Structuring Compliance: The Duke Model

Similar documents
Using a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness

Audit Committee Charter Amended September 3, Tyco International plc

CORPORATE COMPLIANCE PROGRAM CHARTER

UNIVERSITY STANDARD. Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE. Introduction

Office of Internal Auditing

UNIVERSITY OF PITTSBURGH POLICY CATEGORY: RESEARCH ADMINISTRATION SECTION: Research SUBJECT:


Research Job Summaries

CHARTER OF THE BOARD OF DIRECTORS

FDA Audit Preparation

Research Shared Services:

Fourth Annual Pharmaceutical Regulatory and Compliance Congress

Audit Committee - Agenda

UPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.

OSHKOSH CORPORATION BOARD OF DIRECTORS AUDIT COMMITTEE CHARTER. As Amended as of May 9, 2016

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

Management Excluded Job Description

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

Review of Duke Energy Florida, LLC Internal Audit Function

Measuring Compliance Program Effectiveness

Annual Report on Compensation Board of Regents Faculty and Staff Affairs Committee

FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY

Conflict of Interest Policy. Version Approved by Approval date Effective date Next full review. All persons subject to the UNSW Code of Conduct

Compliance Program Effectiveness Guide

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

HFMA Career Center Sample Job Description

Position Description Cover Sheet

GUIDELINES. Corporate Compliance. Kenneth D. Gibbs President & Chief Executive. Martin A. Cammer Senior Vice President & Corporate Compliance Officer

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

MPAC BOARD OF DIRECTORS MANDATE

Administrative Faculty Job Evaluation Model

Allergan plc COMPREHENSIVE COMPLIANCE PROGRAM

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

Creating a Culture of Compliance Through Effective Program Structure 2012 HCCA Compliance Institute

AUDIT COMMITTEE CHARTER

EHRA Non Faculty Salary Structure

New York-New Jersey Trail Conference Board of Directors - Functions Approved by the Board March 23, 2004

Actions Taken to Assist Customers and Strengthen Operations and Governance

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Human Resources Job Summaries

USC Compliance and Ethics Program Governance and Standards

LeiningerCPA, Ltd. INTERNAL AUDIT AND CONTROL POLICY STATEMENT. Summary of Overall Responsibilities and Objectives

SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER

CONFLICT OF INTEREST POLICY

MAGNA INTERNATIONAL INC. BOARD CHARTER

Self Assessment Workbook

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

LINCOLN UNIVERSITY. Introduction and Purpose

Strengthening Control and integrity: A Checklist for government Managers

This Audit Committee Charter (this Charter ) has been adopted by the Board of Directors (the Board ) of McGraw-Hill Education, Inc.

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF MULESOFT, INC.

Ethics Committees/IRBs Today: Challenges for Efficiency and Quality

COLLEGE OF PHYSICIANS AND SURGEONS OF ONTARIO GOVERNANCE PROCESS MANUAL

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

Triple C Housing, Inc. Compliance Plan

Investigator Conflict of Interest Disclosure Policy for Human Subjects Research

Sharp HealthCare s 2017 Compliance Education. Compliance and Ethics Module 1

SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Internal Controls: COSO, the Uniform Guidance, and More!

Compliance Program Full Self-Assessment Draft1

Financial Services Job Summaries

Regents of the University of Michigan Committee Charters Last updated June 17, 2010

BOARD OF DIRECTORS CHARTER

Terms of Reference of the Audit Committee

Staff Position Management Guidelines

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

CORPORATE GOVERNANCE KING III COMPLIANCE

THE UNIVERSITY OF BRITISH COLUMBIA

Corporate Compliance Program

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

DIRECTOR OF COUNSELLING STUDENT WELLNESS CENTRE

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

Checklist for Higher Education

AUDIT COMMITTEE CHARTER (updated as of August 2016)

DAVITA INC. AUDIT COMMITTEE CHARTER

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

External IRB Review What Does it Mean for Your Institution

Declaration Pursuant to California Health and Safety Code (e)

W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES

Anthony M. Tocco CCEP, CIA, CFE Chief Compliance Officer DTE Energy

BrightPath Early Leaning Inc. Audit Committee Charter

Campus Guidelines for Non-Classified Salary Increases

Enterprise Risk Management

AMENDED AND RESTATED ON SEMICONDUCTOR CORPORATION CORPORATE GOVERNANCE PRINCIPLES

Pharmaceutical Congress Spring Preconference Symposia Compliance 101 for Pharmaceutical Manufacturers

A Firm s System of Quality Control

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

Audit Committee Charter

NATIONAL VISION HOLDINGS, INC. CORPORATE GOVERNANCE GUIDELINES

FY17 Annual Risk Assessment and Internal Audit Plan

BAYLOR UNIVERSITY REPORT OF EXTERNAL AND INDEPENDENT REVIEW RECOMMENDATIONS. Take swift and certain action consistent with these recommendations.

Allergan plc Board of Directors Corporate Governance Guidelines

ANNUAL AUDIT PLAN FISCAL YEAR

August 14, Dear Ms. Gula:

TG Therapeutics, Inc. Audit Committee Charter

npliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for

INTERNAL AUDIT OFFICE

Transcription:

Structuring Compliance: The Duke Model June 2, 2014 Michael L. Somich, Executive Director, Office of Internal Audits Tina R. Tyson, JD, Chief Ethics and Compliance Officer What is a Compliance Program? A program to effectively detect and prevent criminal conduct and promote an organizational culture that encourages ethical conduct and commitment to compliance with the laws and regulations. ( 8B2.1(a) Federal Sentencing Guidelines) 2 1

Effective Compliance Program Elements Under Federal Sentencing Guidelines Board level involvement and high level executive responsibilities Specify individual and operational responsibilities Implement and communicate written policies and procedures Develop policies and procedures for anonymous reporting and program effectiveness review Conduct monitoring and auditing Respond promptly to detected problems and undertake corrective action Enforce standards through well-publicized disciplinary guidelines Address risk assessment 3 Status at July 1, 2004 Duke University Health System Chief Compliance Officer Reported to Compliance/Audit Committee and CFO Formalized plan Emphasized third party billing/oig work plan Reliance on University for many compliance areas 4 2

Status at July 1, 2004 School of Medicine Chief Compliance Officer Reported to Vice Dean of Operations Risk assessment performed Emphasis on programmatic issues Clinical Trial Quality Assurance group Some coordination with others responsible for SOM compliance (animals, cost, OES) Role predominantly operations 5 Status at July 1, 2004 Duke University Decentralized No clear direction of responsibility No risk assessment and monitoring plan 6 3

June 2005 Senior Leadership (President, Chancellor of Health System, EVP, Provost, SOM Vice Dean for Operations, General Counsel) approved formation of a committee (Compliance Coordinating Committee) to identify gaps and create a formal institutional compliance program. 7 Institutional Compliance Plan What compelled Duke to do this? It was the right thing to do. Risk of not doing. 95% of OIG penalties can be waived if effective compliance plan is in place. Current environment (OIG) Other peer audits and disclosures (e.g. Northwestern, Johns Hopkins) Sarbanes environment, expectation of investment bankers and Board Many peer institutions had institutional compliance plans; Recent survey (2/05 NACUBO Business Officer): 43% in survey had an institutional compliance program 79% thought they should have one We did not know all the laws we were responsible for or who owned and managed them We had not provided expectations of people managing compliance There was a lot that we knew we did not know. 8 4

Desired Structure 9 Structure Goals Involve all Senior Management in Steering Committee Provide Health System opportunity to collaboratively participate and share its experience in compliance Acknowledge DU is providing basic monitoring of compliance for Health System There would not be a significant increase in cost. Additional cost will be distributed across campus Compliance Coordinating Committee will make recommendations; responsibility still lies with compliance officers/managers/liaisons and supervisors Once responsibilities are defined, need for Chief Compliance Officer is expected 10 5

Steering Committee Composition Senior Leadership: President (Brodhead) Chancellor (Dzau) Provost (Lange) Executive Vice President (Trask) SOM Vice Dean for Operations Academic Dean Arts & Sciences General Counsel 11 Steering Committee Mission/Objective Articulate corporate values Provide vision of institutional compliance Define levels of acceptable risk Provide visible support for compliance efforts Specify expectations of Compliance Coordinating Committee (CCC) Monitor activities of CCC Consider and approve recommendations of the CCC Receive CCC report to the Audit Committees 12 6

Compliance Coordinating Committee Composition Executive Director of Internal Audits Chair (Somich) Health System Corporate Compliance Officer School of Medicine Compliance Officer Research Costing Compliance Officer Vice Provost for Research NCAA Compliance Officer Registrar Financial Aid Representative Environmental Health and Safety representative Human Resources representative Office of Institutional Equity Steering Committee sets composition of Compliance Coordinating Committee 13 Compliance Coordinating Committee Divided into two groups: 1. Develop a matrix of Federal Sentencing Guidelines and how we will structure the Duke program to meet those requirements 2. Develop an inventory of laws and regulations Duke must comply with a. Identify owner (one of top four senior leaders) b. Identify compliance liaison (the manager of the process) 14 7

Issues of Concern Resources requirements Compliance officers/managers/liaisons not assigned for specific areas Compliance officers not monitoring, documenting, dealing with exceptions correctly; not meeting sentencing guideline requirements Behavioral changes required. Will the Steering Committee be committed to enforce change? 15 May 2006 - Steering Committee Approved CCC proposed matrix of roles and responsibilities Approved inventory of laws and regulations and owners and managers of the compliance risks Approved next steps Code of Conduct to be developed Administrative Conflict of Interest process review Training of compliance managers/liaisons Orientation of new and existing employees Hot lines 16 8

Compliance Program Standards and Responsibilities Duke University: 2014 Compliance Program Standards and Responsibilities The US Federal Sentencing Guidelines describe the elements it considers when determining whether an organization has an effective compliance program: "an organization shall (1) exercise due diligence to prevent and detect criminal conduct and (2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law." The minimum elements required to demonstrate these points are as follows. GOVERNANCE PROGRAM DEVELOPMENT & OVERSIGHT RISK OWNERSHIP AUDIT COMPLIANCE PROGRAM STANDARD Audit Committee (AC) Risk Compliance Steering Committee (RCSC) Overall Duke University Ethics & Compliance Office andduke University Health System (DUHS) Senior Leadership & Operational Compliance Office Management Compliance Liaisons Office of Internal Audits, Duke University Ethics & Compliance Office, DUHS Compliance Office STANDARD 1: Review & approve major compliance policies. Review and approve major compliance policies. Manage operations in accordance Provide policy and procedural guidance to Develop and implement policies and with approved policies and liaisons. Provide recommendations to RCSC procedures related to assigned procedures. Implement operational and AC related to major policies. compliance risks. controls to support compliance. N/A Establishment of standards and procedures to prevent and detect criminal conduct. Review reports of compliance activities to evaluate adequacy of standards and procedures. Provide guidance to management on appropriate controls and Demonstrate that mechanisms are Provide guidance to liaisons on key processes to address identified in place to identify problem areas elements to be included in risk assessments, risks. Audit defined processes, Review reports of compliance and to prevent, detect and correct development of monitoring plans and Ensure appropriate processes are in where appropriate, to assess activities to evaluate adequacy of non-compliant behavior. Assist respond to non-compliant behavior. Provide place to manage compliance risks. operational adequacy of standards and procedures. management in ensuring guidance on controls and processes to compliance controls and appropriate processes are in place to address identified risks when appropriate. procedures, and to assess address compliance risks. compliance with regulatory requirements. 17 Fall 2006 Training and Risk Assessment Hired Institutional Ethics and Compliance Director Develop training of managers/liaisons Education Risk assessment Monitoring Reporting Remediation Execute training of managers/liaisons Perform initial risk assessment 18 9

5 2014 COMPLIANCE RISKS 4 3 Impact 2 HIGH IMPACT Animal Welfare Clinical Trials.gov Disclosure OTHER ISSUES Remaining Issues INSTITUTIONAL RISKS Athletics Clinical Trials Billing Conflict of Interest Effort Reporting Export Controls Foreign Corrupt Practices Act Human Subjects Research Protection HIGH PROBABILITY Research Costing Compliance 1 - - 1 2 Probability 3 4 5 19 Reporting Institutional Risks Quarterly to IECP Director Report prepared for review by Steering Committee before Audit Committee High Probability or High Impact Semiannual reporting to IECP Director Reported to Steering Committee in advance of Audit Committee 20 10

Formation of the Restructured School of Medicine Compliance Office School of Medicine Chief Compliance Officer recruited at time that Duke was restructuring much of clinical research and internal controls around clinical trials billing Designed to be a fully effective compliance program under Federal Sentencing Guidelines 21 Initial Compliance Work Plan Scope Designed to assess the top compliance risks to the School of Medicine Baseline assessment Adjust the time frames for future reviews based on initial assessment audits Trend analysis Partner with Senior Leadership on global changes. 22 11

