MD - Health Care Compliance Association

More documents

Recommendations

Info

A new value proposition ...continued from page 41 officer responsible for coordinating all compliance efforts can result in an integrated and more effective compliance program. Although SOX 404 focuses on the COSO objective of the reliability of financial reporting, there are areas where there will be overlap with internal controls over operations and compliance with applicable regulations. 12 Some compliance controls may be relevant to financial reporting, thus there is the prospect of including the COSO compliance objective with SOX financial reporting control efforts to further drive business performance. A compliance officer can also play a role in a company’s disclosure controls and procedures under SOX section 302, particularly non-financial information that is required by the SEC to be divulged. Moreover, for complex industries, an ineffective regulatory compliance function in which violations of laws and regulations could have a material effect on the reliability of financial reporting is said to be regarded as at least a significant deficiency and a strong indicator of a material weakness under the new auditing standard. 13 Reliance on compliance work and activities by external auditors. Another opportunity arises from the flexibility that public auditors are afforded under the new auditing standard established by the PCAOB, to use the work of others when evaluating internal control effectiveness. The PCAOB notes that this is “strong encouragement for companies to develop high-quality internal audit, compliance, and other such functions” 14 (emphasis added). Accordingly the work of the compliance program can serve a dual purpose in supporting an efficient audit of internal control, while providing documentation of the effectiveness of the compliance program itself. Areas of overlap under COSO. A significant area of overlap between SOX 404 and the FSG involves control environment objectives under COSO. Several control environment factors entail activities that have become the province of the compliance program. For example, the integrity and ethical values attribute involves the code of conduct which is a compliance program responsibility where the function exists. The hotline is often managed by the compliance department and can be viewed as a control environment and/or information and communication factor. Training on the code of conduct and fraud areas is considered an attribute under information and communication. Many of the human resource policies and practices attributes under the control environment entail features of a compliance program under the FSG (e.g., employee background checks, appropriate incentives, and disciplinary practices). A new provision of the organizational sentencing guidelines is the importance of performing on-going risk assessments on the likelihood of compliance violations, and to use those results to modify features of the compliance program, and to prioritize compliance resources and activities. Again, this is similar to the expectations for fraud control under COSO and the PCAOB. If you can’t beat them, join them. In the health care and pharmaceutical industries and other highly regulated business sectors, compliance programs and senior compliance officers have become customary and an expectation of government regulators and enforcement agencies. Congress and government agencies have even made clear their perspective that a compliance function should be freestanding from the general counsel and the finance functions. 15 Not surprisingly, compliance programs did not become the norm until they were foisted on several organizations through agreements with the government known as corporate integrity agreements (CIA). The enforcement of the False Claims Act in health care resulted in CIAs that have mandated compliance programs, which essentially track the elements of an effective compliance program under the FSG. Interestingly, the SEC has started to require certain compliance measures, such as the appointment of a compliance officer, in a settlement through a consent judgment. 16 Already in response to the mutual fund scandals, we’ve seen the SEC issue a new rule requiring registered investment companies and advisors to designate a chief compliance officer, and to have ethics codes and policies and procedures designed to prevent violations of securities laws. So an additional benefit of being able to demonstrate the existence of an effective compliance program is that the SEC or other enforcement agency will be less likely to impose one on the program and/or will reduce the scope and extent of the CIA terms. Of course, this is in addition to the mitigation of penalties under the FSG for having an effective compliance program. The burdens of a mandated program are heavy indeed (annual reporting obligations, retention of an independent review organization, penalties for CIA failures, etc.). Finally—Effectiveness It has been implied in this discussion, that the existence of a compliance program with the features described in the FSG will constitute an effective one. In truth, it remains to be better defined what the government will accept as proof of an effective program. Unfortunately, data from the U.S. Sentencing Commission is somewhat limited in demonstrating any trends that the FSG may have on reducing penalties and influencing corporate behavior, and it is empirically difficult to test its impact. 17 Given the growing awareness of ethics and compliance programs, one might January 2006 42 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
expect a measurable impact of compliance program effectiveness on an organization’s financial reputation—however the direct impact is unclear. 18 Nonetheless it is clear there is growing awareness of the value of a compliance program. With the amended organizational guidelines coming into effect, it is expected that more specific methods for assessing and measuring effectiveness will result. Today’s leading companies are expected not only to produce superior goods and services but to adhere to basic ethical principles and exercise principled judgment in carrying out their affairs— including accepting responsibility for misdeeds. 19 New standards for corporate performance are emerging that encompass both financial and moral dimensions. If features of a compliance program that are reviewed under SOX 404 and PCAOB Auditing Standard Number 2 can pass muster with management’s own assessment, and the review of the public auditor, then a case can be made that those aspects of the compliance program are indeed effective. The more a compliance officer is integrated into SOX 404 efforts, and a compliance program is considered part of a company’s overall internal control framework, the more likely that concrete underlying structure and process measures can be gathered to validate the effectiveness and value of the program. At a minimum, the internal control work done for SOX 404 can be part of the regular review of the compliance program to assess how it is functioning. Internal controls are defined broadly and encompass more than financial reporting—it extend to every significant goal a company has established. The importance and relevance of a compliance program and officer should not be underestimated as the relationship between internal controls and management’s responsibilities becomes increasingly clear. ■ 1. Gary W. Thompson, “Multifaceted Approach to Corporate Governance Reform: The Role of Corporate Compliance Programs and Officers” in Prevention of Corporate Liability, Vol. 11, No. 8, 09/15/2003, pp. 97-99, 100 (Washington, D.C., BNA, Inc.). 2. See e.g., Insurance Fraud: The Quiet Catastrophe (Insurance Research and Publications, Conning and Company, 1996), an insurance industry study which defined return on investment (ROI) as the ratio of money saved to money spent fighting fraud, and found an average ROI of $6.88 (Referenced by the Coalition Against Insurance Fraud at www.insurancefraud.org/rc_research_set.html); Seizing the Opportunity, Part One: Benchmarking Compliance Programmes (Corporate Executive Board, General Counsel Roundtable, 2003), which found that each additional dollar spent on compliance, returns $5.21 on average. Also, the National Healthcare Anti-Fraud Association purportedly maintains information of the ROI of the special investigations units of its member organizations. (See reference to Annual Anti-Fraud Management Survey Report at www.nhcaa.org/about_nhcaa/). 3. COSO issued Internal Control—Integrated Framework in 1992, and recently issued Enterprise Risk Management— Integrated Framework. More information on COSO and its frameworks can be found at http://www.coso.org/. 4. Sarbanes-Oxley Act, 15 U.S.C. §7202 (2002). In particular, see the internal control requirements under §404 of SOX. 5. PCAOB Release No. 2004-001 (March 9, 2004), p. 2. 6. PCAOB Auditing Standard No. 2, para. 14. 7. PCAOB Release No. 2004-001 (March 9, 2004) pp. 4, 24; Auditing Standard No. 2, paras. 24, 25, 40, 53, 115. 8. PCAOB Auditing Standard No. 2, paras. 25, 52, 53. 9. U.S. Sentencing Commission Guidelines, Guidelines Manual, 8A1.2, comment note 3(k)(7). 10. Federal Prosecutions of Business Organizations (the Thompson Memo), United States Attorneys’ Manual, Department of Justice, Title 9 (Criminal Resource Manual), No. 162, VII-B. See http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/t itle9/crm00162.htm. 11. The amendments go into effect on November 1, 2004, unless Congress disapproves. An executive summary and the full report of the amendments can be found at the U.S. Sentencing Commission Web site located at www.ussc.gov. The case Blakely v. Washington has raised issues about the constitutionality of the federal sentencing guidelines. The U.S. Supreme Court has heard two cases on the use of the sentencing guidelines. 12. See PCAOB Auditing Standard No. 2, para. 15. 13. PCAOB Auditing Standard No. 2, para. 140. 14. PCAOB Release No. 2004-001 (March 9, 2004), p. 19. 15. Guidance provided by the United States Department of Health and Human Services’ Office of the Inspector General (OIG) indicates that it is “not advisable for the compliance function to be subordinate to . . . the general counsel or controller or similar financial officer” which can be found in the voluntary compliance program guidances issued by the OIG (see http://oig.hhs.gov/fraud/complianceguidance.html). U.S. Senator Grassley has stated there is an inherent conflict with the compliance officer and general counsel being the same person (see Grassley investigates Tenet Health care’s Use of Federal Tax Dollars, September 25, 2003, letter to Tenet Healthcare Corporation). 16. See Gary W. Thompson, “Is the SEC Learning to Spell CIA: The Prospect of Mandated Corporate Compliance in SEC Enforcement Actions” in Corporate Accountability Report, Vol. 1, No. 34, 09/19/2003, pp. 920-921 (Washington, D.C., BNA, Inc.). 17. See discussion on the sentencing data and the impact of the FSG in the Report of the Ad Hoc Advisory Group on the Organizational Sentencing Guidelines (October 7, 2003). The report can be found at the U.S. Sentencing Commission website located at www.ussc.gov. 18. The link between corporate profits and corporate citizenship has been studied for decades without resolution. Some surveys have found that customer loyalty, employee retention and reputation are positively impacted by corporate responsibility. See Joshua Daniel Margolis and James Patrick Walsh, People and Profits The Search for a Link Between a Company’s Social and Financial Performance (Mahwah, NJ: Lawrence Erlbaum Associates Publishers, 2001) which summarizes studies utilizing various accounting, market, and outcome indicators. 19. See generally Lynn Sharp Paine, Value Shift: Why Companies Must Merge Social and Financial Imperatives to Achieve Superior Performance (New York, NY: McGraw- Hill, 2003), for discussion on how companies are being measured against performance standards that are qualitatively different from those in the past. Register Now! HCCA COMPLIANCE ACADEMIES ■ March 20-23, 2006 Hilton Dallas Lincoln Centre Dallas, TX ■ June 5-8, 2006 Hilton Scottsdale Resort & Villas Scottsdale, AZ For more information or to register, visit HCCA’s Web site at www.hcca-info.org or call HCCA at 888-580-8373. Health Care Compliance Association • 888-580-8373 • www.hcca-info.org January 2006 43
Page 1 and 2: Volume Eight Number One January 200
Page 3 and 4: ASK ON THE LEADERSHIP ONCALENDAR JO
Page 5 and 6: Join us for the following HCCA Audi
Page 7 and 8: in 2006 will assess hospital compli
Page 9 and 10: By Susan C. L. Theuns Editor’s no
Page 11 and 12: ■ ABNs were used for preventive c
Page 13 and 14: Figure 1: ABN Reference Guide Servi
Page 15 and 16: feature article Editor’s note: Th
Page 17 and 18: GJ: Yes. The Fraud, Waste, and Abus
Page 20: ■ There will be Compliance expert
Page 23 and 24: Here’s your chance to share your
Page 25: espective nonprofit law compliance
Page 29 and 30: suffix that identifies package size
Page 31 and 32: By José A. Tabuena JOSÉ A. TABUEN
Page 33 and 34: AP: As far as the Auditing and Moni
Page 35 and 36: that would provide the intelligence
Page 37 and 38: Case study of Dana Farber Cancer In
Page 39 and 40: JOSEPH M. WATT ■ Solicit staff an
Page 41: including the three objectives set
Page 46 and 47: New HCCA Members ...continued from
Page 48: C ORPORATE C OMPLIANCE & ETHICS: G

MD - Health Care Compliance Association

Create successful ePaper yourself

Delete template?

Save as template?