Kusserow on Compliance: OIG issues resource guide on measuring compliance program effectiveness

On January 17, 2017, the HHS Office of Inspector General (OIG) hosted a group of compliance professionals to discuss ways to measure the effectiveness of compliance programs. It really was a “brainstorming” session with the objective to generate to a large number of ideas for looking at the seven standard elements of a compliance program. The key term to remember is “ideas.” On March 27, 2017, the OIG posted a Resource Guide that included these ideas about compliance programs, not a “checklist” to assess a compliance program. It was generated to provide as many ideas as possible, while being broad enough to assist any type of organization and permit each to choose which ones best suit its needs. Some ideas may not apply to some entities. The Guide provides ideas from which an organization may choose a small number in any given year. The Guide does not follow the OIG compliance guidance documents in detail, except that it addresses the seven standard elements. As such, many items listed cannot be found or tracked. This list provides ideas for measurement options to a wide range of organizations with diverse size, operational complexity, industry sectors, resources, and compliance programs.

Using all the ideas or even a large number of these was deemed impractical and is not recommended. The OIG notes that how the list in the guide can be used depends on those using it. Some of these suggestions might be used frequently and others only occasionally. The frequency of use of any measurement should be based on the organization’s risk areas, size, resources, industry segment, etc. Each organization’s compliance program and effectiveness measurement process will be different. The following compliance program elements were addressed by the participants in work groups over a series of sessions:

  1. Standards, Policies, and Procedures;
  2. Compliance Program Administration;
  3. Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  4. Communication, Education, and Training on Compliance Issues;
  5. Monitoring, Auditing, and Internal Reporting Systems;
  6. Discipline for Non‐Compliance; and
  7. Investigations and Remedial Measures.

It is worthwhile remembering that effectiveness is related to “outcome,” not output.   For example, having compliance training for all covered employees is a process outcome metric. How well the participants learned the lessons and retained them is a factor of outcome or effectiveness of the training. When reviewing the lists provided in the Guide, remember most of the items relate to process. Another important factor to consider is how determinations relating to items on the listing will be made, and by whom.

Measuring overall effectiveness 

In its compliance guidance documents, the OIG cites two ways program effectiveness can be measured.

  1. Employee Surveys. In the listing, there were notations throughout that relate to outcome.   In many places, it was suggested to use surveys to learn about employee knowledge, understanding, and attitudes related to compliance issues. In fact, surveys were mentioned 61 times throughout all seven elements. Surveys were also included in the various OIG compliance guidance documents as a means for measuring compliance program effectiveness. There are two types that can be used: a Knowledge Survey that measure employees on their knowledge and understanding of the compliance program, and a Compliance Culture Survey that measures employee attitudes and perceptions concerning organization compliance. Both compliance knowledge and culture surveys were cited as ways to determine how well things were functioning. If a validated and tested survey is used and administered independently that ensures anonymity of respondents, there is great value in the results. The value can be magnified many times if the results can be benchmarked against a large universe of those using the identical survey instrument. Organizations can also benchmark results from one survey to another, showing program improvements. Results from this survey provide powerful evidence of compliance program effectiveness to executive leadership, the board, and even to outside authorities.
  2. Independent Compliance Program Effectiveness Evaluation. OIG compliance guidance documents note that all program managers are responsible for ongoing monitoring of their areas of responsibility.   Alongside of that is ongoing auditing by those independent of the program area to verify that the monitoring is taking place and validate that it is effective in addressing any high-risk areas. Compliance is also a program and the listing in the Guide can be useful for the compliance officer in monitoring compliance. However, the compliance officer cannot independently audit his or her program for effectiveness.   This must be done by an outside, independent, and objective party. As such, a compliance program effectiveness evaluation can look across all seven elements, and most of the ideas in the Guide should be addressed in the results.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.