

Scientific misconduct is defined by federal statute (Title 42 of the Code of Federal Regulations, Section 50), and in USU policy as any incident of fabrication, falsification, or plagiarism in proposing, conducting, or reporting research. It does not include honest error or honest differences in interpretations or judgments of data. Fabrication refers to the making up of data which were not observed as purported. Falsification includes the changing of data or the way in which observations are reported, and spans a broad spectrum, from omitting observed data points from reported data sets to wholesale changing of data to fit the investigator’s hypothesis. Plagiarism is the claiming as one’s own material that is the product of someone else’s work.

USU assures that it supports scientific integrity through an established program of guidelines for reporting incidents of misconduct, and conducting prescribed inquiries and investigations.

USU Policy #306, “Research,” (under development) provides guidance to all university employees and students regarding scientific misconduct. In addition, Policies #407, “Academic Due Process: Sanctions and Hearing Procedures,” and #403, “Academic Freedom and Professional Responsibilities,” address scientific misconduct, also referred to in the policies as “research fraud.”

Whenever an instance of scientific misconduct is observed, employees and students of USU are encouraged to bring an allegation forward, which will be handled in accordance with USU’s most recently published “Scientific Misconduct Procedures.”