Blog Post

Gaining Board Empowerment for the Compliance Program (Part I – Charters)

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) notes in their compliance program guidance that the key to a successful Compliance Program (CP) lies in gaining top-down support, with the organization’s Governing Board (Board) acting as the foundation. The Board must be mindful of their duties and obligations as well as their role in corporate responsibility. To achieve this, Boards should first create a CP oversight committee charter that sets forth their duties, responsibilities, and fiduciary obligations. Drafting the right kind of charter is critical to the ultimate success of the CP. It will provide the basis by which the Compliance Officer (CO) may make representations and requests to the Board.  Care should be taken in drafting the charter to ensure clear expectations for Board oversight responsibility and to ensure a tailored construction of charter content to address organizational needs. For those interested, the Policy Resource Center has many versions of these charters for different provider types and sizes. The basic framework for the CP oversight committee should include the following:

  1. The Compliance Committee should have three to five Board members, independent of management.
  2. At least one member should be knowledgeable of the standard seven elements of a CP.
  3. The Committee should meet at least four times annually and more frequently as necessary.
  4. The Committee should maintain minutes documenting key discussions, decisions and recommendations.
  5. The Committee should keep the full Board informed on the status of the CP.

The following lists offer suggested objectives and responsibilities for Compliance Committees and steps Compliance Committees can take to meet their obligations.


  1. Meet the Board fiduciary duties and responsibilities in providing oversight of the CP.
  2. Promote corporate responsibility and compliance that protects the mission and patients.
  3. Understand legal/compliance requirements in order to identify and assess risks.
  4. Promote relevant and meaningful compliance education.
  5. Evaluate CP performance including the handling of compliance matters.
  6. Help identify potential instances of non-compliance and potential waste, fraud and abuse.
  7. Ensure identified compliance issues are resolved through corrective action measures.
  8. Ensuring the ongoing enforcement of compliance policies and procedures.
  9. Oversee how compliance risks are evaluated, managed and mitigated.
  10. Be aware of major enforcement laws.
  11. Keep up to date with emerging compliance issues.
  12. Recognize the highest compliance risk areas and how they are managed.
  13. Have knowledgeable of significant regulatory and industry developments affecting risk.
  14. Understand legal/compliance requirements in order to identify and assess risks.
  15. Promote compliance with laws, regulations, industry guidelines, and policies.
  16. Ensure implementation of compliance-related policies for high risk operations and programs.
  17. Understand metrics that evidence that the CP is meeting its objectives and responsibilities.
  18. Ensure that relevant and meaningful compliance education is provided to all covered persons.
  19. Be informed of potential instances of waste, fraud and abuse.
  20. Ensure compliance issues are resolved through corrective action measures.
  21. Ensure the ongoing enforcement of compliance policies and procedures.

Contact Strategic Management Services


  1. Annually undergo briefings and training on the changing regulatory and legal requirements.
  2. Review goals and objectives for the CP and how they are being addressed.
  3. Receive reports on the previous year’s compliance efforts and results.
  4. Act on suggested CP revisions and improvements.
  5. Meet with the CO without management presence to discuss management support of the CP.
  6. Receive updates on the completion status of key compliance corrective action measures.
  7. Be periodically briefed by the CO on metrics evidencing CP effectiveness.
  8. Review/assess results of the annual compliance audit work plan for addressing high-risk areas.
  9. Ask probing questions regarding the structure, operation, management, and results of the CP.
  10. Seek evidence of effectiveness of compliance-related controls.
  11. Review and assess evidence related to the effectiveness of the CP operations.
  12. Review independent surveys of employee’s compliance knowledge and attitudes.
  13. Recommend any improvements to the CP, as appropriate.
  14. Ensure adoption and implementation of Code of Conduct (Code) and policies for CP operation.
  15. Ensure there are guidelines for reporting compliance violations to the Board.
  16. Ensure Code and compliance policies are properly communicated annually to all employees.
  17. Review CP compliance training effectiveness metrics on employee understanding of lessons.
  18. Remain knowledgeable about applicable laws, regulations and policies.
  19. Evaluate performance of the CP in handling of complaints and other compliance matters.
  20. Annually assess adequacy of CP resources.
  21. Ensure periodic independent evaluation of CP effectiveness.
  22. Report to the full Board on CP effectiveness with recommendations for improvements.
Subscribe to blog