Enterprise Risk Management (ERM) and Evidencing Compliance Program Effectiveness

Cornelia M. Dorfschmid ([email protected]) is Executive Vice President and Camella Boateng ([email protected]) is Senior Associate with Strategic Management located in Virginia.

5 Takeaways

  • Effective compliance programs must answer three fundamental questions.
  • Auditing and monitoring of compliance programs should include risk assessment techniques.
  • Effectiveness measurement promotes better tracking and follow-up.
  • COSO ERM includes scoring measures (i.e., probability/ impact analysis).
  • ERM is an ongoing process that must include stakeholders at all levels.
  • ERM is intense and requires interdepartmental collaboration to be successful.

In an era of healthcare reform and increased scrutiny on health care compliance, providers and suppliers must protect themselves against the heightened policing by federal and state government agencies. The Patient Protection and Affordable Care Act (PPACA), as amended by the Health Care and Education Reconciliation Act of 2010, mandates that health care providers and suppliers adopt a compliance and ethics program as a condition of participation in the Medicare, Medicaid, and  Children’s Health Insurance programs. Many providers and suppliers, particularly those of larger entities, have already established compliance programs and thus, the PPACA provisions regarding mandatory compliance programs may not raise immediate concerns. Nonetheless, merely having a compliance program is not sufficient. It must also be effective. In this context of evidencing effectiveness, the case for enterprise risk management (ERM) deserves another look.[i]

Have Compliance Concerns? We Have Solutions.

Speak with an Expert Today

The adoption of the ERM approach is an effective and productive way to meet and exceed the ever-increasing regulatory demands in today’s health care enforcement environment. ERM not only provides a best practice approach for effective board oversight of the compliance program, but is also a cross-cutting method that identifies, analyzes, controls, mitigates, and monitors an organization’s risks. Our brief overview of ERM aims to encourage providers to join the ERM bandwagon,because it not only assists an organization in evidencing an effective compliance program, but also may be the best tool to survive and thrive in the current regulatory environment.

What is an effective compliance program?

According to section 8B2.1 of the Federal Sentencing Guidelines and further defined by the Department of Health and Human ServicesOffice of Inspector General (OIG), there are seven elements to an effective compliance program.[ii]The elements are as follows:

  1. Establish compliance standards and procedures to deter crime, fraud, and abuse.
  2. Provide appropriate oversight of the compliance program. This should involve high-level personnel in the oversight of the compliance program. Notably, high-level personnel must be knowledgeable about the content and operations of the compliance program and should exercise reasonable oversight of the implementation and effectiveness of the compliance program.
  3. Communicate compliance standards and procedures to employees through education and training programs.
  4. Establish monitoring and auditing systems to detect criminal conduct. In addition, organizations must periodically evaluate the effectiveness of the compliance program.
  5. Develop and publicize a reporting system that allows anonymity or confidentiality when employees report or seek guidance concerning potential or actual compliance violations. Further, employees should be able to report violations without the fear of retaliation.
  6. Promote and consistently enforce standards.
  7. Respond appropriately to any violations. Corrective actions may require modifying the compliance standards and procedures as well as implementing additional preventative measures.