Risk, Compliance & Policy Services (RCPS)


Risk, Compliance and Policy Services (RCPS) provides a range of institutional services. It operates the University’s risk management, compliance, public records, policy and rules (WAC) development activities, and acts as a consultant and service-provider to executive, division, college, and unit leadership who have substantive responsibility for managing risk and compliance. Along with Internal Audit, RCPS helps fulfill the advisory responsibilities of the Audit Committee of Western’s Board of Trustees as part of the Enterprise Risk Management (ERM) process.


Traditional Risk Management is responsible for:

  1. Partnering with individual areas to formulate, implement, administer, and evaluate risk management strategies to efficiently and cost-effectively manage risk within those areas.
  2. Managing the University's insurance and self-insurance programs.
  3. Conducting contractual risk analysis.
  4. Initiating and developing related University policies.
  5. Seeking restitution from culpable third-parties.
  6. Managing property and liability insurance claims.

Enterprise Risk Management (ERM) Services is a collaborative effort of University leadership, which is facilitated by RCPS and Internal Audit* with responsibility to lead and assist in the process.  It is an enterprise-wide, structured approach to identifying, assessing, prioritizing and responding to key risks (e.g. strategic, reputational, operational, compliance and financial risks) that may require senior administrator and Board of Trustee attention as the University pursues its mission, vision and strategic goals.

An inventory of enterprise risks is developed based upon subject matter knowledge, substantive conversations with University leadership, and the existing use of SCOT Assessments and similar internal practices within institutional, division, college and unit strategic planning processes where potential enterprise risks (e.g. challenges and threats) have been identified and assessed.

*Note:  With safeguards described in The Institute of Internal Auditors (IIA) position paper titled The Role of Internal Auditing in Enterprise-wide Risk Management, Internal Audit will assist with the ERM process by identifying and evaluating enterprise risks; providing management with advice regarding its responses to those risks (but not make decisions about or implement those responses); and evaluating the ERM process itself from the perspective of Internal Audit.

Compliance Services is a centralized, institutional resource that takes into account the decentralized nature of the University’s compliance efforts.  Compliance Services provides a systematic approach to identifying the institution’s internal and external compliance mandates, such as those listed below, and serves as a resource for responsible areas in developing internal controls that improve their likelihood of success.

  1. Federal and state laws and regulations
  2. University policies, procedures, standards and guidelines
  3. Best practices
  4. State and internal auditor mandates
  5. Association rules
  6. Contractual obligations

HIPAA Privacy Officer is responsible, in partnership with the University’s HIPAA Security Officer, for facilitating, monitoring and coordinating the University-wide HIPAA compliance program in support of the University’s covered entities and FERPA entities that may choose or need to comply with HIPAA.

University Policy Services is responsible for facilitating the University’s policy development/review process, and assisting divisions in the development of University-wide policies, including a full review by the President’s Cabinet, Technical Review Committee, and 30-day review by the campus community. It ensures that University policies are indexed, published on the University policy website, and communicated to the University community to maintain the integrity of the policy system.

BFA Division Policy Services is responsible for developing and monitoring Business and Financial Affairs (BFA) policies and University policies developed by BFA.  It ensures the University’s policy creation/revision process is followed and notifies affected employees and departments of approved policies in a timely manner.

University Rules (WACS) Services is responsible for facilitating and recording the steps of the University’s rule making process, including a full review by the President’s Cabinet and Technical Review Committee, filing appropriate documents with the Washington State Office of the Code Reviser, and providing notice and conducting public hearings to solicit community comments. It ensures that University rules under development are published on the University rules website, and communicated to the University community to maintain the integrity of the rule making process.

Public Records Disclosure Services is a compliance function and is responsible for providing the legal access to public records relating to the conduct of the University, while being mindful of privacy rights as provided by law. In carrying out its responsibilities, public records will be provided in accordance with the provisions of the State’s Public Records Act, related case laws and the efficient administration of government.


Paul Mueller, CPCU

Director of Risk, Compliance & Policy Services
OM 330I, MS9015
Phone: 360-650-3065


Nicole Goodman

Compliance Manager, HIPAA Privacy Officer
OM330J, MS9015
Phone: 360-650-2477


Dolapo Akinrinade

Public Records Officer, University Policy Coordinator
OM330K, MS9015
Phone: 360-650-2728


Jennifer Sloan

Confidential Admininstrative Assistant, Rules (WAC) Coordinator
OM330K, MS9015
Phone: 360-650-3117



RCPS reports to the Associate Vice President for Business and Financial Affairs (BFA).

Page Updated 01.29.2018 2-15-17