Blog Post

35 Compliance Questions That Board Committees Should Be Asking

The key to a successful compliance program (CP) lies in gaining board level interest and support by facilitating their understanding of its function and operation. The OIG compliance guidance calls for a board level committee to oversee the compliance program. It is critical that the board receives information allowing for a general understanding of the program and instruction on how to meet their oversight duties and obligations.

The HHS Inspector General, Dan Levinson, has noted that the best boards actively question and exercise constructive skepticism in their oversight. He further stated that boards have a duty to ask probing questions about the operation of the CP including on compliance reporting system functions and what compliance issue reports they can expect to receive.

The problem for most boards is in knowing what type of questions to ask. Compliance Officers (COs) should assist boards with this problem; however, COs should also be prepared to provide full and complete answers to the board. The OIG and American Health Lawyers Association (AHLA) developed advisory documents containing specific questions boards should ask about the CP and for which the CO should be prepared to provide proper responses. The following questions are drawn from these advisory documents:

  1. Does the CO have sufficient authority to implement the CP?
  2. What is the level of resources necessary to properly implement the CP?
  3. Has the CO been given the sufficient resources to carry out the mission?
  4. Have compliance-related responsibilities been delegated across all levels of management?
  5. What evidence is there that all employees are held equally accountable for compliance?
  6. How has the Code of Conduct been incorporated into corporate policies across the organization?
  7. What evidence is there that the Code of Conduct is understood and accepted across the organization?
  8. Has management taken affirmative steps to publicize the importance of the Code of Conduct to all of its employees?
  9. Have compliance-related policies been developed that address operational compliance risk areas?
  10. Are there policies and procedures for the CP operation and how often are they reviewed and updated?
  11. What kind of CP document management is used to ensure compliance-related documents are up to date?
  12. What is the scope of compliance-related education and training?
  13. What evidence is there that the CP training is effective?
  14. What measures are there to enforce training mandates and to provide remedial training as warranted?
  15. What evidence is there that employees understand what is expected of them regarding compliance?
  16. How are compliance risks identified?
  17. Is there evidence that identified compliance risks are being addressed?
  18. Is the Board kept up to date on regulatory and industry compliance risks?
  19. How is the compliance program structured to address such risks?
  20. How are “at risk” operations assessed from a compliance perspective?
  21. Is conformance with the CP periodically evaluated?
  22. Does the CP undergo periodical independent evaluation for its effectiveness?
  23. What is the process for the evaluation of and response to suspected compliance violations?
  24. What kind of training is provided to the individuals conducting investigations of reported violations?
  25. How do the CO, human resources management, and legal counsel coordinate to resolve compliance issues?
  26. What are the policies to ensure preservation of relevant CP documents and information?
  27. What policies address protection of “whistleblowers” and those accused of misconduct?
  28. What are the results of ongoing compliance monitoring by all program managers?
  29. How is ongoing compliance auditing performed and by whom?
  30. How often is sanction-screening conducted and with what results?
  31. Are the results from sanction-screening included in a signed report by responsible parties?
  32. Has the CP been evaluated for effectiveness by a qualified independent reviewer?
  33. What evidence is there concerning effectiveness of hotline operation and follow-up investigations?
  34. What are the metrics being used to evidence CP effectiveness?
  35. What are the results of an independent review and assessment of the CP?

Have Compliance Concerns? We Have Solutions.

Speak with an Expert Today

To view the full advisory documents produced by the OIG and AHLA, please see: “Corporate Responsibility and Corporate Compliance: A Resource for Health Care Boards of Directors” and “Corporate Responsibility and Health Care Quality (2007): A Resource for Health Care Boards of Directors”.

Additionally, more information regarding available tools and resources to answer all these questions can be found at the Compliance Resource Center.

Subscribe to blog