Using a Compliance Program Assessment for Strategic Impact

Size: px

Start display at page:

Download "Using a Compliance Program Assessment for Strategic Impact"

Letitia McCormick
6 years ago
Views:

1 SCCE 10th Annual and Ethics Institute Using a Program Assessment for Strategic Impact Laura LaCorte, University of Southern California Andrew Reisman, Ernst & Young LLP September 13, 2011 Overview Goals of the compliance program assessment USC s Office of Higher education: compliance risk universe Assessment methodology What we saw... innovation and issues Recommendations and responses Page 2 Page 1

2 Goals of the compliance program assessment Independent advisor s assistance to: Meet Sentencing Guidelines element of periodic assessment of program effectiveness Help Chief Officer reflect on program strategy and implementation Recommend program improvements Engage senior leadership Senior Vice President for Administration Audit and Committee of the Board of Trustees Page 3 Background information about USC College, Graduate School and 17 professional schools Undergraduate students - 17,500 Graduate and professional students - 19,500 Faculty, staff and student workers - 22,300 Research Funding; Over $500 million Medical Enterprise: Over 500 physicians University owned inpatient hospital and comprehensive cancer center Affiliations with Children s Hospital Los Angeles, Los Angeles County, Doheny Eye Institute, others Page 4 Page 2

3 The USC and Ethics Program Centralized structure: Certain high risk areas are managed directly by compliance office; coordinate with other units with specific compliance roles Implementation of university-wide program based on Federal Sentencing Guidelines and OIG Guidance Report to Senior Vice President for Administration and Audit and Committee of the Board of Trustees Fifteen (15) employees in four (4) locations Close coordination with General Counsel, Audit Services and Risk Management separate offices but all report to SVP, Administration Page 5 Organizational Structure Senior Vice President for Administration Audit and Committee of the Board of Trustees General Counsel and Secretary Associate Senior Vice President, Executive Assistant Admin Assistant Associate Senior Vice President, Audit Services Asst. VP, Healthcare Administrative Assistant Director, Hospital Director, Research Admin Asst. Director, Faculty Provider Manager, Research Admin MIS Manager Director, Information Security Systems Liaison Specialist Director, HIPAA Privacy Coder Coder Page 6 Page 3

USC Office of Page 7 Risk Universe LEGAL / REGULATORY REQUIREMENTS BUSINESS REQUIREMENTS COMPETITIVE PRACTICES (FTC, DOJ) Antitrust Customer, Competitor, Supplier Relations CORPORATE GOVERNANCE (SEC)

4 USC Office of Page 7 Risk Universe LEGAL / REGULATORY REQUIREMENTS BUSINESS REQUIREMENTS COMPETITIVE PRACTICES (FTC, DOJ) Antitrust Customer, Competitor, Supplier Relations CORPORATE GOVERNANCE (SEC) Board Structure and Processes Audit Committee Structure and Processes Ethics EMPLOYMENT (EEOC, DOL) Executive Compensation Compensation Benefits Hiring Employee Info Privacy Reductions in Force Whistleblower Protection Harassment Prevention Accommodation (Discrimination Prevention) Workplace Violence Labor Leave Employment Torts ENVIRONMENTAL (EPA) Management Systems Reporting Hazardous Material Management Laboratory Practices FINANCIAL Tax FRAUD and CORRUPTION (DOJ) Insider Transactions Anti-Money Laundering Foreign Corrupt Practices Act (FCPA) Financial Statement Fraud Occupational Fraud (Intellectual Property, Trade Secrets) Corruption Revenue and Expense Recognition GOVERNMENT CONTRACTS (DOD, OMB) US Government Contracts Other Jurisdictions (State and Country) INFORMATION MANAGEMENT Data and Record Classification Information Access Information Availability and Recovery Information Management Monitoring Information Disposition Litigation Discovery Rules Data Protection and Privacy INTELLECTUAL PROPERTY (DOC) Copyright Trademark Trade Secret Patent WORKPLACE HEALTH/SAFETY (OSHA) Employees Contractors ACADEMIC MISCONDUCT ADMISSIONS AND FINANCIAL AID DONOR RESTRICTIONS CONFLICTS OF INTEREST RESEARCH TECHNOLOGY/EXPORT CONTROLS VISAS/IMMIGRATION HOSPITALS/HEALTHCARE ATHLETICS COMMERCIAL VENTURES CAMPUS SECURITY/DATA PRIVACY CYBER SECURITY TENURE HIGHER EDUCATION CAMPUS MANAGEMENT INTERNALLY-FOCUSED REQUIREMENTS Mission Values Code of Conduct Policies and Procedures Quality Management Certifications (ISO, Six Sigma) Crisis Preparedness EXTERNALLY-FOCUSED REQUIREMENTS Corporate Social Responsibility Sustainability Public Commitments Contractual Obligations Vendor Management Exchange Listings VOLUNTARY STANDARDS US Federal Sentencing Guidelines Industry Codes Trade Associations EMERGING ISSUES Aside from mandatory requirements, organizations make choices regarding their brand, their values, and the commitments they make to customers, business partners, employees, and other stakeholders. Although voluntary, consequences for non-compliance could be more serious than non-compliance with mandatory requirements GOVERNMENT AFFAIRS/COMMUNITY * Illustrative US example (note: US regulatory agency listing) RELATIONS Page 8 Page 4

