Lions and Tigers and Bears (Oh My!)
|
|
- Gyles Lane
- 7 years ago
- Views:
Transcription
1 Lions and Tigers and Bears (Oh My!) The Measurement Beasts: Compliance Risk Assessments Effectiveness Evaluations, and Audits HCCA West Coast Conference, Newport Beach, CA June 18, 2010 Jeffrey A. Nagel, PhD, CHC Chief of Staff/Chief Compliance Officer County of Orange, Health Care Agency Margaret Hambleton, MBA, CPHRM, CHH Sr. Vice President, Chief Compliance Officer St. Joseph Health System
2 About us Jeff Nagel County of Orange Health Care Agency Margaret Hambleton St. Joseph Health System
3 We re Not in Kansas Any More
4 Objectives Developing a road map for compliance measurement tools: Identification, measurement, scope and resources Reducing risk exposure Demonstrating return on investment and securing management buy-in
5 Where is the yellow brick road? Understand where you are going, what do you need to get there, ensure management support and buy-in A well planned path is a key to arriving at A well planned path is a key to arriving at your intended destination.
6 Risk Assessment Eighth element of an effective compliance program Government guidance Federal Sentencing Guidelines Organizations shall periodically assess the risk of criminal conduct and shall take appropriate steps OIG Program Guidance Institutions should consider conducting risk assessments to determine where to devote audit resources
7 Definitions Risks Observable events or conditions that may occur and, if they do occur, would have a harmful effect. The impact of a risk should be measurable or definable in specific observable terms (i.e. financial, legal, reputational, etc.) Inherent Risk The risk of an event occurring without consideration for internal controls Residual Risk The risk that remains after considering current controls
8 Definitions Risk Identification The process by which the universe of risks is identified Audits Literature Enforcement/regulatory Impressions of individuals engaged in the process Risk Assessment The process by which identified risks are evaluated and prioritized
9 Definitions Risk Tolerance The amount/type of risk the organization is willing accept Cultural considerations the organizations mission and values Strategic considerations Capacity considerations
10 Why Conduct a Risk Assessment Proactive versus reactive Supports enterprise risk management Cultural integration Raises awareness of program value Mitigation of penalties Continuous program improvement Basis for annual work plan Identifies needed resources
11 Building a Risk Assessment Program Leadership Identifying risks Establishing risk tolerance Buy-in to structure, methods, and mitigation plans
12 Building a Risk Assessment Program Alignment PI s and support personnel Business office Management Staying current with requirements Staying current with requirements Tools and Resources Simple or complex Accountability
13 The risk assessment process Board Communicate Risk Identification Evaluate Monitor Broad Focus on all types of Risks Risk Assessment Controls Assessment Control Activities Establish Priorities Develop Work Plans
14 Risk Identification Surveys Interviews Prior audit findings Prior compliance investigations Exit Interviews with separating employees External sources
15 Risk Identification Human Resources Finance HIM External Risk Services Compliance Admin. Operations HIPAA
16 Risk Identification Exposures now and in the next 3-5 years Key process or functions Key strategic initiatives Complex studies, processes or functions with Complex studies, processes or functions with multiple stakeholders, hand-offs, control, and authority
17 Risk Identification Open ended surveys or interviews Rely on the expertise of the individual being surveyed Supports a wide range of potential risks Can be difficult to adequately define and compare risks One-on-one interviews allow for additional probing
18 Risk Identification Risk ranking Pre-defined listing of potential risks Surveys readily available in the market Quick and easy for participants Be aware this is not a true risk assessment (although it may be sold as one) Be careful not to confuse controls with risks
19 Risk Identification Controls vs. Risks Controls: Policies, procedures, audits, education, management approvals, quality reviews, automation, program structure, etc. Examples: Does the organization have a policy on conflict of interest? Does the organization update the standards of conduct periodically? Are Compliance Committee minutes reviewed? Are procedures in place to identify and address billing misconduct? Who is responsible for monitoring and enforcing adherence to these policies?
