MD - Health Care Compliance Association
MD - Health Care Compliance Association
MD - Health Care Compliance Association
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A new value proposition ...continued from page 41<br />
officer responsible for coordinating all compliance<br />
efforts can result in an integrated and more<br />
effective compliance program.<br />
Although SOX 404 focuses on the COSO<br />
objective of the reliability of financial reporting,<br />
there are areas where there will be overlap with<br />
internal controls over operations and compliance<br />
with applicable regulations. 12 Some compliance<br />
controls may be relevant to financial<br />
reporting, thus there is the prospect of including<br />
the COSO compliance objective with SOX<br />
financial reporting control efforts to further<br />
drive business performance. A compliance officer<br />
can also play a role in a company’s disclosure<br />
controls and procedures under SOX section<br />
302, particularly non-financial information that<br />
is required by the SEC to be divulged.<br />
Moreover, for complex industries, an ineffective<br />
regulatory compliance function in which violations<br />
of laws and regulations could have a material<br />
effect on the reliability of financial reporting<br />
is said to be regarded as at least a significant<br />
deficiency and a strong indicator of a material<br />
weakness under the new auditing standard. 13<br />
Reliance on compliance work and activities<br />
by external auditors. Another opportunity<br />
arises from the flexibility that public<br />
auditors are afforded under the new auditing<br />
standard established by the PCAOB, to use<br />
the work of others when evaluating internal<br />
control effectiveness. The PCAOB notes that<br />
this is “strong encouragement for companies<br />
to develop high-quality internal audit, compliance,<br />
and other such functions” 14 (emphasis<br />
added). Accordingly the work of the compliance<br />
program can serve a dual purpose in<br />
supporting an efficient audit of internal control,<br />
while providing documentation of the<br />
effectiveness of the compliance program itself.<br />
Areas of overlap under COSO. A significant<br />
area of overlap between SOX 404 and<br />
the FSG involves control environment objectives<br />
under COSO. Several control environment<br />
factors entail activities that have become<br />
the province of the compliance program. For<br />
example, the integrity and ethical values<br />
attribute involves the code of conduct which<br />
is a compliance program responsibility where<br />
the function exists. The hotline is often managed<br />
by the compliance department and can<br />
be viewed as a control environment and/or<br />
information and communication factor.<br />
Training on the code of conduct and fraud<br />
areas is considered an attribute under information<br />
and communication. Many of the human<br />
resource policies and practices attributes under<br />
the control environment entail features of a<br />
compliance program under the FSG (e.g.,<br />
employee background checks, appropriate<br />
incentives, and disciplinary practices).<br />
A new provision of the organizational sentencing<br />
guidelines is the importance of performing<br />
on-going risk assessments on the<br />
likelihood of compliance violations, and to<br />
use those results to modify features of the<br />
compliance program, and to prioritize compliance<br />
resources and activities. Again, this is<br />
similar to the expectations for fraud control<br />
under COSO and the PCAOB.<br />
If you can’t beat them, join them. In the<br />
health care and pharmaceutical industries and<br />
other highly regulated business sectors, compliance<br />
programs and senior compliance officers<br />
have become customary and an expectation<br />
of government regulators and enforcement<br />
agencies. Congress and government<br />
agencies have even made clear their perspective<br />
that a compliance function should be<br />
freestanding from the general counsel and the<br />
finance functions. 15 Not surprisingly, compliance<br />
programs did not become the norm<br />
until they were foisted on several organizations<br />
through agreements with the government<br />
known as corporate integrity agreements<br />
(CIA). The enforcement of the False<br />
Claims Act in health care resulted in CIAs<br />
that have mandated compliance programs,<br />
which essentially track the elements of an<br />
effective compliance program under the FSG.<br />
Interestingly, the SEC has started to require<br />
certain compliance measures, such as the<br />
appointment of a compliance officer, in a settlement<br />
through a consent judgment. 16<br />
Already in response to the mutual fund scandals,<br />
we’ve seen the SEC issue a new rule<br />
requiring registered investment companies<br />
and advisors to designate a chief compliance<br />
officer, and to have ethics codes and policies<br />
and procedures designed to prevent violations<br />
of securities laws.<br />
So an additional benefit of being able to<br />
demonstrate the existence of an effective<br />
compliance program is that the SEC or other<br />
enforcement agency will be less likely to<br />
impose one on the program and/or will<br />
reduce the scope and extent of the CIA<br />
terms. Of course, this is in addition to the<br />
mitigation of penalties under the FSG for<br />
having an effective compliance program. The<br />
burdens of a mandated program are heavy<br />
indeed (annual reporting obligations, retention<br />
of an independent review organization,<br />
penalties for CIA failures, etc.).<br />
Finally—Effectiveness<br />
It has been implied in this discussion, that the<br />
existence of a compliance program with the<br />
features described in the FSG will constitute<br />
an effective one. In truth, it remains to be<br />
better defined what the government will<br />
accept as proof of an effective program.<br />
Unfortunately, data from the U.S. Sentencing<br />
Commission is somewhat limited in demonstrating<br />
any trends that the FSG may have on<br />
reducing penalties and influencing corporate<br />
behavior, and it is empirically difficult to test<br />
its impact. 17 Given the growing awareness of<br />
ethics and compliance programs, one might<br />
January 2006<br />
42<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong> • 888-580-8373 • www.hcca-info.org