Kusserow on Compliance: 2017: Time for independent compliance program effectiveness evaluation?

Tom Herrmann, J.D., retired after a career in the Office of Counsel to the Inspector General, has been a compliance consultant for the the past ten years. He notes that the HHS Office of Inspector General (OIG) and other regulatory bodies have stressed the importance of evidencing Compliance Program (“CP”) effectiveness. Furthermore, compliance officers, like any program manager, are responsible for ongoing monitoring of their program; and the program should be subject to ongoing auditing. The OIG has made clear that program managers cannot audit their own program’s effectiveness and that includes the compliance program. What this means is that periodically the organization should seek an independent evaluation by experts. This is not important only to show government agencies.  It is especially valuable in providing convincing evidence to boards and executive leadership that the program is progressing on the desired path.

Carrie Kusserow has 15 years’ compliance experience, having both served as compliance officer in major health care organizations and been a consultant leading teams of experts conducting program evaluations. She notes that conducting such reviews in growing in importance.  The OIG in its practical guidance has gone so far as to urge boards to engage compliance experts to assist them in providing active oversight of the compliance program.  The OIG Corporate Integrity Agreements now mandate boards engage Compliance Experts to advise them on the program and then have them personally certify its effectiveness. Knowing that is the new standard should be a warning shot to all compliance officers to get ahead of the power curve by engaging experts and finding out what they say.  It provides opportunity to evidence acting upon findings and recommendations.  It is always better for the compliance officer to take the lead in seeking experts to evaluate the program.  It sets the tone that experts are being sought to improve the program and any findings and recommendations can be accepted as useful to advancing the program.

Camella Boateng is a Certified Healthcare Compliance (CHC) and Healthcare Privacy Compliance (CHPC) professional and has served on multiple occasions as a compliance officer, as well as conducted compliance program evaluations.   She makes the point that this type of review is not simple and to have value must go beyond a checklist of the standard seven elements. To be of value to compliance officers means that the review must focus on how well the program is functioning and not just the design. The results of the review needs to relate to outcome metrics, not process output.  A significant part of any such evaluation should relate to the high-risk areas identified by the OIG. The expertise and experience of the compliance experts used is critical for the most useful results.  A detailed report of this type can be expected to be 50-75 pages in length.

Al Bassett, J.D., has conducted more compliance program effectiveness evaluations than just about anyone in the country over the last 20 years. He states that the results from this approach should provide an in-depth analysis of the status of the program, identify in the findings and observations opportunities for improvement, and specific recommendations and suggestions as to how any deficiencies may be overcome. Done properly, it should be a collaborative effort with active involvement of the compliance office, executive leadership and the board.  The scope of the work should include a full compliance-related document review; onsite interviews with members of executive leadership and selected key staff; focus group meetings; and onsite audit of key features of the program.   Special attention should be given to the compliance work plan and how well ongoing auditing and monitoring is addressing high risk areas.

Steve Forman, CPA, has twenty years experience as a compliance officer and consultant, along with previously serving as Director of OIG Management Operations. He also believes the real value of compliance program evaluations is in its operations and that effectiveness is best found with the first line managers and how they are communicating and supporting the program.  If the truth be known, immediate supervisors have more influence with their subordinates when it comes to compliance that any utterances from the CEO, compliance officer, or board members.  Gaining that insight will come not only from interviewing a number of managers, but focus group meetings with staff.   Forman also likes using the Compliance Knowledge Survey of employees on their understanding of the compliance program. It is a great tool to validate how things are working and permits comparisons with the universe of those who employed it.  The key point is that if the message is received and understood by employees, that is the best evidence that the compliance program is working. He notes that the OIG also endorses this method as a tool for measuring compliance program effectiveness.

16 Best Practices Tips

  1. Engage experts now to find out what “fresh eyes” see in the compliance program.
  2. For sound results, engage a firm that is truly expert on compliance programs.
  3. Check the credentials of the individuals who would be used to conduct the review.
  4. Ensure that those who perform the review are real experts, avoid bait and switch.
  5. Examine the history and leadership of the prospective firms for the evaluations.
  6. Ask how many such evaluations they have been performed by the firm.
  7. Seek references of past work in order to learn how valuable results were.
  8. Avoid firms who use a common checklist approach as the results will be poor.
  9. Focus on a top-down, as well as bottom-up review as to how the program is working.
  10. Review should include (a) full document review; (b) onsite operations audit; (c) executive, board, and key employees interviews; and (d) focus group meetings.
  11. Ensure everyone knows that compliance will always be work in progress, never completed.
  12. Stress seeking opportunities for improvement and best practices.
  13. Consider employing the Compliance Knowledge Survey for measuring effectiveness.
  14. Reviews should focus on auditing and monitoring of high risk areas.
  15. Use only those certifying meeting GAGAS operational review standards.
  16. Seek a fixed price agreement for the review.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.