Methodology Performance Assessments The Framework focuses on five areas that affect compliance program effectiveness: Requirements, Culture, People, Process, and Information and Technology

5 Methodology Performance Assessments The Framework focuses on five areas that affect compliance program effectiveness: Requirements, Culture, People, Process, and Information and Technology Requirements Legal/Regulatory Business Vision Mission Culture Values Tone at the Top Code of Conduct Business Strategies People Function Process Information and Technology Organizational Charter Strategic Planning Preparedness and Practice Measures and Metrics Organizational Structure Risk Assessment Monitoring and Evaluation Information Management Resources and Accountabilities Controls, Policies and Procedures Incident Response Performance Reporting Competency Development Training and Education Communications and Reporting Decision Support Page 9 Performance Assessments Maturity Model For each element of the compliance infrastructure, we have developed varying levels of maturity based on our global compliance experience. Maturity Model ASSESS Elements of Infrastructure Management validation and prioritization of gaps Input into IMPROVE Action Plan MONITOR Work Plan Page 10 Page 5

6 What we saw... issues and innovation Twenty-nine interviews Different compliance challenges and approaches office direct management/oversight e.g., healthcare, research, privacy and security Coordination with units with specific compliance responsibilities Degree of coordination depended on unit and risk e.g., Environmental Health and Safety, Human Subjects, Athletics Page 11 Recommendations and responses Enhance monitoring of decentralized compliance operations Under the Office for Include periodic assessments Use ERM process for ongoing assessment Cover significant ethics and compliance risks Consider standard reporting for various compliance areas Structure and sustainability: Move beyond reliance on a core team with strong informal working relationships More process and structure to include key people in decisions, and to anticipate turnover Page 12 Page 6

7 Recommendations and responses Program Vision and Mission: Compare methods of dealing with same constituencies professionals benefit from sense of community. Sponsor practice groups and informal meetings. Strengthen the ethics portion of the program General confidence in the University community s ethics New Code of Ethics campaign Should conduct ethics attitude survey Take advantage of the University s special attribute: Faculty that teaches about the ethics issues of business, law, research, medicine and other fields of endeavor Create an ethics curriculum for its own community. Page 13 Strategic Impact The Audit and Committee response USC Call to Action Formalized Reviews Institutional Ethics Program/Faculty Advisory Group Using ERM Process and Results to Further Goals Council Plan reflects EY recommendations Page 14 Page 7

Enterprise Risk Management

Compliance, Audit, Risk Management and Legal Affairs Committee Enterprise Risk Management Higher Education Scorecards, Performance Based Metrics, and Faculty Compensation Alan D. Phillips Vice President