Measuring Program Effectiveness

Sample Compliance Elements Measurement Chart

By Betsy Wade, MPH, CHC, CNA

Element 1: Standards, Policies, and Procedures

What to Measure

How to Measure

Comments

Access

1.1

Accessibility

  • Review link to employee accessible website/intranet that includes the Code of Conduct

  • Survey ‐ Can you readily access or reference policies and procedures? (Yes/No/Don't know)

  • Survey ‐ How and where do employees actually access policies and procedures?

  • Test key word search (searchable)

  • Audit and interview staff to show policies

1.2

Actual Access

Audit how many actual "hits" on policies and procedures

1.3

Accessible language for code, standards and policies

Flesch Kincaid measuring standard – no more than 10th grade reading level

1.4

Compliance program awareness and communication

  • Survey employees to determine the extent to which the code of conduct and other compliance communications are available to employees

  • Review to ensure the standards, policies, and awareness material is updated and distributed within organization’s guidelines

1.5

Impaired or disabled accessibility

Review accessibility options. Look at methods and speak to individuals.

1.6

Policy communication

Communication strategy of policies

1.7

Availability of policy content

Conduct surveys and observation

Accountability

1.8

Accountability

Policy Coordinator designated

1.9

Ownership and accountability of policies

Audit process of how policies get enforced by chain of command when compliance is not the final approver. Is management taking responsibility for implementing and following policies?

1.10

Routine policies and procedures

Confirm that listed owner of each policy and procedure is the actual owner.

Review/Approval Process

1.11

Annual review and Board approval of Compliance Plan

Audit: Review of Board minutes

1.12

Compliance documentation operations manual

Compliance or other oversight committee to review annually to ensure it is up to date.

1.13

Maintenance of policies

Check last review or revision

1.14

Number of policies reviewed and is the review timely

Process review/audit. Use checklist to ensure all basic policy elements are in place, updated consistently and reviewed/approved by appropriate parties.

1.15

Policy approvals

Checklist audit. Create list of policies, review committee and board minutes to ensure all approvals have been obtained.

1.16

Policy review process

Audit process by which policies and procedures are prepared, approved, disseminated, etc.

1.17

Process for ensuring full organizational participation in policy and procedure development

Review documentation/minutes to verify input considered and solicited for policy and procedure development and review

1.18

Process for review and approving

Check for written process

Quality

1.19

Are policies (and procedures) as good as industry practice

Peer reviews

1.20

Integrity of Process for developing and implementing policies and procedures

Audit policy and procedure on policy and procedures

1.21

Language and reading level of policies

Are policies written in plain language, appropriate grade reading level and written in applicable languages for organization? Policy review, Word grade level review and interviews of staff to make sure they understand.

1.22

Language translation

Audit or process review. Are policies and the code of conduct translated into appropriate languages for organization?

1.23

Usefulness

SURVEY ‐ Do department policies and procedures assist you in doing your job effectively? (Yes/No/Don't know)

1.24

Need for policies that don’t exist

Interview staff to determine if they need the certain policies to strengthen internal controls.

1.25

Policies and procedures

Request review from external experts

Assessment

1.26

Assessment of all company policies

Check list of policies; which are compliance and which are business

1.27

Essential compliance policies and procedures exist

Can staff actually articulate policies and procedures; test staff

1.28

Existence of procedure to support policy

Audit for procedure to support policy

1.29

Fundamental policies and procedures in place

Have focus groups of work units/departments to determine whether they understand the policies and procedures necessary to do their jobs.

1.30

Identifiability

  • Index of policies available and current

  • Numbered policies, not just titles

1.31

List of policies are applicable to employees

Supervisors to assess direct staff

1.32

Are those affected by policy given the opportunity to weigh in on policy when developed?

Focus groups and interviews of those affected by policy.

1.33

List of required policies

Create checklist to make sure minimum policies are in place and then audit against the list.

1.34

Effectiveness of policies

Effectiveness of policies based on the submission hotline calls

1.35

Policies and procedures that have been identified as part of corrective action

Process review. Conduct annual meeting with compliance and legal to look at databases and control and prioritize review to ensure implementation and ongoing compliance with policies and procedures.

1.36

Policies for high risk and operational areas

Audit

1.37

Policies, standards and procedures are based on assessed risks

Risk assessment, policy exists for each risk identified in the risk assessment (coverage of a specific risk topic)

1.38

Policy inventory to ensure no overlap and contradiction of policies

Create inventory and analyze inventory. Analyze and review past efforts. Look at various departments that might have overlapping policies.

1.39

Policy review following investigation/issue

Top policies implicated in an investigation are reviewed to determine if policy ambiguous, complex, fails to adequately safeguard issues. Validate through audit.

1.40

Routine policies and procedures are addressed and filter down.

Review department and committee agendas to ensure policies are addressed

Code of Conduct

1.41

Code of Conduct

Audit: Review dates, board approvals, distribution processes, attestations, survey employees for understanding, conduct focus groups.

1.42

Compliance program awareness and communication

Survey employees to determine the extent to which they know the content of the Standards of Conduct (SOC) and how to access it.

1.43

Integrate mission, vision, values, and ethical principles with code of conduct

Compare code with mission and vision statements to see if it includes elements/statements. Check to see if code is accessible to employees

1.44

Maintenance of code of conduct

Is code written, posted for employees, documented frequency of reviews, and survey/test employees on ability to locate it

1.45

Distribution

Documentation of Code of Conduct distribution tracking and results over past two years for all employees, employed physicians, allied health professionals, independent (contracted) physicians, volunteers and vendors/contractor/consultants in the organization

1.46

Orientation

Audit to ensure all employees receive orientation to the SOC and compliance policies within 30 days of hire.

1.47

Staff understanding of code of conduct and policies and procedures

  • Review test scores after training.

  • Conduct interviews.

Updates

1.48

Compliance program communication of rule changes

Review periodically and at rule changes – Audit to ensure there is adequate communication to employees, including changes in policy/procedure.

1.49

New and updated policy distribution and education of appropriate staff

Process review ‐ Does organization have formal process to make workforce aware of new policies or changes in policies?

1.50

Practices implemented after new policy

Audit practices and review committee minutes and other documentation to determine how new policies are implemented.

Understanding

1.51

Understanding of Policies/Procedures

  • Conduct surveys and/or focus groups on specific policies

  • Audit adherence to policy/procedure

1.52

Orientation

Ensure employees are provided instruction by knowledgeable personnel for questions/clarity

1.53

Policies reflect practice

Use policies as audit tool and then interview, observe and conduct document review to ensure policies are being followed.

1.54

Questions asked by employees

System in place to track employee questions and concerns to ensure consistent guidance. Track departments where questions come from to deploy additional education where necessary.

1.55

Understandable to board and c‐suite

Test board and c‐suite on location and understanding

1.56

Understandable to employees

  • Reading comprehension test

  • Situational tests

  • Test of location

Compliance Plan

1.57

Maintain compliance plan and program

Review written plan or written schedule of compliance activities

1.58

Maintain compliance department operations manual

  • Audit existence of written manual, handbook, or reference guide

  • Test whether the manual is current

Confidentiality Statements

1.59

Verify maintenance of appropriate confidentiality policies

  • Audit procedure for obtaining confidentiality statements from employees

  • Audit employee files for signed confidentiality statements from employees

Enforcement

1.60

Compliance with policies

Conduct interviews, observation.

1.61

Policy violations

Audit policy and procedures to make sure practice consistent with policy.