Risk Assessment Methodology The areas identified in initial work plan were prioritized based upon risk assessment using the following criteria were utilized: Financial and reputational impact The probability of occurrence The Office of the Inspector General s Work Plan High Risk Areas The audit findings and investigational results at other major universities Feedback from School of Medicine and Health System Administration Feedback from compliance liaisons The School of Medicine s enterprise-wide risk assessment 23 Methodology for Addressing and Allocating Risks within the Work Plan The following risks were deemed so significant to the School of Medicine that they were integral components of annual reviews. Areas requiring yearly review Clinical Trials Billing Conflict of Interest Research Financial Compliance Human Subject Research Health Insurance Portability and Accountability Act (HIPAA) a. HIPAA Privacy b. HIPAA Security 24 12

Additional Significant Risk Areas Additional areas stratified over first three to five years of work plan: 1. Select Agents 2. Institutional Biosafety Committee 3. Anatomical Gifts 4. Export Controls 5. Institutional Review Board/Office 6. Pre-Award Office (Office of Research Administration) 7. Post-Award Office (Office of Sponsored Programs) 8. Institutional Animal Care and Use Committee/Animal Welfare Assurance Office 9. Environmental Issues Occupational & Environmental Safety Office (OESO) 25 Staffing Senior Leadership wanted assessment of all risk areas within 3-5 years so that if trends were identified, enhanced tools and controls could be developed and they could be assured that all areas had been reviewed. Staffing projections required analysis of skills needed for different types of reviews 26 13

Clinical Trials Quality Assurance Human Subject Review Compliance Reviews and clinical trials billing compliance reviews (both review types for each protocol selected) Senior clinical research nurses, clinical trials billing administrators Train in audit skills Cross-train on risk areas 27 Compliance Review Services Conduct research financial compliance reviews and reviews of other highly regulated risk areas (IRB, IACUC, IBC, COI, etc.) Needed comprehensive understanding of different kinds of federal grants and specific requirements Requires good analytical skills, and ability to learn other risk areas Former directors of Pre Award and Post Award offices Grant managers Senior Internal Auditor Cross training 28 14

Analyzed numbers of reviews needed, stratified across 3-5 years Estimated time for completion of each type of review, number of reviews per year, number of auditor hours involved and calculated FTEs Worked with Senior Leadership and Chair of Audit Committee in getting FTEs approved Hiring and training took several months 29 Reporting Structure SOM Chief Compliance Officer reported to the Audit Committee of the Duke University Board of Trustees through the Chancellor of Health Affairs. Would also brief Senior Leadership of the University on major findings, status updates and work plan through the Institutional Compliance Steering Committee. 30 15

Examples of Program Success: Conflict of Interest Detected areas for improvement in COI review and management process Organized COI Advisory Committee to oversee restructuring Advisory committee supervised outside consultants, drove deadlines, and redesigned process flow for vetting of COI forms Continues to provide advisory services and leadership in area of COI and recommends any policy or process changes Re-designed/approved/revised disclosure form Developed Institutional COI policy and process changes Continually tracks disclosure processing Recommends any needed policy or process changes Compliance office reviews conflict of interest annually 31 Clinical Research Units When trends identified in some areas, partnered with Senior Leadership to require: Enhanced training and competency testing for research personnel HR realignments Monitoring required on localized level with escalation and reporting to compliance office 32 16

Research Financial Compliance Tools and Technology Enhancements Coordinated with Senior Leadership regarding trends to enhance accountability and technological tools used to manage risks in this area Enhanced front end controls Risk based detailed assessments Enhancements to internal controls related to cost transfers New technology New Effort Reporting System MyResearch 33 Compliance Scorecards Compliance made very meaningful with departmental business managers. Compliance one of several factors linked to incentive compensation. Tracked monthly via School of Medicine Risk Assessment Committee 34 17

Program Evolution Institutional Compliance and Ethics Program merged with School of Medicine Compliance Office to form Duke Ethics and Compliance Office (DECO) Effective August 1, 2013, Duke University Ethics and Compliance Office was formed from the combination of: School of Medicine Compliance Office (SOMCO); and Institutional Ethics and Compliance Program (IECP) The combined office serves all of Duke University including the School of Medicine and School of Nursing and is under the leadership of Tina R. Tyson, J.D. as the Chief Ethics and Compliance Officer for Duke University. 35 Expansion All components of the former School of Medicine Compliance Office are still in effect, but the portfolio has been expanded to add: Ethics and Compliance Monitoring portfolio that was formerly part of the IECP Compliance auditing and advisory services on campus 36 18

Ethics and Compliance Monitoring Work with units across institution in defining regulatory risk areas and areas to self monitor Institutional risk areas have monitoring provided to DECO quarterly Second tier additional risk areas provide monitoring semi-annually All others provide monitoring annually 37 Institutional Compliance Risk Assessment Institutional Risks: Athletics - National Collegiate Athletic Association (NCAA) Clinical Trials Billing Conflict of Interest Effort Reporting Export Controls Foreign Corrupt Practices Act Human Subjects Research Protection IT Security Medical Insurance Billing (Monitored through DUHS Compliance and reported to DUHS Audit Committee) Risk Category Risk Ranking Impact and Probability Reporting Frequency Institutional High/High Quarterly Additional risks High/Medium or Medium/High Semi-annually All other risks Those not included above Annually Additional High Risks: Animal Welfare ClinicalTrials.gov Disclosure Research Costing Compliance including: Cost Allocation Standards, Cost & Salary Transfers, Specialized Service Centers, Subrecipient Monitoring, and Timeliness of Award Closeout 38 19

Compliance Audit Activities Duke Ethics & Compliance Office Compliance Review Services section (CRS) performs audits of research compliance for Schools, Departments, Centers, and Institutes. CRS Review Objectives: Institutional compliance with corrective actions from prior review Effort reporting NIH salary cap and cost sharing NIH Career (K) Awardees level of effort and salary Administrative and clerical salaries Allowability and allocability of charges to federal grants Cost transfers HIPAA Privacy/IT Security Shared resources 39 Clinical Research Audit Activities Duke Ethics and Compliance Office Clinical Trials Quality Assurance section (CTQA) Reviews Studies for Review: Chosen based on 13 factor risk analysis Strategized across Clinical Research Units Modeled on FDA Reviews Focus: Good Clinical Practices Protocol Adherence (IRB Protocol) Federal regularity requirements Institutional policies and procedures Scope: IRB Documentation PI & Staff Qualifications Subject Documentation Inclusion/exclusion criteria (subject eligibility) Screening Enrollment logs Informed Consent Forms Delegation of Authority Correspondence Laboratory Documentation Test Article Accountability Case Report Forms Source Documentation HIPAA 40 20

Clinical Trials Billing Performed for protocols selected for human subjects research compliance reviews For billing risk studies, assess order sets and billing calendars after migration to Maestro Care Subject Capture Accuracy of capture of enrolled subjects Timeliness of entry Subjects identified in Billing system Corrections For studies designated as no billing risk, validate no billing risk determination 41 42 21

Benefits of Combining Programs Leverage monitoring to focus audit efforts in some risk areas Clinical Research Unit monitoring allows reduction in target numbers of Clinical Trials Quality Assurance Reviews Audits Risk prioritized based on monitoring results Expand Federal Grant related audits to campus schools Leverage resources and share management tools Trend analysis informs additional tools/controls Create capacity for additional value-added consulting efforts 43 Mission The Duke University Ethics and Compliance Office: Provides the vision for institutional compliance and articulate corporate values; Ensures that the program meets the elements of the Federal Sentencing Guidelines related to effective compliance programs; Defines levels of acceptable risk; Visibly supports compliance efforts; and Evaluates and responds to instances of noted noncompliance. The role of the office is to provide expertise, consultation and assessment in matters of compliance as well as to facilitate implementation of a "compliant culture" appropriate to a top-ten university with an academic medical center. In accordance with this mission, the office conducts compliance reviews related to Human Subjects Research Compliance, Clinical Trials Billing Compliance, Research Financial Compliance and other regulatory risk areas identified as part of the institutional risk assessment. 44 22

Contact information Michael L. Somich Executive Director, Office of Internal Audits 919-613-7611 msomich@duke.edu Tina R. Tyson, J.D. Chief Ethics & Compliance Officer 919-684-2475 tina.tyson@duke.edu 45 23

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback