RYAN MEADE, JD, CHRC, CHC-F DIRECTOR, REGULATORY COMPLIANCE STUDIES LOYOLA UNIVERSITY CHICAGO SCHOOL OF LAW HOW COMPLIANCE PROGRAMS ASSIST IN ENTERPRISE RISK MANAGEMENT
Topics/Agenda Using Compliance Programs to Assist in Enterprise Risk Management 1.What is enterprise risk management? 2.What is a compliance program? 3.How do they tie together? 2 2
Setting the Stage—Defining the Expectation Setting the Stage—Defining the Expectation 3
What is Enterprise Risk Management? 4 Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (COSO) 4
What is Enterprise Risk Management? Core Principles: Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and cross-enterprise risks Improving deployment of capital (COSO) 5
What is a Compliance Program? 6 A system of policies and procedures developed to ensure compliance with and conformity to all applicable federal and state laws governing the organization.
What is a Compliance Program? Core Principles: Appreciation of regulatory landscape Consistent approach to regulations Education on policies Auditing of activity Discipline and corrective action when noncompliant 7
What is a Compliance Program? Key Characteristics: Fluid and able to evolve as standards, regulations, laws, and the organization changes. Embedded within organizational culture. Enables employees of an organization to conduct business practices in an ethical manner. Resources and information disseminated by those accountable for the maintenance of the Compliance Program make it easier for employees to do the ‘right’ thing. 8
What is a Compliance Program? Regulatory scope of health care provider compliance programs: Billing to federal health care programs Privacy and security of data Referral relationships Physician arrangements Clinical research (if applicable) Tax-exemption (if applicable) Other areas applicable to the organization’s business 9
Why are Compliance Programs Important? Defines ethical and proper way to do business. Communicates commitment. – Abide by relevant laws and regulations of federal and state government. It needs to become a part of everyday life in your entity. Encourages problems to be reported. – Employees need to actually feel that it is their responsibility. There should be no retribution for those who report problems. By reporting problems and then working to find a solution, this will diminish the likelihood of qui-tam (whistleblower) suits. Documents actions. 10
Why are Compliance Programs Important? Raises Awareness. Provides constant monitoring. – Don’t be afraid to make changes. Work together to make the best plan for your entity. If the Plan is developed and put on the shelf it can spell danger, since the organization knew what it should do and did not do it. Recommended/required by government. – The requirement for an effective compliance program for healthcare organizations is transitioning from voluntary to mandatory, with the requirement in the Affordable Care Act (ACA) in 2010 that healthcare providers applying to enroll as Medicare providers have a compliance program in place. 11
Why are Compliance Programs Important? Can Help An Organization Avoid Many Undesirable / Unanticipated Adverse Impacts. Reputational Impact – No organization wants to become the “poster child” for wrong doing. – Countless cases of adverse enforcement activity have brought considerable unwanted attention to businesses. Regulatory Impact – CIAs, CCAs, DPAs. – Suspension, debarment, and exclusion of individuals engaged in non-compliant activity. – Additional monitoring. 12
Why are Compliance Programs Important? Other Reasons – Adopting a compliance program concretely demonstrates to the community at large that an organization has a strong commitment to honesty and responsible corporate citizenship. – Compliance programs reinforce employees’ innate sense of right and wrong. – Compliance programs are cost effective. – A compliance program provides a more accurate view of employee and contractor behavior relating to fraud and abuse. – The quality of services and products produced are enhanced by an effective compliance program. 13
Why are Compliance Programs Important? Other Reasons (continued) – A compliance program provides procedures to promptly correct misconduct. – An effective compliance program may mitigate any sanction imposed by the government. – Voluntarily implementing a compliance program is preferable to waiting for the government to pursue a more punitive action. – Effective corporate compliance programs may protect corporate officers & directors from personal liability. Yates memo 14
The Seven Elements of an The Seven Elements of anEffective Compliance Program 15
The Seven Elements 1. Standards & Procedures 2. Oversight 3. Management Due Diligence 4. Communication & Training 5. Auditing & Monitoring 6. Enforcement & Discipline 7. Response & Prevention plus 8. (Routine) Risk Assessment 16
1.Standards & Procedures – These documents are the fabric of the organization and the “navigation system” for complying with laws and regulations. – Tools to ensure consistent processes and practices. 17 The Seven Elements
2.Oversight – Resource for legal and regulatory inquiries. – Oversee compliance program and compliance committee operations. – Respond to reported compliance questions and investigates issues of non-compliance. – Generally, this element establishes the expectation for an independent, leadership level Compliance Officer and Compliance Committee. 18 The Seven Elements
3.Auditing & Monitoring Implement systems and controls to monitor organizations compliance risks. Provide external audits. Audit policies, procedures and Standards effectiveness. 19 The Seven Elements
4. Education & Training – Demonstrate the health systems commitment to compliance/ethical behavior. – Raise awareness of compliance and staff accountability. – Inform an educate staff regarding high risk areas of compliance. 20 The Seven Elements
5. Enforcement & Discipline – Disciplinary action must be consistent with the violations, regardless of one’s level in an organization. – Uniform application of the rules. – Motivate employees to adopt compliant business practices. 21 The Seven Elements
6.Communication – Promote open communication throughout the organization. – Provide a process for reporting confidential complaints. – Deploy a hotline 22 The Seven Elements
7.Response and Reporting – Report and respond to concerns of non compliance. – Oversee internal and external investigations. – Create process and systems to correct and prevent errors. 23 The Seven Elements
8. (Routine) Risk Assessments – Mark of an effective program? – Kick the tires. – How are we doing? – Reassess risk environment 24 The Seven Elements (…maybe eight)
Characteristics of “Ineffective” Compliance Programs There are various factors and potential obstacles that could jeopardize effectiveness of a compliance program. – Lack of funding. – Compliance professionals spread too thin. – Misinterpretations of laws and regulations. – Lack of sufficient (or qualified) staff. – Resistance to change. – Lack of (or poor) communication. – Fear of retaliation / retribution. – No internal or uniform approach to enforcement. 25
Back to the start…. What is Enterprise Risk Management? Core Principles: Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and cross-enterprise risks Improving deployment of capital 26
Questions? 27