Policy Development for Institutional Policies

Adopted Policy 1.1

Policy Purpose

To set forth the process for drafting new and amending or repealing existing Institutional Policies and Procedures, and for obtaining the approval by the President, and the University Council when required by NYS Education Law Section 356, before implementation by the Responsible University Official for each respective Institutional Policy.

Responsible Office

Office of Enterprise Risk Management and Compliance

Responsible Executive

Chief Enterprise Risk Management and Compliance Officer

Policy History

  • Date of Permanent Approval:
  • Date of Amendments:
  • Date of Amendments:
  • Date of Amendments:
  • Date of Amendments:

Policy Statement

The University at Albany’s Institutional Policies and Procedures connect the University’s educational mission to the everyday activities and functions of the University’s operations, clarify and define the University’s expectations of its campus community, enhance efficiency and fairness, mitigate University risk, and support the University’s compliance with all applicable federal and state laws, regulations, and executive orders, and SUNY Policies.

Persons Affected

Students, Faculty, Staff

Definitions

Chief Enterprise Risk Management and Compliance Officer is the University’s chief risk and compliance officer. The Chief Enterprise Risk Management and Compliance Officer chairs the Policy Advisory Committee and is responsible for University compliance with this Policy, including overseeing policy coordination, development, review, and publication. The Chief Enterprise Risk Management and Compliance Officer shall also determine if a policy is an Institutional, Educational or Department/Unit/Division Level Policy and shall designate a Responsible University Official for each policy.

Department/Unit/Division Level Policy and Procedures are policies and procedures of departments, units or divisions that govern the internal operations of a department, unit or division in its implementation of its administrative duties and responsibilities.

Educational Policy are policies that govern the teaching and learning mission of the University. Educational Policies are maintained and coordinated by the Office of the Provost and Senior Vice President of Academic Affairs in consultation with the University Senate as set forth in the SUNY Board of Trustees policies, the University Senate Charter and the University Senate Bylaws.

Institutional Policy is a policy that meets the following criteria:

  • It has broad institutional application;
  • It supports compliance with applicable laws, regulations, executive orders, mandates from regulatory authorities or New York State control agencies, and/or SUNY policies, promotes operational efficiencies and consistencies, reduces risk, and enhances the University’s mission;
  • It mandates actions or constraints and contains specific expectations and procedures for compliance;
  • It pertains to more than one division or department of the University and/or requires institutional review and approval for policy issuance and changes; and
  • It is not an Educational Policy.

Interim Policy is a provisional policy document issued when a University Institutional Policy is needed within a time-period too short to complete the policy making process. An Interim Policy shall be in effect for six (6) months, and may be extended for an additional six (6) months. The format of the Interim Policy shall comply with the format of a University Institutional Policy and it shall meet the approval of the President.

Non-significant Policy Changes are amendments or corrections to policy that are editorial, changes to reflect institutional organizational changes, Responsible University Official or Office changes, website links, paragraph and outline numbering, and references to new related laws, regulations, rules, executive orders, and other policies and procedures.

Policy Advisory Committee is the standing committee appointed by the President to review and make recommendations on Institutional Policy to the Chief Enterprise Risk Management and Compliance Officer. The committee members include the Chief Enterprise Risk Management and Compliance Officer as Chair of the committee, President or designee, the Vice Presidents or their respective designees, the Chair of the University Senate or designee, Student Association President, and Graduate Student Association President or respective designees, and any other person appointed by the President.

Policy Statement is the statement in an Institutional Policy that summarizes the policy’s background and purpose, namely its core provisions and/or requirements. The Policy Statement may identify the institutional risk, how the policy supports or advances the University mission or value, or any federal or state legal, regulatory, executive order, policy or SUNY Policy requirements addressed by the policy.

Policy Template is the University’s standard template for all Institutional Policies and Procedures for a uniform presentation of Institutional Policies.

Policy Procedures are those procedures necessary for implementation and adherence to an approved Institutional Policy.

Responsible University Official is the institutional official or designee who is responsible for the programmatic, functional or administrative areas addressed by the Institutional Policy and Procedures and implementation of Institutional Policy and Procedures.

Responsible Office is the institutional office, department, school, college, or division responsible for the programmatic, functional or administrative areas addressed by the Institutional Policy and Procedures and implementation of Institutional Policies and Procedures.

Significant Policy Changes are amendments to Institutional Policy that result in substantive change(s) in the rule including changes to essential principles, scope or application of the Institutional Policy and Procedures. The AVP shall have sole authority to determine which constitutes a Significant or Non-significant Policy Change.

Stakeholder is a department, unit, school, college division, administrative advisory body, University Senate, student organization or advisory body with a key interest in a potential new Institutional Policy or amendments to an existing Institutional Policy. A Stakeholder may propose new Institutional Policy and Procedures and amendments to an existing Institutional Policy and Procedures. A Stakeholder may be identified in the approved Stakeholder Review Plan as advisory to a proposed Institutional Policy and Procedures or amendment to an existing Institutional Policy and Procedures.

Stakeholder Review Plan is the plan for obtaining advisory input from identified Stakeholders that may be impacted by proposed Institutional Policy and Procedures and/or amendment to existing Institutional Policy and Procedures.

SUNY is the State University of New York.

SUNY Policies are policies and procedures promulgated by SUNY that apply to the University and/or across the SUNY System. SUNY maintains a compendium of its policies online.

University is the University at Albany, State University of New York.

Policy

All University at Albany Institutional Polices shall be proposed, developed and approved using only the University at Albany Policy on Policy Development process.

  1. Proposing and approving an Institutional Policy

    1. A Stakeholder proposing a new Institutional Policy shall complete the policy proposal form and submit it to the Chief Enterprise Risk Management & Compliance Officer who shall consult with General Counsel to determine that the proposed policy is not duplicative of a current University policy or inconsistent with current University or SUNY policy, New York State or federal law, code, rule or regulation. The Stakeholder shall be notified within ten (10) business days whether they may proceed to submit a proposed policy.

    2. The Stakeholder proposing a new Institutional Policy or an Institutional Policy amendment shall draft the policy or amendment in the Policy Template format, as well as a draft Stakeholder Review Plan.

      1. The Chief Enterprise Risk Management & Compliance Officer shall assign a Responsible University Official.

      2. The Stakeholder will route the draft policy and Stakeholder Review Plan through the appropriate dean, director, associate vice president and vice president to the Responsible University Official for review and approval.

    3. The Responsible University Official will submit the policy proposal along with necessary policy procedures (hereafter both contained in the term “policy” or “proposed policy”) to the Chief Enterprise Risk Management & Compliance Officer for distribution to the Policy Advisory Committee for initial review and approval of the Stakeholder Review Plan.  The Chief Enterprise Risk Management & Compliance Officer will distribute the proposed policy in accordance with the Stakeholder Review Plan as approved by the Policy Advisory Committee.

    4. Proposed policy shall be reviewed by all stakeholders within fourteen (14) calendar days of emailing by the Chief Enterprise Risk Management & Compliance Officer.

    5. Advisory input from Stakeholders that is received within the required fourteen (14) calendar days of emailing by the Chief Enterprise Risk Management & Compliance Officer will be provided to the Responsible University Official for consideration.

    6. The Responsible University Official will redraft and resubmit the proposed policy with incorporated changes to the Policy Advisory Committee for consideration and action by the Policy Advisory Committee within thirty (30) calendar days.  The resubmitted proposed policy must be accompanied by a summary of unincorporated suggestions and the rationale for not incorporating them.

    7. Action by the Policy Advisory Committee may include approval of the proposed policy by a majority vote, rejection of the proposed policy accompanied by the rationale for rejection or return of the proposed policy to the Responsible University Official for clarification, consideration of amendments proposed by the Policy Advisor Committee or further research and information on the proposed policy.

    8. Upon approval of a proposed policy by the Policy Advisory Committee, the Chief Enterprise Risk Management & Compliance Officer shall submit the proposed policy to the Office of General Counsel for consideration and action within fourteen (14) calendar days.

    9. The Chief Enterprise Risk Management & Compliance Officer will notify the Responsible University Official and the Policy Advisory Committee regarding Counsel comments, concerns, and recommendations, making any changes to the draft policy as needed. Such comments, concerns and recommendations are legal advice provided to the University’s administration, and as such, they are privileged and confidential attorney-client communications.

    10. The Chief Enterprise Risk Management & Compliance Officer will then provide the Office of General Counsel with the final draft policy, including track changes, and a brief background and rationale for the policy. Once approved by the Office of General Counsel, the policy will be returned to the Chief Enterprise Risk Management & Compliance Officer for submission to the President for final consideration of approval as an Institutional Policy. The submission to the President shall contain the final proposed policy along with a summary of the changes made to the original proposed policy, summary of any remaining concerns of Stakeholders or the Policy Advisory Committee and the final vote by the Policy Advisory Committee on the proposed policy.

    11. Upon rejection of a proposed policy by the Policy Advisory Committee, the Chief Enterprise Risk Management & Compliance Officer shall inform the President and the Office of General Counsel of the decision and the rational for the rejection.

    12. In making a final determination, the President may also consult with the University Senate  and the University Council  as he/she deems appropriate per the University Senate Bylaws.

    13. The President can approve a submitted Institutional Policy as submitted or with changes as he/she considers appropriate.

    14. If the President approves a policy draft, the Chief Enterprise Risk Management & Compliance Officer shall so note the approval date on the Institutional Policy, post the Institutional Policy on the official University policy library for Institutional policies and periodically issue a campus communication on the promulgation of new University Institutional Policy. Policies will be posted only on the website maintained by the Office of Enterprise Risk Management and Compliance, with links to such policy on the websites of the affected administrative offices.

    15. If the President disapproves a draft policy (1) the draft policy is null; or (2) they may remand the draft with their comments to the Policy Advisory Committee to review and deliberate on his/her comments. The draft shall then follow the above steps through the Policy Committee, to the Office of General Counsel and to the President again for consideration. 

  2. The University Council

    1. When required by law, namely Section 356 of the NYS Education Law, the President or their designee, shall present a presidential approved policy to the University Council for its review, consideration and approval or disapproval. 

    2. If the University Council approves a policy, the Chief Enterprise Risk Management & Compliance Officer shall so note the approval date on the Policy, post the University Policy on the official University website, with links to Responsible University Official’s office website and other pages of University administrative offices as appropriate and issue a campus communication on the promulgation of the University Policy.

  3. Updating a Policy Non-Significant Changes

    1. On an as-needed basis, the Responsible University Official will request that the Chief Enterprise Risk Management & Compliance Officer make Non-significant Changes to an existing Institutional Policy.  The Chief Enterprise Risk Management & Compliance Officer will note the date of such changes next to “Policy History” on the policy document.  The Chief Enterprise Risk Management & Compliance Officer may also initiate Non-significant Changes to an existing Institutional Policy by requesting that the Responsible University Official consider and approve such changes as needed.

    2. Any significant changes to an Institutional Policy will be subject to the formal revision process as set forth below.

  4. Revising an Existing Institutional Policy

    1. Changes to an Institutional Policy’s substance or principles shall be subject to the above policy making process, with the exception of the Policy on Policies. Once approved by the President, the Chief Enterprise Risk Management & Compliance Officer shall note the date of the revisions/amendments in the “Policy History” on the document, and otherwise follow the policy making process for communications to the University community. 

    2. Changes in substance or principles to this Policy on Policies shall not be governed by the policy making process detailed in this policy, but instead require a recommendation by the Chief Enterprise Risk Management & Compliance Officer to the President and subsequent approval by the President. Once approved, the Chief Enterprise Risk Management & Compliance Officer shall note the date of revisions/amendments in the “Policy History” on the document, and otherwise follow the policy making process for communications to the University community.

  5. Establishing an Interim Policy

    1. When the University must promulgate an Institutional Policy or substantively change an Institutional Policy to comply with federal and/or state law, regulation, executive order and/or policy, or to address a significant risk management issue as identified by a Stakeholder or Responsible University Official, the Stakeholder or Responsible University Official may request that the Chief Enterprise Risk Management & Compliance Officer and the Policy Advisory Committee, upon consultation with the Office of General Counsel, recommend to the President to allow promulgation of that policy on an interim basis. The President must give explicit permission to issue an Institutional Policy as Interim Policy.

    2. Interim Policies must follow the University’s standard Policy Template.

    3. Interim Policies are effective for six months, up to a maximum of 12 months. Extensions beyond this period must be recommended by the Policy Advisory Committee to the President for approval. This date may be extended in six month increments. To derive the benefits of a standard policy document and the full review cycle, the Interim Policy must complete the process outlined in this document, preferably, within one year of the issuance of the Interim Policy.

  6. Withdrawing a Policy   

    1. In special circumstances, a Responsible University Official may deem it appropriate to withdraw or sunset an existing Institutional Policy or consolidate with another policy and will inform the Chief Enterprise Risk Management & Compliance Officer of this intent. The Chief Enterprise Risk Management & Compliance Officer shall notify the Policy Advisory Committee which shall review and make a recommendation to the Office of General Counsel of this intent.  The Office of General Counsel shall in turn review and make a recommendation to the President to approve or disapprove the withdrawal of an Institutional Policy. The Chief Enterprise Risk Management & Compliance Officer shall communicate the outcome to the University Community. 

  7. Communication and Training

    1. While the Chief Enterprise Risk Management & Compliance Officer periodically shall issue an announcement of a new or substantially revised Institutional Policies, the Responsible University Official shall deliver any additional communication or training, and establish any support systems necessary to achieve ongoing compliance including updating of policy procedures as necessary.

  8. Compliance

    1. The University charges the Chief Enterprise Risk Management & Compliance Officer with responsibility to manage this standard document and process and related systems, and to assist others to engage them effectively. Failure to comply with this policy may result in employment discipline, including suspension or termination.

  9. University-wide Policies that Pre-date this Policy on Policy Making

    1. Those University policies that meet criteria for an Institutional Policy but predate this policy and so have not been approved through the policy process mandated in this policy, remain official university policies.

    2. The Chief Enterprise Risk Management & Compliance Officer will work with all University units to identify such policies and  will assign a Responsible University Official for each policy identified as meeting criteria for an Institutional Policy.

    3. The Responsible University Official for each of these policies shall review each of their policies for accuracy and provide an approved, updated copy of each policy to the Chief Enterprise Risk Management & Compliance Officer.

    4. The Chief Enterprise Risk Management & Compliance Officer shall post these policies in the University’s library for Institutional Policies.

  10. This policy is effective immediately upon approval.

Notes:

  1. The University Senate is advisory to the President of the University, consulting on matters of major importance to the educational, research, and service missions of the University (Bylaws, Article II, 1.1).

  2. The ten member body appointed or elected in accordance with Article 8, Section 356 of the New York State Education Law to supervise the operations and affairs of the University at Albany. The specific responsibilities of the Council are set forth in Section 356 of the New York State Education Law.