Kusserow on Compliance: Questions Boards should be asking their compliance officer

Effective compliance programs require top-down commitment beginning at the Board level to oversee and support its implementation and operations.  The Board should have a committee to do this. The OIG compliance guidance calls for a Board level committee to oversee the Compliance Program (CP). The HHS Inspector General, General Dan Levinson has noted that the best boards as those that are active, questioning, and exercise (constructive) skepticism in their oversight. He further stated that Boards have a duty to ask probing questions about the operation of the Compliance Program, including how the compliance reporting system works and what reports they can expect on the reporting of compliance issues. They have a duty to ask probing questions about the goals and objective of the compliance program. The problem for most Boards is to know what type of questions they should be asking. Compliance Officers should assist them with this problem; however they in turn should be prepared to provide full and complete answers to them. The OIG and American Health Lawyers Association developed specific suggested questions that Board’s should be asking about the compliance program that the compliance officer should be prepared to provide proper responses to them. They jointly produced “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors.” The following are drawn from these advisory documents:

  1. Does the compliance officer have sufficient authority to implement the program?
  2. What are the resources necessary to properly implement operate the program?
  3. Has compliance officer been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees held equally accountable for compliance?
  6. How has the code been incorporated into corporate policies across the organization?
  7. What evidence is there that the code is understood and accepted across organization?
  8. Has management widely publicized importance of the code to all of its employees?
  9. Are there compliance-related policies that address operational compliance risk areas?
  10. Are there policies/procedures for the compliance program operation?
  11. How often are compliance-related policies reviewed and updated?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there of the effectiveness of compliance training is effective?
  14. What measures are taken to enforce training mandates?
  15. What evidence that employees understand what is expected of them regarding compliance?
  16. How is compliance risks identified?
  17. What is the evidence that identified compliance risks are being addressed?
  18. How is the compliance program structured to address such risks?
  19. Does the compliance program undergo periodical independent effectiveness evaluation?
  20. What is the process for the evaluation and responding to suspected compliance violations?
  21. What kind of training is provided to those who conduct investigation of reported violations?
  22. How does Compliance, HRM & Legal Counsel coordinate resolving compliance issues?
  23. What are the policies to ensure preservation of relevant compliance program documents and information?
  24. What policies address protection of “whistleblowers” and those accused of misconduct?
  25. What are the results of ongoing compliance monitoring by all program managers?
  26. How is ongoing compliance auditing being performed and by whom?
  27. How often is sanction-screening conducted with what results?
  28. What are the results from sanction-screening and are they certified by responsible parties?
  29. Has the compliance program been evaluated for effectiveness by a qualified independent reviewer?
  30. What evidence is there concerning hotline operation and follow-up investigations?
  31. What are the metrics being used to evidence compliance program effectiveness?
  32. What are the results of an independent review and assessment of the compliance program?


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.