1.62

Adherence to policies and procedures for cases involving patient harm and reporting to regulatory agency

Review policies and procedures and cases involving patient harm and validate proper reporting to regulatory agency

Element 2: Compliance Program Administration

What to Measure

How to Measure

Comments

Board of Directors

2.1

Active Board of Directors

  • Review minutes of meetings where Compliance Officer reports in‐person to the Audit and Compliance Committee of the Board of Directors on a quarterly basis

  • Conduct inventory of reports given to board and applicable committees.

2.2

Board understanding and oversight of their responsibilities

  • Review of training and responsibilities as reflected in meeting minutes and other documents (training materials, newsletters, etc.). Do minutes reflect board’s understanding?

  • Review/audit board education – how often is it conducted? Conduct interviews to assess board understanding.

2.3

Appropriate escalation to oversight body

  • Review minutes/checklist in compliance officer files

2.4

Commitment from top

  • Review compliance program resources (budget, staff).

  • Review documentation to ensure staff, board and management are actively involved in the program.

  • Conduct interviews of board, management and staff.

2.5

Process for escalation and accountability

Process review (document review, interviews, etc.). Is there timely reporting and resolution of matters?

Compliance Budget

2.6

Appropriate oversight of budget

Review charter of governing body (Board) to verify it includes approval of compliance budget

2.7

Budget is based on an assessment of risk and program improvement/effectiveness

Is the Board’s approval of the budget based on identified risks and effectiveness evaluation/program improvement?

2.8

Sufficient compliance program resources (budget, staffing)

Review budget and staffing to ensure significant risks are managed appropriately

Compliance Committees

2.9

Active involvement of compliance committee members

Track percentage of attendance of each compliance committee member over the last year

2.10

Assure that the compliance oversight committee goals and functions are outlined

Review charter of committee

2.11

Committee structure

Review documentation of structure of committees as well as charters. Ensure no conflicting charters.

2.12

Compliance committee composition and attendance

Review charter and minutes to assure attendance.

2.13

Cascade administration of compliance program throughout the organization

Different operational areas give some certification/disclosure to the compliance office

2.14

Composition of Compliance Committee

Review organizational chart to validate correct composition

2.15

Effectiveness of compliance committee meetings

Keep executive report card by member qualitative/quantitative with indicators of contribution on topics

2.16

Engagement

In the last two years, have the compliance committee meetings been held in accordance with the charter?

2.17

Engagement of Directors/Managers

Review committee structure to evaluate how directors/managers are participating in Compliance Operational Committee(s) meeting includes agenda, minutes, attendance and reports from subcommittees

2.18

Executive Leadership engaged in Compliance Program

Review frequency of meetings, membership, attendance, agenda and minutes over the past year of the Compliance Executive Committee to include all members of the Senior Executive team receiving information directly from the Compliance Officer

Accountability

2.19

Leadership accountability

Audit documentation and conduct interviews. Some examples might include:

  • Employee education completion rates

  • Demonstration of promotion of compliance (e.g., town hall meeting presentations, newsletters, etc.)

  • Completion of audit or review action items within established time frame

2.20

Management accountability for compliance

Process and document review and interviews.

  • Is there a mapping of operational or management responsible for championing compliance?

  • Is there a mapping of management responsible for key areas of compliance to ensure accountability?

  • Does top management support the compliance team?

Compliance Officer

2.21

Competency

  • Certification (CHC, CHPC, CHRC)

  • Annual evaluation, coaching, corrective action, professional development

2.22

Is the compliance officer a key stakeholder in the strategic initiatives of the organization

  • Review participation of compliance officer in strategic planning process and due diligence processes.

2.23

Compliance department involvement in enterprise‐wide initiatives/entities/strategies (e.g., involvement or penetration in joint venture initiatives and other organizational inventory)

  • Process review, including review of organizational chart to ensure compliance captures enterprise‐wide entities.

  • Interviews with compliance and other committees.

2.24

Compliance independence/compliance structure

  • Does the reporting structure reflects the "express" authority required?

  • Audit program charters (compliance program or Audit committee)

2.25

Compliance integration

Audit to determine the extent to which compliance officer is involved in training, policy development, marketing and other operational aspects of the business

2.26

Compliance Officer reporting structure and oversight to ensure direct access to C suite and board

  • Document review ‐ Look at organizational chart and conduct interviews.

  • Review board minutes and documentation that there are regular meetings with CEO and or appropriate parties.

  • Ensure compliance officer has authority and is comfortable to go to board.

2.27

Compliance officer’s independence/objectivity

  • Review compliance officer’s job description. Does s/he report directly to CEO, board (not CFO or Legal)? Conduct interviews, focused groups, audit.

  • Seating location of compliance with the business, senior teams are together, and dotted line on org chart

  • Interview compliance officer to see if they feel they have independence, do they document disagreements, is there executive session for audit committee.

  • Interview the board, review minutes, and interview the CCO

  • Review of written organizational structure

  • Verify the Compliance Officer has the independent authority to retain outside legal counsel

  • Review if there is screening of compliance officer material to the Board of Directors

  • Regular executive session of the Compliance Officer with the Audit and Compliance Committee of the Board

2.28

Credibility of compliance officer

Job Description review, ongoing training of compliance officer, basic competencies, certifications, reporting structure

2.29

How much authority does the compliance officer have to start a working group to look at changes?

  • Have needed changes been made, and if not, why not?

  • What authority does the compliance officer have and how does he or she exercise it?

  • Where is the compliance team with regards to identifying working groups to help attack a new compliance risk?

2.30

How supported the compliance officer feels

  • Interview compliance officer;

  • Documentation review.

2.31

Organizational perception of compliance officer and corporate compliance program

Survey employees regarding:

  • Their perception of the compliance officer role.

  • Whether they know who the compliance team is, how to get to them and, what to tell them.

  • Is the compliance staff approachable?

  • Are the compliance staff solution facilitators or looked at as the organizational police force?

2.32

Compliance problem solving and adequacy of process

Process review

Staffing

2.33

Adequacy of staffing and resources

  • FTEs assigned to compliance function

  • Review compliance matters and if they have been addressed timely.

  • Review and ensure policies and procedures are implemented and being followed.

  • Review documentation of reports to committee(s) and board.

  • Assess status of work plan and any delays.

  • Ensure documentation of risk assessment.

  • Review documentation regarding discussions at board level regarding budget.

  • Review benchmarking data from similar entities.

2.34

Assurance of staffing

Review qualifications of staff; ratio of compliance staff to business, compensation to the business

2.35

Adequacy of compliance staff based on risk assessment

Risk assessment considers the number and competency of staff required to address risk

Compliance Plan

2.36

Compliance plan assessments

  • Document review, including compliance plan and policies.

  • Is there an external review conducted periodically?

  • What is the role of internal audit with regarding to compliance?

  • How does internal audit interact with compliance?

  • Benchmark program with similar sizes within the same industry

2.37

Compliance plan process

Audit process for development of the annual compliance plan.

2.38

Compliance organization

Assess the positioning and effectiveness of the compliance organization staff, titles, organizational chart, pay, promotion records compared to other areas within the organization

2.39

Document that establishes the authority of the program

Document review, meeting minutes for approval.

2.40

Perception of compliance program

Survey employees

Culture

2.41

Accountability

SURVEY ‐ Does the compliance department have an impact on how you do your job? (Yes/No/Don't know)

2.42

Accuracy and Trust in Monitoring

SURVEY: Do you believe the information from your department is reported with a high degree of integrity and accuracy? (Yes/ No/Don’t know)

2.43

Culture

Conduct cultural survey (interviews, confidential surveys, focus groups, etc.) and report findings to compliance committee and board. Review minutes to ensure report out and action plan established.

2.44

Effectiveness of compliance program in the field

Survey of field compliance people

2.45

What is company doing to drive compliance culture?

Surveys.

  • What does company incentivize?

  • What does the company promote and look down on?

  • Is compliance program tied to mission, vision, values?

2.46

Employee comments from “Rounding”

Audit the tracking of what employees report when proactively asked by compliance department (or leadership, etc.) and how this information is managed and reported.

2.47

Measuring effectiveness of executive communication on compliance

Track on‐line engagement (clicks) and survey audience

Incentives

2.48

Aligning performance management system (promotion system) with ethics and compliance objectives

Audit criteria of promotion, bonuses and assignments

2.49

Compliance and Ethics Role/participation for developing the incentive system

Have an outside independent expert audit the incentive system and compliance officer's participation

2.50

Is incentive system consistent with compliance program

Employee Survey

Performance Evaluations

2.51

Proper alignment of compliance objectives with organizational performance incentives (promotions/performance appraisals/bonuses)

  • Audit disciplinary records and performance evaluations for consistency with compliance

  • Audit/Review of process for performance incentives (promotions/performance appraisals/bonuses) criteria to include compliance components

2.52

“Compliance” as a performance appraisal element

  • Audit performance appraisals. Some options include:

    • Acknowledgment of no disciplinary action

    • Education completion

    • Documentation of promotion of compliance

  • Are merit increases tied to performance?

  • Does completion of compliance education, promotion of compliance through words, actions or no documented disciplinary action and/or, completion of corrective action plans within the due dates play a role into the calculation of merit increase?

  • Compliance is part of the annual performance evaluation and HR knows how to evaluate issues for compliance

2.53

Manager performance evaluations

Managers have open door policy, communicate compliance directives/initiatives, address compliance matters and effectiveness is noted in performance evaluation.

2.54

Is compliance taken into account in promotion decisions?

Review promotion lists and documentation to support promotion. Did the individual actively promote compliance?

2.55

Organizational Retaliation

Track whistleblower promotion, bonuses, sick days, disciplinary, corrective action measures and exit interview over long term

Risk Assessments

2.56

Compliance Resource knowledge and competence

Survey, focus groups and interviews

2.57

Compliance staff knowledge of current regulatory changes and laws

Document review and interviews. Review certificates of attendance at conferences/other educational events, “tools” used to keep compliance staff current, compliance budget (to support access to current regulatory changes and laws).

2.58

Monitoring of regulations that impact the organization

Document and process review, interviews.

  • Is there a policy and procedure?

  • Is there evidence that regulations, etc. are disseminated and implemented?

  • Are there designated individual(s) that monitor laws, regulations, policies that impact organization?

  • How do they get the information and what do they do with it to make sure it gets to the right people?

2.59

Risk Assessment Cycle

  • Audit adherence to risk assessment cycle

  • Annual documented risk assessment has been communicated to oversight committee

2.60

Risk based work plan that covers compliance plan elements with board approval and regular reporting on those projects to board

Compliance Committee and board minutes review.

2.61

Work plan development based on risk assessment

Process and document review.

2.62

Prioritization of risk and consultation with applicable risk partners (i.e., legal, HR, IT, risk management, etc.)

Documentation and process review. Is there a risk based plan? How was it developed?

2.63

Exit interview

Compliance concerns that come up in exit interviews are addressed

Compliance Work Plan

2.64

Compliance work plan

Audit to ensure the work plan is developed and implemented and it is followed‐through and outcomes are reported to compliance committee or to governing body

2.65

Effectiveness of compliance program

Written annual work plan that includes minutes

Legal Counsel's Role

2.66

Role of counsel in compliance process

Interview counsel regarding their involvement.

  • When are they brought into matters?

  • Where is counsel situated in relation to compliance officer on organizational chart?

2.67

Existence and adherence to policy on involvement of legal in handling matters under privilege

Review policy and sample areas that were referred to legal followed the policy

Other

2.68

Job descriptions of management

Review of management job descriptions. Do managers have concrete compliance deliverables other than training and abiding by Code of Conduct?

This document is only available to subscribers. Please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings