We have come a long way!

Similar documents
COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

Compliance Plans. Kelly S. McIntosh July 20, 2017

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Compliance Program Effectiveness Guide

Measuring Compliance Program Effectiveness

Over the last ten years, Congress has appropriated hundreds

2. The name of a private person bringing a civil action in the name of the U.S. is. 3. Medicare Part A pays primarily for.

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

Session 7: Corporate Governance

BUILDING AN EFFECTIVE COMPLIANCE PROGRAM

Corporate Compliance Program

MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING

The Audit Committee of the Supervisory Board of CB&I

MiMedx Group, Inc. Code of Business Conduct and Ethics

Sharp HealthCare s 2017 Compliance Education. Compliance and Ethics Module 1

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

BRONX ACCOUNTABLE HEALTHCARE NETWORK IPA INC., D.B.A. MONTEFIORE ACO PIONEER ACO CORPORATE COMPLIANCE PLAN

Pharmaceutical Congress Spring Preconference Symposia Compliance 101 for Pharmaceutical Manufacturers

Your Guide to the Compliance Process

SAMPLE COMPLIANCE PLAN. Last revised. Sample only for educational purposes/does not constitute legal advice

IMPLEMENTATION GUIDELINES FOR THE PRINCIPLES ON FREEDOM OF EXPRESSION AND PRIVACY

FINAL ASSESSMENT M.C. DEAN, INC.

Arc of Onondaga Corporate Compliance Plan

European CEI. Compliance 101

Compliance and the Board of Directors

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Presentation Overview

PT Solutions Holdings, LLC COMPLIANCE PLAN. The Basis of Our Success

Compliance & Audit Rocks On

ONLINE PUBLIC CONSULTATION

WHISTLE-BLOWING POLICY AND PROCEDURE

CITY OF VANCOUVER ADMINISTRATIVE REPORT

10/3/2013 MAPPING YOUR PROGRAM TO THE FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS (FSGO) AGENDA HOW MUCH DO YOU KNOW ABOUT THE FSGO?

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

COSO Internal Control Integrated Framework Proposed Update

Building a Fraud-Resistant Organization January 8, 2015

MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER

A COMPLIANCE PROGRAM

University of Florida, Pediatric Integrated Care System. Compliance Program. Policy: Ped-I-Care Program Integrity Plan Number: CD-0003

See your auditor clearly. Transparency report: How we perform quality audit engagements

IoD Code of Practice for Directors

TDC WHISTLEBLOWER POLICY

July 6, 2017 MOREHOUSE COLLEGE AWARD #HRD SETTLEMENT AGREEMENT AUDIT SUPPLEMENT

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

COMPLIANCE PROGRAM MANUAL

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

I. COMPLIANCE PROGRAM OVERSIGHT

AMERICAN EXPRESS COMPANY AUDIT AND COMPLIANCE COMMITTEE CHARTER (as amended and restated as of September 26, 2017)

THE ANTITRUST COMPLIANCE PROGRAMME OF THE ITALCEMENTI GROUP

FCPA COMPLIANCE PROGRAMS

Internal Control Questionnaire and Assessment

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

DISCLAIMER: EDUCATIONAL ONLY

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004

ARNOLD & PORTER UPDATE

2017 The Global ABB Integrity Program.

White Paper. Effective and Practical Deployment of COSO: Entity Level Control and Lessons Learned. July 10, 2008 THE ROBERTS COMPANY, LLC

American Academy of Orthopaedic Surgeons 2010 Annual Meeting

Sheryl Vacca, CHC-F, CCEP-F, CHRC, CCEP-I, CHPC. SVP/Chief Compliance & Audit Officer University of California

) ) ) ) ) ) See Section 104(g)(2) of the Act, 15 U.S.C. 7214(g)(2); PCAOB Rule

Prince William County Public Schools Annual Audit Plan

AUDITING. Auditing PAGE 1

OFFICE OF EQUITY AND COMPLIANCE COMPLIANCE PROGRAM

BRITISH COLUMBIA INSTITUTE OF TECHNOLOGY POSITION DESCRIPTION

PUBLIC AUTHORITY BOARD MEMBER DUTIES Anita Laremont, SVP - Legal & General Counsel Empire State Development Corporation December 2005

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

Effective implementation of COSO s new anti-fraud guidance

ITSM Process/Change Management

Risk Management Briefing

SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS

HCCA Professional Code of Ethics

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

Creating a Culture of Compliance Through Effective Program Structure 2012 HCCA Compliance Institute

Henkel s Compliance Management System (CMS)

Computer Programs and Systems, Inc. Code of Business Conduct and Ethics

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

Santander Holdings USA, Inc.

UNIVERSAL BUSINESS PAYMENT SOLUTIONS ACQUISITION CORPORATION CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

Audit Committee - Agenda

Audit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards

VC COMPLIANCE PROGRAM

Sarbanes Oxley Impact on Supply Chain Management

County of Cook. Human Resources Job Code: S. Wolcott Room: G-50 Grade: 24 Chicago, IL FLSA: Exempt STANDARD JOB DESCRIPTION

Internal Control Questionnaire and Assessment

Corporate Aviation Safety Management System

Corporate Governance Principles of Auditing: An Introduction to International Standards on Auditing - Ch 14

DAVITA INC. AUDIT COMMITTEE CHARTER

DOMINO S PIZZA, INC. Corporate Governance Principles

BrightPath Early Leaning Inc. Audit Committee Charter

2013 COSO Internal Control Framework Update. September 5, 2013

Fraud Risk Management

Supreme Audit Institutions Performance Measurement Framework

Chapter 2 The Public Accounting Profession

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Office of Internal Auditing

Governance & Total Compliance

Transcription:

The Eighth Element of an Effective Compliance Program Presented by Kenneth L. Blickenstaff, BlickenWolf LLC and Kevin Bennett, StoneTurn Group LLP Scottsdale, Arizona Health Care Compliance Association February 22, 2009 Only the Beginning Global settlement in 1996 ( wave therapy ) First Integrity Agreement experience 1996 Medicaid Fraud Integrity Agreement 1998 The new millennium experience 1999 OIG comments Corporate Integrity Agreements today Industry Standards Compliance expectations We have come a long way! 1

HCCA PERSPECTIVE Compliance Effectiveness Measurement The Health Care Compliance Association ( HCCA ) has surveyed hospitals and systems nation-wide regarding a whole series of compliance related issues since 1998. Starting in 2007 (an indication as to when this was becoming a hotter issue), HCCA asked members to respond to Do you measure the effectiveness of your compliance program? In that survey, the respondents answered yes 60% of the time. In 2008, the result was 58%, thereby indicating that this process is becoming integrated within the majority of healthcare providers. OIG GUIDANCE The Office of Inspector General (OIG) originally provided hospitals with compliance guidance on February 23 rd, 1998 with the publication of its Compliance Program Guidance for Hospitals. The OIG later published its Supplemental Compliance Program Guidance for Hospitals, which also includes a certain amount of clarification around compliance program expectations. tti The OIG considers this document to be a benchmark or comparison against which to measure ongoing efforts and as a roadmap for updating or refining their compliance plans. 2

7 Elements of the OIG s Hospital Compliance Guidance (1998) and 8 th Element added in OIG s Supplemental Guidance (2005) 1. Designation of a Compliance Officer and Compliance Committee 2. Development of Compliance Polices and Procedures, including Standards of Conduct 3. Developing Open Lines of Communication 4. Appropriate Training and Education 5. Internal Monitoring and Auditing 6. Responding to Detected Deficiencies 7. Enforcement of Disciplinary Standards 8. Define Roles and Responsibilities, Assign Oversight for Compliance, and Conduct an Assessment of the Program s Effectiveness RISK ASSESSMENT REQUIRED Federal Sentencing Guidelines - 2004 Risk Assessment has been added as the eighth element of those that comprise an effective compliance program, especially with the amendments to the FSGs in 2004. The Advisory Group to the Federal Sentencing Commission stated, A detailed risk assessment is required to appropriately tailor a compliance program to a company s business circumstances. There are two aspects to risk assessment. First, risk assessment should be ongoing. Second, results of risk assessments should influence the design and implementation of the compliance program in order for it to be effective in preventing and detecting violations of law. 3

FEDERAL SENTENCING GUIDELINES Although declared unconstitutional on January 12 th, 2005, the United States Supreme Court held that the Guidelines will and should be used in at least an advisory capacity. FEDERAL SENTENCING GUIDELINES AMENDMENTS (2004) REFLECTING BEST PRACTICES New Requirements: Management of program: High-level overall responsibility Day-to-day operational responsibility Board must provide reasonable oversight of implementation ti and effectiveness of program Receive reports from individual with day-to-day responsibility Ensure program has sufficient resources Ongoing ethics/compliance risk assessments 4

FEDERAL SENTENCING GUIDELINES AMENDMENTS New Requirements: Company-wide, all-hands training (includes Board) Training should be aligned with roles and risks Channels for internal reporting and advice Discipline i and incentives must support program goals Culture of ethics and compliance Evaluation of program effectiveness SIMILAR THEMES SARBANES-OXLEY Compliance information should flow up to management and the Board: 301(4) Audit Committee must have mechanisms to receive reports on financial integrity 406 Company must have a code of conduct that promotes p y p internal reporting to a designated person 5

SIMILAR THEMES SARBANES-OXLEY Compliance information should flow up to management and the Board: 307 Up-the-Ladder reporting for lawyers Whistleblower protection provisions civil and criminal liability for retaliation SIX MAJOR AREAS OF CHANGE Culture and Responsibility s of Organizational at a Leadership Effective Communication of Standards and Training Monitoring, Auditing, and Evaluation Reporting Systems Accountability & Remediation Ongoing Risk Assessment 6

CULTURE & RESPONSIBILITY OF ORGANIZATIONAL LEADERSHIP Change Must actively promote culture of compliance with all laws Organizational leadership must be knowledgeable about content and operation of compliance program Directors must be knowledgeable about content t and operation of compliance program and exercise reasonable oversight with respect to implementation and effectiveness of program CULTURE & RESPONSIBILITY OF ORGANIZATIONAL LEADERSHIP Change Cage Compliance officer must be given adequate resources with which to implement and operate compliance program Compliance officer must periodically report directly to the Board of Directors (or a Board committee) Board must also hear directly from person(s) having dayto-day responsibility for compliance 7

CULTURE & RESPONSIBILITY OF ORGANIZATIONAL LEADERSHIP Application Considerations Is compliance identified as a priority by top management? Are employees aware of compliance program and their responsibility for compliance? Are Board members familiar with compliance program and its implementation and effectiveness? Does the compliance officer enjoy a high level of authority within the organization? Does the compliance officer have access to senior management? CULTURE & RESPONSIBILITY OF ORGANIZATIONAL LEADERSHIP Application Considerations Does the compliance officer directly report to Board of Directors (or Board Committee)? How often does compliance officer report to the Board regarding implementation and effectiveness of compliance efforts? Are the resources dedicated to compliance efforts commensurate with size and complexity of operations? 8

EFFECTIVE COMMUNICATION OF STANDARDS & TRAINING Change Conduct effective training vs. required participation in training programs Components of Effective Training - must educate all & motivate t employees to comply EFFECTIVE COMMUNICATION OF STANDARDS & TRAINING Application Considerations Has training been done on the compliance program annually? Has it been updated? Assess the type of training conducted based on size/culture of your organization Is there documentation to show that every employee has been trained? Including Board Members? (test it) Has there been specific training on risk areas pertinent to your organization? Has your training been effective? (e.g. increased compliance questions) 9

MONITORING, AUDITING & EVALUATION Change Cage Monitoring is not optional - it is required Must monitor and audit areas of risk as defined by industry standards and specific areas of each provider Scrutinize adherence to program requirements Periodic regular evaluation of effectiveness Independence MONITORING, AUDITING & EVALUATION Application Considerations Do you have a written monitoring plan? (subject, method, frequency, periodically updated) Do you need or have you had an independent review of your program? Do you have written corrective action plans? What are your effectiveness measures? Is senior management made aware of findings? 10

REPORTING SYSTEMS Change Must implement and publicize reporting mechanisms that encourage reporting of violations without fear of retaliation Must have an anonymous reporting mechanism Consider issue of confidentiality for reporters REPORTING SYSTEMS Application Considerations Are whistleblower protections documented and publicized? Are employees aware of how to report compliance violations? Does the organizational culture encourage reporting and support persons making reports? Is there an anonymous mechanism to report violations? 11

ACCOUNTABILITY AND REMEDIATION Change Organization must take action in response to detected violations Response needs to include appropriate disciplinary actions, steps to prevent similar future violations and implementation of appropriate modifications to program to improve detection and prevention ACCOUNTABILITY AND REMEDIATION Application Considerations Are compliance violations dealt with consistently? Are individuals held accountable? Are disciplinary actions taken at all levels? Do you have a policy/procedure in place to address handling of violations? What is the involvement of senior management and the Board in the process? Does the procedure include evaluation and modification of compliance plan? Are remedial efforts documented? 12

ONGOING RISK ASSESSMENT Change NEW Guideline at 8B2.1(c) - independence is implicit Tailor compliance program to company s business circumstances Determination of scope & nature of risks should be ongoing Results of risk assessments should influence design & implementation of an effective program ONGOING RISK ASSESSMENT Application Considerations How do you evaluate potential areas of risk? (who is involved, is the evaluation documented) How do you monitor changes in laws and regulations? H li i d d b i d& Have your policies and procedures been reviewed & updated to reflect industry changes? 13

PFIZER AGREEMENT Best practices may have never been better defined. III.A.3.a. Audit Committee Compliance Obligation at least quarterly review of Compliance Program, including evaluating its effectiveness. III.A.3.b. see handout WHAT CONSTITUTES EFFECTIVENESS Effectiveness of the Compliance Program? Effectiveness of Compliance Risk Assessments? YES YES 14

WHAT IT MEANS TO YOU An examination of the authorities above indicates that compliance risk assessments and internal departmental risk assessments must be performed and should be performed by an independent source. If there should be an investigation of your institution, a history of effective risk assessment may be a factor related to the imposition of a corporate integrity agreement by OIG. HOW DO YOU DO IT? Risk of inaction Independence Program must be: Effective Comprehensive Current Proactive Supportive Ingrained in the culture in a positive way 15

Where Do We Go from Here? No one knows for sure but we are better prepared to meet any contingencies We are ahead of the game for now Your continued involvement and interaction is key Best practices search goes on! Thanks for all you are doing! 16

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback