McKesson at-a-glance America s oldest and largest healthcare services company

Similar documents
Jeff Kaplan/Kaplan & Walker LLP 2012 SCCE NE Regional Conference

Airport Legal Governance Issues: Understanding & Meeting Ethics Compliance Obligations

SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS

UPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.

European CEI. Compliance 101

TEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

Compliance & Ethics. a publication of the society of corporate compliance and ethics MAY 2018

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Overview of Top Risks & Risk Management Best Practices. Today s Agenda

Today s Agenda. David Wong, Monica Reinmiller

Internal Audit & Compliance Importance of Collaboration and Skill Development

Procurement Policy NORTH AMERICA

When the Government Knocks:

Prince William County Public Schools Annual Audit Plan

Advanced Compliance and Ethics Workshop 2016

KADMON HOLDINGS, INC. BOARD OF DIRECTORS REGULATORY AND COMPLIANCE COMMITTEE

CSL BEHRING COMPLIANCE PLAN

ATTACHMENT C CORPORATE COMPLIANCE PROGRAM

Corporate Compliance Global. 5 Essential Elements of Compliance

Jeffrey M. Kaplan, Kaplan & Walker LLP SCCE CEI September 2016

Implementing and Managing an Effective Anti Corruption Compliance Program

Compliance Auditing Done Right

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Sustainable Compliance - Using Investigations to Drive Remedial Measures

Office of Business Conduct and Ethics Program Review. Name and Title

Compliance Program Effectiveness Guide

BRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN

Bribery and Corruption

Benchmarking 101: Shaping your E&C Program for Maximum Value

DRAFTING AN COMMUNICATING EFFECTIVE POLICIES AND PROCEDURES AGENDA

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

What should your compliance function look like?

In Place; No Changes Recommended DRAFT

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

How to Assess and Mitigate the Risk of Misconduct Occurring and Not Being Reported

Sheryl Vacca, CHC-F, CCEP-F, CHRC, CCEP-I, CHPC. SVP/Chief Compliance & Audit Officer University of California

Third-party risk management. EY Integrity Diligence

Triple C Housing, Inc. Compliance Plan

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

convercent Sample Board Report* Ethics & Compliance Program Update

10/3/2013 MAPPING YOUR PROGRAM TO THE FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS (FSGO) AGENDA HOW MUCH DO YOU KNOW ABOUT THE FSGO?

Pharmaceutical Congress Spring Preconference Symposia Compliance 101 for Pharmaceutical Manufacturers

BUILDING AN EFFECTIVE COMPLIANCE PROGRAM

FCPA COMPLIANCE PROGRAMS

SAMPLE BOARD REPORT* convercent. Ethics & Compliance Program Update

CORPORATE COMPLIANCE PROGRAM

New DOJ Charging and Sentencing Guidance and Amendments to the Sentencing Guidelines May Heighten the Value of an Effective Compliance Program

at the Center of Food and Drug Law

9/10/2018. Joseph Spinelli. Waqas Shahid. Society of Corporate Compliance Ethics

Best Practices for Vendor Risk Profiling

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

An opening scenario: What would you do?

Global Antitrust & Competition Law Risk: Real Challenges Facing Organizations & Strategies For Effective Management

ETHICS & COMPLIANCE PROGRAM REVIEW: A LOOK AT FOUR COPORATE COMPLIANCE PROGRAMS

Global Third Party Due Diligence

Compliance in 2016: Navigating the New Expectations

Society of Corporate Compliance & Ethics: West Coast Regional

International Compliance

2015 Duke University Compliance Program Standards and Responsibilities

ATTACHMENT B CORPORATE COMPLIANCE PROGRAM. In order to address any deficiencies in its internal controls, policies, and procedures

Spark Compliance CONSULTING ENSURE YOUR ORGANIZATION HAS A WORLD-CLASS ANTI-BRIBERY PROGRAM - BECOME ISO CERTIFIED. Frequently Asked Questions

Your Guide to the Compliance Process

Corporate Compliance Plan

Global Anti-Corruption Programs:

Compliance Program Effectiveness

2017 The Global ABB Integrity Program.

Questionnaire: Anti-Corruption Compliance Program Benchmarking Assessment

Investment Management Alert

Professional. Compliance & Ethics. 21 Extending the reach of your program: Compliance and ethics liaisons

to inform employees of their obligation to report serious wrongdoing within Monsanto India;

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

Measuring Compliance Program Effectiveness

KNOW WHERE YOU STAND: EVALUATING YOUR ETHICS & COMPLIANCE PROGRAM

Director s Draft Report

ebook FROM DETECT TO PREVENT : HOW TO USE TRANSLATION SOLUTIONS AS A PREVENTATIVE TOOL PAGE 1 library

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

The Business of Better Health A Roadmap for a Federated Business Model. Terri Kolander Director Support Certifications October 25, 2012

Compliance Plans. Kelly S. McIntosh July 20, 2017

Allergan plc COMPREHENSIVE COMPLIANCE PROGRAM

Strategies For Better Positioning Your Company To Do Business With The Federal Government

2012 GUIDELINES MANUAL

WHY YOU NEED AN ETHICS PROGRAM AND HOW TO GET STARTED TODAY

ETHICS & COMPLIANCE PROGRAM REVIEW: A LOOK AT THREE CORPORATE COMPLIANCE PROGRAMS

ETHICS & COMPLIANCE PROGRAM REVIEW: A LOOK AT THREE CORPORATE COMPLIANCE PROGRAMS

VC COMPLIANCE PROGRAM

THE WHATS, WHYS AND HOWS OF AN EFFECTIVE ETHICS PROGRAM

Improving corporate behavior in a way that positively impacts the world. Anti-Bribery Management Systems ETHISPHERE ISO CERTIFICATION

2018 Ethics & Compliance Policy & Procedure Management Benchmark Report. Data and Insights to Put to Work in Your Program Today

CFPB Compliance Management Review

IIA ACFE Conference April 17, 2015

Gaming the 7 Elements

Staying Alive: Creating an effective compliance and ethics program to prevent and detect employee misconduct.

Valuable Document for the Compliance Practitioner

Standards of Compliance in a World of Diversity

Managing the Supply Chain

CHARTER OF THE CORPORATE GOVERNANCE AND COMPLIANCE COMMITTEE OF THE BOARD OF DIRECTORS REGENERON PHARMACEUTICALS, INC.

A View from the Other Side: Tales from a Compliance Liaison

Developmental Delay Rehabilitation Services Inc.

Transcription:

Leveraging Ethics and Compliance Program Assessments to Enhance Program Effectiveness and Manage Risk SCCE Compliance and Ethics Institute October 6, 2013 Amii Barnard-Bahn Chief Compliance & Ethics Officer McKesson U.S. Pharmaceutical Rebecca Walker Partner Kaplan & Walker LLP McKesson at-a-glance America s oldest and largest healthcare services company Founded in 1833 Ranked 14 th on Fortune slist with $122.7 billion in revenues Headquartered in San Francisco More than 37,000 employees Two segments: Distribution Solutions and Technology Solutions #1 pharmaceutical distributor in U.S. Deliver 1/3 of all medicines used each day in U.S. #1 generics distributor The fourth-largest pharmacy network, Health Mart Together with our customers and partners, we are creating a sustainable future for healthcare. Together we are charting a course to better health. 1 of 34 1

Overview of Presentation Legal mandates, drivers and guidance for program assessments Methodology Privilege issues Targeted assessments Implementing recommendations 2 of 34 USSG for Organizations Periodic Evaluation Mandate The organization shall take reasonable steps... to evaluate periodically the effectiveness of the organization s compliance and ethics program. U.S.S.G. 82.1(b)(5)(B) www.kaplanwalker.com 3 of 34 2

DOJ Guidance on Compliance & Ethics Programs Corporate prosecution standards amended in 2008 to provide (among other things) that programs should be reviewed, which seems to contemplate assessment Fundamental Questions: Is the compliance program well designed? Does the compliance program work? Or is it merely a paper program? Are employees adequately informed about the program? Convinced of the corporation s commitment to the program? www.kaplanwalker.com 4 of 34 Reasons to assess Other legal expectations FCPA guidance OECD Good Practice Guidance UK Bribery Act guidance The assessment can be a road map for getting program credit in an investigation Practical benefits Identifying good practices Identifying areas of potential improvement www.kaplanwalker.com 5 of 34 3

Means to Assess Interviews Document reviews Surveys Focus groups Privilege issue www.kaplanwalker.com 6 of 34 Scope of Assessment: Full Program Generally all the elements and sub-elements of an effective C&E program Plus program attributes, aspects of programs that cut across program elements: Strength/clout Independence Reach Ethics, as well as compliance Management knowledge/involvement in the program Culture www.kaplanwalker.com 7 of 34 4

Assessment through Surveys Surveys can provide important data to test employee awareness of the E&C program and comfort level reporting Surveys can be repeated over time to provide internal benchmarking and external benchmarking Sample question areas: Awareness of chief compliance and ethics officer role Awareness of code of business conduct Awareness of how to report suspected misconduct Comfort level reporting suspected misconduct Perception of company s commitment to ethics & compliance Note: Can add E&C questions to HR surveys www.kaplanwalker.com 8 of 34 Traditional Assessment Can utilize internal (Internal Audit, Legal) or outside resources to perform Can review entire program or particular program areas Reporting and investigations procedures C&E training Program structure Can also do deep dives into particular risk areas, e.g., FCPA program assessment Antitrust program assessment Privilege question Must be asked and answered before you begin www.kaplanwalker.com 9 of 34 5

Program Elements For Review 1. Program Governance & Accountability Board oversight Management oversight Implementation personnel & resources Documentation of implementation 2. Standards, Procedures & Controls Code of Conduct & compliance policies Distribution of policies Internal controls 3. Diligence in Hiring & Promotions Background checks and delegation of authority www.kaplanwalker.com 10 of 34 Program Elements For Review 4. Effective Training & Communication Compliance training for employees & directors Compliance communications 5. Compliance Monitoring, Auditing & Reporting Helpline in place, used and concerns addressed Non-retaliation Employee comfort level in coming forward 6. Enforcement, Incentives & Disciplinary Action 7. Remediation of Problems Investigations of suspected violations Discipline for violations Employee incentives for compliance 8. Risk assessment www.kaplanwalker.com 11 of 34 6

Program Attributes for Review Program resources Authority of program Independence of program Embedding program within the business Reach of the program Management s knowledge and support of program Employee knowledge of and perceptions of program Ethical culture www.kaplanwalker.com 12 of 34 Methodology: One Example Review written policies and procedures and other documentation related to each element of program Meet with relevant personnel to obtain additional information regarding development and implementation of each element Review sample documents, data and/or reports regarding implementation of each program element www.kaplanwalker.com 13 of 34 7

Methodology: One Example Employee surveys, focus groups or both Using appropriate standards (next slide), formulate recommendations and review verbally with compliance, legal and other relevant personnel Prepare draft report Review with compliance and legal Prepare final report www.kaplanwalker.com 14 of 34 Methodology: What Is the Basis of Comparison? Legal standards Good practices Surveys and studies SCCCE HCCA ERC ECOA Conference Board www.kaplanwalker.com 15 of 34 8

Privilege/Litigation Issues Should consider litigation risks posed by the creation of potentially damaging documents Consider: Having assessment authorized by board or senior management for purpose of obtaining legal advice Collecting information under the supervision of counsel Can use in-house counsel www.kaplanwalker.com 16 of 34 Privilege/Litigation Issues Regardless of whether privilege is used, Documentation of assessment should anticipate disclosure Recommendations Review with compliance/legal before finalizing the recommendations www.kaplanwalker.com 17 of 34 9

Closing the Loop Final report should include or generate an action plan Company may wish to prepare a formal response to the report (if, e.g., company determines not to implement one or more significant recommendations) Periodically revisit the action plan (e.g., at the time of formulation of the next program plan or the next program assessment) to ensure that recommendations are being implemented or to generate a response as to why not www.kaplanwalker.com 18 of 34 Examples of What to Assess Under Elements On risk assessment, focus on not only whether the company seems to know its risks but also How well documented the risk assessment process is The extent to which the results of the risk assessment are actually used in designing, improving and deploying various program elements www.kaplanwalker.com 19 of 34 10

Elements: Standards & Policies Code of conduct is it On point? Understandable? Being read? Individual policies to what extent Do they seem to address pertinent risks? Get reviewed/revised? Are they connected to other program elements, e.g., training and auditing? www.kaplanwalker.com 20 of 34 Program Governance and Management The adequacy of program governance documentation, and not only of the E&C office but also all the other functions with E&C roles, such as members of a E&C management committee, SMEs and regional personnel Whether the individuals in these functions are actually doing what the governance documents say they will and the appropriate level of independence and authority to implement the Program Whether the Audit Committee is getting the right information, and at the right frequency, about the Program www.kaplanwalker.com 21 of 34 11

Diligence in Hiring & Promotions Diligence in hiring tends to be pretty straightforward But what due diligence steps a company should take regarding promotions is not and so should try to develop recommendations here based on a company s risks and culture www.kaplanwalker.com 22 of 34 Training and Other Communications Tends to be among the most extensive parts of a program assessment In addition to whether the right people are getting trained on the right topics at the right intervals, should look at efficacy/impact This can lead, for some companies, to recommendations for more role based training (and maybe less training) www.kaplanwalker.com 23 of 34 12

Auditing and Monitoring Look at the three lines of defense Real time monitoring by businesses Monitoring by functions (e.g., C&E, Finance, HR) Actual auditing With each of the above: Is there enough, based on risk assessment Are the results being put to full use? www.kaplanwalker.com 24 of 34 Reporting Systems Should look at Whether reporting procedures and avenues are in place How those are communicated to employees and others Employee comfort level reporting www.kaplanwalker.com 25 of 34 13

Investigations and Discipline Are protocols and procedures in place How these are implemented in practice Typically includes a review/audit of some case files to get a first-hand look at how investigations are conducted Consider whether investigators are considering and discipline is invoked for supervisory failures that contributed to misconduct in appropriate cases. What are employee perceptions of the level of consistency of discipline? www.kaplanwalker.com 26 of 34 Responses to Misconduct/ Continuous Improvement Does the organization have formal procedures for considering enhancements to the Program following violations? Are the procedures and practices related to periodic program assessment, including self-assessment? www.kaplanwalker.com 27 of 34 14

Incentives Does the company use the full range, meaning not just economic incentives, but softer forms? Does it deploy not just general incentives but the use, as appropriate, of risk area specific incentives www.kaplanwalker.com 28 of 34 Deep Dives By risk area, e.g., Anti-corruption Competition law Note that this may make particular sense for emerging areas of risk By program function, e.g. investigations board oversight www.kaplanwalker.com 29 of 34 15

Timing/Frequency of Assessment Full surveys plus interviews and document reviews Consider every three years Partial - refresher surveys Consider every year www.kaplanwalker.com 30 of 34 Use of Assessments Who gets a copy? Privilege issues Using the results Develop an action plan Different levels of priority Board reporting www.kaplanwalker.com 31 of 34 16

Breakout Activity #1: Plan a Program Assessment General Assessment Your group is the E&C committee for a 15,000 employee manufacturing company based in the United States but with plants also in 8 other countries (Canada, France, Spain, Poland, Russia, Mexico, Brazil and India). The Board of Directors has instructed you, as CECO, to conduct a program assessment and report back to them in six months. The General Counsel, your boss, has made it clear that she thinks a program assessment is unnecessary at this point, and that you will not be provided resources to hire outside counsel. Create a plan that includes: Who will conduct the assessment Whether it should be under privilege Who will be interviewed, and in what order What documents should be examined Whether there will be a survey and/or focus groups What the deliverables should be, and who should receive them How would you handle: Lack of enthusiasm, or resistance, by upper management Discovery of wrongdoing Reluctance to address problems or issues that are unearthed What other problems can you foresee, and how may they be addressed? www.kaplanwalker.com 32 of 34 Breakout Activity #2: Plan a Program Assessment Risk Area Deep Dive Your group is the E&C committee for a 15,000 employee manufacturing company based in the United States but with plants also in 8 other countries (Canada, France, Spain, Poland, Russia, Mexico, Brazil and India). The Board of Directors has been reading the Wall Street Journal, and is a bit concerned about bribery risks. They have instructed you, as CECO, to conduct an assessment of the Company s anti-bribery compliance program and report back to them in six months. The General Counsel, your boss, has made it clear that she thinks a deep dive antibribery assessment is unnecessary at this point, and that you will not be provided resources to hire outside counsel. Create a plan that includes: Who will conduct the assessment Whether it should be under privilege Who will be interviewed, and in what order What documents should be examined Whether there will be a survey and/or focus groups What the deliverables should be, and who should receive them How would you handle: Lack of enthusiasm, or resistance, by upper management Discovery of wrongdoing Reluctance to address problems or issues that are unearthed What other problems can you foresee, and how may they be addressed? www.kaplanwalker.com 33 of 34 17

Breakout Activity #3: Plan a Program Assessment Program Area Deep Dive Your group is the E&C committee for a 15,000 employee manufacturing company based in the United States but with plants also in 8 other countries (Canada, France, Spain, Poland, Russia, Mexico, Brazil and India). Your CECO recently oversaw an investigation of a bribery allegation in Brazil. Following the most recent update on that investigation, the Audit Committee of the Board of Directors asked the CECO to provide them with more information about E&C investigations. They have instructed you, as CECO, to conduct an assessment of the Company s reporting and investigations procedures and practices, and have asked you to report back to them in six months. The General Counsel, your boss, has made it clear that she thinks a deep dive reporting and investigations assessment is unnecessary at this point, and that you will not be provided resources to hire outside counsel. Create a plan that includes: Who will conduct the assessment Whether it should be under privilege Who will be interviewed, and in what order What documents should be examined Whether there will be a survey and/or focus groups What the deliverables should be, and who should receive them How would you handle: Lack of enthusiasm, or resistance, by upper management Discovery of wrongdoing Reluctance to address problems or issues that are unearthed What other problems can you foresee, and how may they be addressed? www.kaplanwalker.com 34 of 34 18

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback