How does one measure effectiveness? In Wichita, Kansas, in 1876, when it came to town a Deputy Sheriff, the final measure was the elected government. On this day in that year, the town’s Commissioners voted not to extend the employment of Deputy Sheriff Wyatt Earp due to his violent behavior in assaulting a candidate for the town’s Sheriff. Perhaps the Commissioner did him (and his brothers) a favor as they all went on to achieve fame at the OK Corral in Tombstone, Arizona in 1881. However, on this day some five years earlier, the Commissioners of Wichita did not see it quite that way. But, as reported in This Day in History, the town newspaper conceded, “It is but justice to Earp to say he has made an excellent officer.”
Determining effectiveness has been on my mind in large part since the release of the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation). Obviously the new by-word from the Evaluation is operationalization but a key in determining operationalization is determining your compliance program effectiveness. Last month, the Health Care Compliance Association (HCCA) and the Department of Health and Human Services, Office of Inspector General (OIG) jointly issued a document to assist the compliance practitioner in this precise task. It is entitled “Measuring Compliance Program Effectiveness: A Resource Guide”.
The document is an excellent resource on not only “what to measure” but equally important “how to measure” the seven elements of a compliance program as detailed in the US Sentencing Guidelines. While the focus is towards the health care industry, the concepts are broad enough for any industry or compliance practitioner to use to determine the effectiveness of their compliance program. Did I mention the cost – it is available at no charge on the OIG website.
Sourced from the CHC Candidate Handbook for certification in health care compliance, each section, detailing one of the seven elements, begins with a list of issues which should be considered, they are as follows:
- Standards, Policies, and Procedures – 18 issues to be considered;
- Compliance Program Administration – 24 issues to be considered;
- Screening and Evaluation of Employees, Physicians, Vendors and other Agents – 8 issues to be considered;
- Communication, Education, and Training on Compliance Issues – 13 issues to be considered;
- Monitoring, Auditing, and Internal Reporting Systems – 17 issues to be considered;
- Discipline for Non‐Compliance – 9 issues to be considered; and
- Investigations and Remedial Measures – 18 issues to be considered.
Once again, although focused on health care compliance, the Resource Guide is practical for the non-health care compliance professional. Further, it ties into many of the concepts articulated in the Evaluation. For example, in the Evaluation, Prong 2. Senior and Middle Management, the following questions appear under the heading Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
In the Resource Guide, the following appears under Element 2: Compliance Program Administration, Board of Directors:
|What to Measure||How to Measure|
|2.1||Active Board of Directors||· Review minutes of meetings where Compliance Officer reports in‐person to the Audit and Compliance Committee of the Board of Directors on a quarterly basis
· Conduct inventory of reports given to board and applicable committees.
|2.2||Board understanding and oversight of their responsibilities||· Review of training and responsibilities as reflected in meeting minutes and other documents (training materials, newsletters, etc.). Do minutes reflect board’s understanding?
· Review/audit board education – how often is it conducted? Conduct interviews to assess board understanding.
|2.3||Appropriate escalation to oversight body||· Review minutes/checklist in compliance officer files|
|2.4||Commitment from top||· Review compliance program resources (budget, staff).
· Review documentation to ensure staff, board and management are actively involved in the program.
· Conduct interviews of board, management and staff.
|2.5||Process for escalation and accountability||Process review (document review, interviews, etc.). Is there timely reporting and resolution of matters?|
In the Evaluation under Prong 3. Autonomy and Resources, the following questions appear under the heading Funding and Resources – How have decisions been made about the allocation of personnel and resources for the compliance and relevant control functions in light of the company’s risk profile? Have there been times when requests for resources by the compliance and relevant control functions have been denied? If so, how have those decisions been made?
Under Element 2 in the Resource Guide, in the section entitled “Compliance Budget”, the following appears:
|What to Measure||How to Measure|
|2.6||Appropriate oversight of budget||Review charter of governing body (Board) to verify it includes approval of compliance budget|
|2.7||Budget is based on an assessment of risk and program improvement/effectiveness||Is the Board’s approval of the budget based on identified risks and effectiveness evaluation/program improvement?|
|2.8||Sufficient compliance program resources (budget, staffing)||Review budget and staffing to ensure significant risks are managed appropriately|
These are a just couple of examples of how a compliance professional can begin to think through the questions laid out by the DOJ in its Evaluation. Moreover, by using the Resource Guide, you will be able to more fully determine the operationalization of your compliance program. The stated purpose is to give compliance professionals “as many ideas as possible, be broad enough to help any type of organization, and let the organization choose which ones best suit its needs.” Yet it is decidedly not a checklist but rather allows any Chief Compliance Officer (CCO) to assess the effectiveness (and operationalization) of their program.
It also allows the tailoring and measurement of how you manage your company’s risks. As the Resource Guide states, “The frequency of use of any measurement should be based on the organization’s risk areas, size, resources, industry segment, etc. Each organization’s compliance program and effectiveness measurement process will be different.”
Both the HCCA and OIG are to be commended for this most useful tool. I urge you to review it and think about how you will demonstrate both your compliance program effectiveness and the operationalization of your compliance program through this or a similar exercise.
The HCCA-OIG Resource Tool is a great guide to help you measure compliance program effectiveness.Click to tweet
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017