Kusserow’s Corner: Briefing the Board Compliance Oversight Committee

An effective Compliance Program (CP) includes having the Board of Directors create a Compliance Committee to actively oversee its implementation and operations. The HHS Office of Inspector General (OIG) Compliance Guidance documents speak to this issue in some detail. The HHS Inspector General Dan Levinson noted in a keynote address before the Health Care Compliance Association, Compliance Institute, that boards have a duty to learn about the operation of the CP including how the compliance reporting system works and what is learned as result of it. The challenge for a Compliance Officer (CO) is how to keep the Committee informed, interested, and supportive of the program. To make it work properly, the CO must ensure they are sufficiently in touch with the details of CP operation so as to be able to meet their fiduciary obligations and duties. The frequency of such reports depends on many variables, but there should be reporting on a regular basis. The best boards use this information to be active, questioning, and exercise (constructive) skepticism in their oversight.

A major consideration for COs is how and what information they need to provide the Committee in order to keep them properly in touch and supportive of the CP. It certainly should begin with assisting the Committee to understand the seven critical standards of the CP, beginning with the structure, management, and operation of the CP; and the appropriate authorities that a CO needs to properly carry out the mission of the CP. The CO must also educate the Committee on the goals and objective of the CP; and give them a realistic understanding of the resources necessary to achieve those ends. Beyond that they need to have a continuous stream of information in briefings and reports. The following are some specific examples of types of briefings and reports that may be provided to the Committee:

  1. What authorities the CO needs in order to properly implement and manage the CP
  2. The level of resources necessary for proper operation of the CP
  3. How and why all covered person are to be held accountable for meeting their compliance obligations
  4. Involving them in Code and compliance related policies development, approval, and implementation
  5. Evidence that the Code and compliance policies are understood and accepted across organization
  6. The steps taken to publicize the importance of the Code to all of its employees
  7. What compliance-related policies and procedures have been implemented in support of the CP
  8. What policies are needed to address compliance risk areas and to counter those vulnerabilities
  9. Report on the scope and results of compliance-related education and training
  10. Evidence that compliance training has been effective in education on compliance and high risks
  11. Measures taken to enforce training requirements and to provide remedial training as warranted
  12. Results of ongoing high risk monitoring by program managers
  13. Results of ongoing auditing that verifies and validates results of program manager monitoring
  14. The manner by which the CO identifies and manages new compliance risks
  15. Briefing on significant regulatory and industry developments affecting organization’s risk
  16. Results of periodic independent reviews of the CP
  17. Compliance communication (e.g., hotline) results
  18. The process for the evaluation and responding to suspected compliance violations
  19. Explaining those policies that provide protection of “whistleblowers” reporting potential problems
  20. The means by which the CO protects and preserves compliance documents and information
  21. Metrics that evidence, track, and measure CP effectiveness.

It is not reasonable to try to cover all these and other issue areas at every meeting of the Board Committee. That would tend to be redundant and uninteresting that would sap their interest and motivation to do what they need to do. COs may want to consider grouping issue areas into theme reports. If there are four regularly scheduled meetings with the Committee, each meeting might have a separate theme and be presented in the same quarter annually. For example, the first meeting of the year could discuss the proposed CO work plan that includes addressing high-risk areas, including those recently identified, as well as ongoing auditing of the selected program manager monitoring of their respective compliance risks. A second meeting could address compliance education and training provided to covered persons and offers a means to deliver the necessary training for Board members. Another meeting could focus on compliance communication and hotline operations that includes how identified potential regulatory and legal problems were addressed, corrective action measures taken, any disclosures to outside parties, etc. The last meeting of the year can address overall results and metrics of the compliance program for the year, as well as discussing and justifying budgetary needs. Other issue areas can be added to any one of the four theme reports, as well as any ad hoc issues that may arise. By combining the issues into theme reports for each scheduled meeting, the Committee will learn as to what to expect from the meetings and not just get a rehash of prior meetings. The pattern of reporting can be repeated annually and become a settled process.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC. Published with permission.