***
Dear Colleagues,
Prior to December 2017, the Office of Audit, Compliance, and Ethics (OACE) was overseen by a Chief Audit & Compliance Officer who was responsible for overseeing OACE functions on all UConn campuses. The Audit and Compliance offices at UConn and UConn Health all reported to this administrator. David Galloway held the position most recently, until his retirement last summer.
After a careful review OACE’s functions and structure, I have reorganized this unit in consultation with the Board of Trustees’ Joint Audit & Compliance Committee (JACC). This reorganization included eliminating the position of Chief Audit & Compliance Officer after determining that this layer of senior management was unnecessary as it was not critical to the units within OACE carrying out their missions effectively.
OACE has now been divided into three distinct units: the Office of Audit & Management Advisory Services, the Office of University Compliance, and the Office of Privacy Protection & Management. Each will oversee audit, compliance, and privacy university-wide, including at UConn Health.
University Compliance will continue to be responsible for compliance oversight, training, and other higher-level functions. Day-to-day operational compliance functions will be carried out by individual campuses and units, which will be responsible for creating a compliance structure specific to their activities, such as Athletic Compliance, Healthcare Compliance, Research Compliance, etc.
I have appointed three current staff members from within OACE to lead the three offices that were formerly part of OACE: Cheryl Chiaputti as Chief Audit Executive; Kimberly Fearney as interim Chief Compliance Officer, and Rachel Rudnick as Chief Privacy Officer.
Cheryl and Kimberly have served as the Directors of Audit Services and Compliance, respectively, for several years. They have been functioning in their new roles since the December 2017 JACC meeting when these changes were announced.
Rachel has been the university’s Storrs-based Privacy Officer since 2006. The field of privacy has expanded dramatically and new demands of ever-increasing complexity are regularly placed on the university. In order to meet these growing needs, it is clear that the role of Privacy Officer must expand significantly, both in terms of relevant duties and the scope of the position’s responsibilities, necessitating the creation of this stand-alone function outside of Compliance.
Cheryl joined UConn’s internal audit department in 1997 and has served as the Director of Audit Services for all university campuses since 2007. Prior to arriving at UConn, she worked in public accounting for 10 years. Cheryl holds a Certified Public Accountant license in the state of Connecticut.
Kimberly began her career at UConn in 1997 in the Department of Human Resources. She joined OACE in 2006 and has held the position of Director of Compliance and Ethics Liaison since 2011. She is certified as both a Corporate Compliance and Ethics Professional (CCEP) and a Leading Professional in Ethics and Compliance (LPEC).
Rachel has been working in the field of privacy with educational institutions for just over 16 years. She started her career as an attorney representing public school districts before coming to UConn. Rachel is a Certified Information Privacy Professional and active presenter on issues related to privacy issues in higher education.
The duties Cheryl, Kimberly, and Rachel carried out in their previous roles within OACE as well as the relevant responsibilities they shared with the Chief Audit & Compliance Officer will be merged into their new roles. Their previous positions will be eliminated.
Kimberly and Rachel will be having discussions with compliance and privacy staff on all campuses, including UConn Health, regarding how they will be incorporated into this new structure. All compliance and privacy staff will continue carrying out their current responsibilities as this transition takes place. Kimberly will also work closely with all campuses and units as the new decentralized approach to compliance is implemented.
Audit will continue to report administratively to my office and functionally to the JACC, Compliance reports to my office with a “dotted line” to the JACC, and Privacy will be a direct report to my office.
Each of these three functions are exceedingly complex, high-risk areas for the university, which must remain in compliance with our own high standards as well as myriad federal and state laws, regulations, and reporting requirements that are highly consequential.
I would like to thank Cheryl, Kim, and Rachel for their patience as this reorganization was undertaken. Please join me in congratulating them on their new roles.
Sincerely,
Susan Herbst
For more information, contact: President's Office at president@uconn.edu