Kusserow on Compliance: Compliance risk assessment factors

 Testing compliance controls is a major compliance responsibility. This needs to be done at a program, department, or operational function area level. The responsible program manager or department head should be responsible for conducting her own risk assessments, as part of her ongoing monitoring responsibilities. The following are some risk factors that could exist in any program operation and could increase the risk of non-compliance. 

  1. What is the attitude of the program/department manager toward compliance controls?
  2. How committed and diligent is the manager toward ongoing monitoring duties?
  3. How well are policies and procedures kept up to date with changes in rule and regulations?
  4. Is there documentation & communication of organizational structure/mission & functions?
  5. Are all new hires carefully screened for their credentials and for any history of sanctions?
  6. Are all employees trained on written compliance controls, policies, and procedures?
  7. Has there been careful delegation and communication of authority for the management train?
  8. How well controlled is the administration of contracts, interaction with vendors/providers?
  9. Is the level of staffing appropriate to meet requirements of work?
  10. How is the management of confidential or sensitive material handled?
  11. How has the potential for conflicts of interest been addressed?
  12. What documentation is there for identified errors or irregularities?
  13. Do the managers periodically document and report errors and actions taken to correct them?
  14. Do employee standards and evaluations include compliance?
  15. What kinds of controls over automated data (computers/laptops, cell phones)?
  16. What steps have been taken to protect data security?


For more information on the subject of compliance risk assessments and evaluation, contact Kashish Parikh-Chopra, JD at kchopra@strategicm.com or (703) 535-1413.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.