Blog Post

Keep Aware of DOJ “Red Flags” for Ineffective Compliance Programs

Richard P. Kusserow | October 2022

Register for a complimentary CEU credited webinar “Building Blocks for Effective Compliance Programs (,” November 10, 2022, at 2 PM Eastern. The Compliance Certification Board (CCB)® has approved this event for up to 1.2 Live CCB CEUs.

The DOJ Compliance Program Effectiveness Evaluation Guidelines has many warnings of “red flags,” which they consider indicators of non-compliance.  The following are examples of such indicators and organizations should take steps to ensure they don’t have them.

  1. A compliance program is not in place.
  2. A compliance plan exists, but it has not been fully implemented.
  3. The Board does not evidence familiarity with the compliance program operation.
  4. The Compliance Officer is unable to evidence having regular and direct access to the Board.
  5. The Board doesn’t meet with the Compliance Officer in executive sessions without management presence.
  6. The Compliance Officer is not a member of executive leadership, like the CFO, CIO, GC.
  7. There is no or poorly written Code of Conduct to provide employee guidance.
  8. There are inadequate policies and procedures for management/operation of the Compliance Program. 
  9. Absences of an anonymous reporting channel for employees.
  10. Structured root-cause analyses of compliance-related incidents have not been performed.
  11. Absence of or weak compliance audit work plans.
  12. Regulatory compliance risk assessments have not been performed.
  13. Employees have not been surveyed regarding compliance.
  14. No recent independent compliance program evaluation has been performed.
  15. Meaningful incentives have not been offered to employees to encourage compliance.
  16. Evidence of inconsistent application of disciplinary actions.
  17. The Compliance Officer has not been involved in performing due diligence for potential acquisitions.
  18. The Compliance Officer is not involved in executive strategy meetings, discussions, or decisions.
  19. Evidence of inadequate resources for the compliance program.
  20. The Compliance Officer has not been empowered to make independent decisions.
  21. Evidence of inadequate authority to address compliance issues at all levels.

For related FAQs, see

Keep up-to-date with Strategic Management Services by following us on LinkedIn

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog