Blog Post

Most Organizations Do Not Have Their Compliance Programs Independently Evaluated for Effectiveness

Richard P. Kusserow | April 2019
  • Many seem to confuse ongoing compliance program monitoring with auditing
  • Compliance Officers can’t independently audit their own programs
  • Only an independent evaluation is credible for determining program effectiveness

Evidencing compliance program effectiveness is critical; it is emphasized in the Department of Health and Human Services Office of Inspector General (OIG) compliance guidance and by the Department of Justice (DOJ). However, in a 2019 Compliance Benchmark Survey Report of healthcare compliance professionals, only 30% reported having an independent review of their compliance program by independent experts. Most (54%) reported evaluating their compliance program effectiveness internally using a checklist, scorecard, or automated tool (13%). These could be categorized as ongoing program monitoring processes, but not as independent evaluations of program effectiveness. Thirty-seven percent (37%) of respondents evaluated program effectiveness by testing employees after compliance training, another internal process. Many (23%) did not assess their program or were unsure if it was done.

The OIG and other authorities have made it clear that the Compliance Officer, like any other program manager, is responsible for ongoing monitoring of their program and verifying that it is operating as designed. The program should also be subject to ongoing auditing by parties independent of the compliance office. Periodically, the organization should seek an independent evaluation by outside experts to verify proper ongoing monitoring of the program and validate that its goals and objectives are being met. Ongoing auditing conducted by an outside expert is growing in importance and has been reinforced repeatedly by the OIG in their practical guidance. The OIG has gone so far as to urge Boards of Directors (Boards) to engage compliance experts to assist in providing active oversight of the compliance program. The OIG’s Corporate Integrity Agreements now mandate that Boards engage compliance experts to advise them on the program and have them personally certify the program’s effectiveness. Despite this OIG guidance, the survey results indicate that most organizations do not have independent evaluations of the compliance program, relying instead upon self-assessment tools and checklists, internally-generated surveys, and after-training testing. At best, these evaluations are used as a “gap analysis” for missing program elements. These methods provide little evidence of how effectively these elements function in the organization’s day-to-day operations. Internally-generated compliance surveys also lack credibility, and outside parties (Board level, government oversight agencies) do not place much value on them. (And most employees do not trust these internal evaluations, especially in ensuring anonymity in responses.) Finally, it is difficult to know what the scores/results of internal evaluations truly indicate.

A free CEU webinar on the survey results is scheduled for May 1st at 2pm, hosted by SAI Global and presented by former Inspector General Richard Kusserow, CEO, Strategic Management Services ([email protected]). You can register at

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog