The Cavalier Daily
Serving the University Community Since 1890

Audit, Compliance and Risk Committee reviews compliance reporting tools

The Committee also heard updates on electronic record keeping

Nimax also provided an Annual Compliance Report, which includes a summary of the University’s compliance with standards of behavior for employees.
Nimax also provided an Annual Compliance Report, which includes a summary of the University’s compliance with standards of behavior for employees.

The Board of Visitors’ Audit, Compliance, and Risk Committee reviewed SafeGrounds compliance reporting tools for employees and discussed the switch from paper to electronic records at their meeting Thursday. 

The Committee’s only action item for the meeting was the approval of the updated Compliance Charter — a set of guidelines meant to promote integrity and ethical behavior within University reporting systems. 

According to Gary Nimax, assistant vice president for compliance, the proposed edits emphasize the expectation for employees to report suspected misconduct of other University employees and cooperate with investigations. The edits also include a summary of the purpose and function of the compliance network, a University-wide network of compliance officers. 

Nimax provided an Annual Compliance Report, which included a summary of the University’s compliance with standards of behavior for employees. The report summarized usage of the SafeGrounds — a reporting tool mainly used by Student Affairs to track any interactions with students that may be cause for concern. 

Other University departments use SafeGrounds to report incidents surrounding employee relations, including medical and academic human resources departments. SafeGrounds was also used for incidents in which an involved party is protected by the Americans with Disabilities Act, although those reports were often related to requests for accommodations rather than reporting misconduct, according to Nimax. 

Nimax also presented a report on the Compliance Helpline reporting tool — a resource for University members, including both employees and students, to report unethical behavior or policy violations with the option of being anonymous. The helpline had a total of 92 reports in the Fiscal Year 2023, a 39 percent increase from 2022. 

Nimax said he had expected to see a report increase because he and Annette Norton, interim chief compliance and privacy officer for U.Va. Health, made an effort to increase communication and outreach in relation to the hotline. 

Norton next gave an overview of reports submitted to the U.Va. Health Compliance office. In fiscal year 2023-24, the office received 453 reports — an increase of 66 reports from fiscal year 2022-23. Norton said this change was positive.  

“We've been busy, but we really think that it's a good thing to see these numbers and reports that you're seeing here, as we feel like our employees feel comfortable reporting concerns and issues to our office,” Norton said. 

Norton also summarized investigations by category from fiscal year 2023-24, 77 percent of which were concerns related to the Health Insurance Portability and Accountability Act — a federal law that protects the privacy of medical records. 

Also at the meeting, University Records Officer Caroline Walters discussed recent decreases in the use and destruction of physical paper records by the University. Walters said that since 2008, the Records and Information Management Office has destroyed 181 million sheets of physical paper records, and that they continued to work on physical record clean up this year. 

“This transition to the electronic record systems and more employees moving away from their printers means the Records and Information Management office is adjusting our guidance and services from paper records management to electronic,” Walters said. 

The Records and Information Management Office’s objectives for 2023-24 include goals to update University policy on training on how to store electronic records. According to Walters, these updates come after a recent increase in public records being stored online, partially due to the COVID-19 pandemic, and they will include expanding methods and processes for electronic records management. 

The Board then moved into a closed session to discuss specific cybersecurity incident responses and IT security plans. This follows a sophisticated cyberattack on the University this summer, which resulted in the University requiring all academic passwords to be reset. 

The Audit, Compliance and Risk Committee will convene next during the December meetings of the Board of Visitors. 


Latest Podcast

Today, we sit down with both the president and treasurer of the Virginia women's club basketball team to discuss everything from making free throws to recent increased viewership in women's basketball.