Tool for Compliance Officers: How Is My Compliance Program Doing?

By Nina Youngstrom

This questionnaire was developed to help compliance officers routinely self-monitor the effectiveness of their compliance programs in between third-party reviews. “It’s their own tool,” said Mark Pastin, president of Health Ethics Trust. “This is an insurance policy for compliance officers to implement.” It was updated to incorporate the Department of Justice’s 2020 version of the Evaluation of Corporate Compliance Programs.[1] Contact Pastin at mpastin@corporateethics.com.

Compliance Officer’s Compliance Oversight Questionnaire

The Health Trust has provided many questionnaires for Boards to use in providing meaningful oversight to their organizations’ compliance programs. We now find forward-thinking chief compliance officers (CCOs) asking these same questions of their own programs to test program effectiveness. It is easy to form an optimistic view of your own efforts, but it is critical to know the truth about your compliance program.

OVERSIGHT QUESTIONS FOR THE CHIEF COMPLIANCE OFFICER

The following questions should be asked by the CCO to determine: (a) how well the program has been constituted, (b) the level of Board and management support for the program, and (c) the program’s success in meeting the organization’s goals and expectations.

I. STRUCTURAL QUESTIONS

  1. Is the structure of the Compliance Program adequate and appropriate given the complexity of the organization?

    1. If not, do you have suggestions on how the program structure should be modified/improved?

  2. Did the Board have input into the creation of the Compliance Program structure?

  3. Am I, as CCO, formally appointed by the Board?

  4. Do I have unimpeded access to the Board (or an appropriate committee of the Board) whenever I deem it to be necessary?

  5. Do I routinely report on the progress of the program to the Board?

    1. If so, how often are such reports given?

    2. Have members of the Board/Committee of the Board specified the type of information they wish to receive from the CCO?

  6. Has the Compliance Program been given adequate resources by the Board and/or Executive Management to successfully meet its operational goals?

    1. If not, what additional resources are necessary?

  7. How has the Board and/or Executive Management determined the adequacy of the resources it has dedicated to the Compliance Program?

II. OPERATIONAL QUESTIONS

  1. Has the code of conduct been incorporated into policies across the organization?

  2. How do I determine whether all business units/facilities/departments have implemented compliance-related policies?

  3. Does Executive Management have a process in place to ensure that corporate policies are uniformly adopted and implemented?

    1. If not, how does Executive Management ensure that all facilities and departments address compliance-related operational processes?

  4. Do I, as CCO, have sufficient authority to ensure that the Compliance Program meets its goals and objectives?

  5. Is the authority of the CCO supported by written resolution/minutes of the Board?

  6. Has Executive Management provided the CCO with the autonomy and resources necessary to perform their functions, including investigations of potential compliance problems and/or misconduct?

    1. If not, what suggestions would you make for improvement?

  7. Has the organization assigned compliance-related duties to designated individuals within appropriate levels of the organization to assist the CCO in implementing the program?

  8. Do you believe that there are any managers or departments that create roadblocks or impediments to the successful operation of the compliance program?

    1. If so, has the CCO addressed these concerns with the Board and/or Executive Management?

      1. If so, has corrective action been mandated or undertaken by the Board or Executive Management?

  9. Have the Board and/or Executive Management mandated that all employees receive compliance training on a periodic basis?

    1. If so, are department/facility/business unit managers held accountable to ensure that their employees receive training when scheduled?

  10. Has the effectiveness of compliance training been assessed? If so, how is effectiveness measured?

  11. How is the Board kept apprised of significant regulatory and industry developments that may affect the organization’s compliance risks?

  12. How is the Compliance Program structured to ensure that it addresses all compliance risks, including those that may arise due to changes in regulation and industry or organizational development?

  13. Does the organization periodically evaluate the effectiveness of the Compliance Program?

    1. If so, is the program modified or changed in accordance with findings of the evaluation process?

  14. Has the Compliance Program adopted investigatory processes to follow when determining the existence of potential compliance violations?

    1. Does the Compliance Office follow these processes in conducting compliance-related investigations?

    2. Do other functions provide appropriate and timely support?

    3. Do such processes address how to report verified violations when applicable to government authorities or other third parties?

  15. Does the CCO report all significant violations and/or episodes of noncompliance to Executive Management and/or the Board, as appropriate?

  16. Does the organization have policies specifying how disciplinary action will be undertaken in response to verified compliance violations?

    1. If so, does the organization follow such policies to ensure that appropriate and consistent disciplinary action is taken?

    2. Does the CCO believe that Executive Management is supportive of a consistent and appropriate disciplinary policy?

    3. If not, how can Executive Management support be improved?

  17. Has the organization adopted a corporate policy (policies) to protect anyone who reports a suspected compliance violation or incident of wrongdoing?

    1. Are all managers and supervisors aware of this policy?

    2. Does Executive Management ensure that violations of this policy (policies) will result in appropriate disciplinary action?

    3. Has this policy (policies) ever been enforced?

  18. What guidelines have been adopted by the Compliance Program for reporting compliance violations to the Board? Is it your practice to advise the CEO prior to making such reports unless the CEO is implicated in the report? Does Executive Management understand the necessity of such reporting?

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings