Office of Audit, Risk, and Compliance


Virginia Tech is committed to integrity, a culture of compliance, and the promotion of the highest ethical standards for all employees. As compliance with legal and regulatory requirements continue to increase in visibility and emphasis, the Office of Audit, Risk, and Compliance (OARC) coordinates the Institutional Compliance Program (ICP) to promote and support a working environment which reflects this commitment. The ICP will act as a resource for Virginia Tech’s efforts regarding compliance, to help Tech proactively meet its compliance obligations, and to manage compliance risks.

Institutional Compliance

The charge of the compliance function within the OARC is to be a resource and serve as a catalyst for the achievement of university best practices in compliance-related subject matter areas. While the OARC does not own any discrete compliance subject matter area, it will assist in promoting a culture of compliance and ethical behavior by:


  • Developing a compliance matrix of applicable regulations and authoritative guidance with responsible parties
  • Implementing the compliance risk assessment process as a component of the ERM Program
  • Facilitating the university compliance and ethics hotline
  • Assisting the compliance committees in their various duties
  • Providing assistance in responding to external reviews and investigations



executive compliance committee (ecc)

The charge of the ECC is to promote excellence in our compliance efforts to assure compliance with our legal, regulatory, and ethical responsibilities. The ECC is responsible for approving the university's compliance priorities and has oversight responsibility for the university's compliance efforts, including fulfillment of these priorities. The ECC will also serve as the primary point of contact for the administration on organizational compliance matters with the Compliance, Audit, and Risk Committee of the Board of Visitors.

compliance advisory committee (cac)

 The charge of the CAC is to assist the ECC in promoting a culture and understanding of and adherence to applicable legal and regulatory requirements. The CAC will provide compliance leadership in the university’s academic and administrative units and ensure effective communication and collaboration among those responsible for compliance by:


  • Fostering communication across campus on issues related to compliance
  • Maintaining a university compliance matrix
  • Reviewing the results of the compliance risk assessment and proposing university priorities
  • Ensuring the development and implementation of corrective action plans as developed by responsible parties and approved by senior management
  • Reporting results to the ECC, including progress on plans and risks being assumed


A compliance owner is an accountable point of contact for a compliance requirement, who has responsibility for day-to-day oversight and operations.  The responsibilities of the compliance owner are to ensure that:


  • Regulatory changes are identified, assessed, managed, and monitored
  • Adequate controls are in place and are integrated into daily activities, such as policies, training, and monitoring
  • Compliance risk assessments are periodically performed, including clearly articulating risk statements
  • Internal stakeholders are assigned responsibility for each of the sub-risks identified within compliance areas
  • Gaps in mitigation and monitoring activities are remediated by taking corrective action
  • The status of mitigation and monitoring efforts are communicated to the Compliance Advisory Committee
  • The internal and external environments are scanned for emerging risks and opportunities.

The success of Virginia Tech’s ICP is predicated on leadership’s embrace of a culture of compliance in alignment with our strategic goals. In order to provide leadership and oversight of compliance, an overview of the compliance framework and representation on each committee is provided below.

For questions regarding the Institutional Compliance program, please contact Sharon Kurek,

Executive Director of Audit, Risk, and Compliance at (540) 231-5883.

Office of Audit, Risk, and Compliance | Virginia Tech  |  (540) 231-5883 |  North End Center, Suite 3200, Virginia Tech  | MC 0328 |  Blacksburg, Virginia