20 Risk Assessment Impact (Severity) Financial Legal Reputation Operations Strategic Vulnerability Likelihood/Frequency/History Complexity Rate of Change Controls
21 Assessment Tools Risk Map Gap Analysis Risk Prioritization Scoring
22 Simple Risk Map High D M A E 12 K Impact 10 8 J L I 6 B C Low 4 2 F G H Low Vulnerability High
23 Complex Risk Map
24 Gap Analysis Management Effectiveness Inherent Risk Conflicts Enrollment Billing Sponsor Agreements Time & Effort Reporting PI Agreements Adverse Event Reporting
25 Risk Prioritization Score (RPS) Risk Prioritization Scoring Mission Financial Legal Risk Impact Likelihood Complexity Vunerability Controls Topic Risk Risk Risk Risk Risk Risk Comments
26 Risk Impact Severity measure Define scoring terms in very specific terms Numeric scoring High Low Example: High=Loss or additional expense greater than 1% of gross revenue (financial impact)
27 Vulnerability Scoring Consider without controls to understand the inherent risk Specific definition of terms (scores) Vulnerability may include: Likelihood of failure History of failure Rate of change Complexity of process Detectibality of failure
28 Evaluating the Control Environments Extent of variation Routine review or audit of process Human factors Standard work Communication, hand-offs, redundancy, work around, reliance on memory, etc.
29 Risk Tolerance Continuum ranging from total avoidance of risk to total acceptance Tied to mission and organizational governance and leadership Understand that you probably can not address all risks identified
30 Risk Mitigation Identifying and prioritizing risks creates risk if nothing will be done with the information Audits are not corrective action! Develop work plan monitor effectiveness of plan Understand the root cause Resources available
31 Work Plan Development Involve stakeholders Communicate Monitoring and ongoing periodic assessment Re-evaluate and reprioritize at next risk Re-evaluate and reprioritize at next risk assessment
32 Importance of Auditing and Monitoring One of the seven elements of a comprehensive compliance program based on the OIG Compliance Program Guidance Assists organizations in determining their strengths / weaknesses / risks Can also assist in determining whether the appropriate resources are in place throughout the organization Provides ongoing assurance to management that high-risk areas are operating in accordance with organizational policies and procedures Or highlights the areas that are not Can demonstrate compliance program effectiveness Difference between auditing and monitoring
33 Compliance Auditing Resources Internal vs. external resources Compliance auditors should have a minimum level of technical competence related to area of audit Certified coders CPAs JDs Ongoing training and education should be mandatory On-the-job training can be invaluable Internal Audit and the Compliance function S.W.A.T. team to respond to urgent situations Engaging outside specialists when necessary Conducting compliance audit under attorney-client privilege
34 Selecting Compliance Audits Utilizing a risk-based approach Organization-wide risk assessment Specific risk areas Ongoing significant risk areas Consider approach based on an annual planning process Address risks related to new or revised regulatory requirements As part of the determination of compliance program effectiveness, perform a compliance audit of whether the seven elements have been met / exceeded
35 Auditing Basics Develop your audit plan Areas in which you need to assess controls New services New rules, policies and/or procedures Areas in which you need to evaluate how effective corrective action plans have been Complex and problem prone areas Surveillance Areas with key staff turnover
36 Conducting a Compliance Audit Planning the audit Performing the audit Preparing the audit report Operationalizing the findings and results from the audit
37 Planning the Audit Define the audit scope Prepare a detailed audit workplan Identify appropriate resources for the audit Determine the timing of when the audit will take place as well as how long it will take to conduct the audit Validate audit scope and timing with appropriate contact Proceed to performing the audit Consider privilege options
38 Planning the Audit Understand the issue What are the rules, external guidance? What are your policies? Who is involved in the process? What are the process steps? What records document the process/service and how/where are they maintained?
39 Planning the Audit Define the Audit Scope What is the goal of the audit? What resources are available? What are the components of the process and which will you review (i.e. physician transaction review may include how need for service is determined, how agreements are negotiated, how contracts are established, how performance is measured, how services are documented, etc.) Watch out for scope creep
40 Performing the Audit Conduct entrance / kick-off meeting Discuss audit coordination, scope, workplan & timing Conduct audit based on previously developed workplan Maintain audit workpaper / documentation file Prepare workpapers documenting work performed using standardized workpaper format Quality Assurance (QA) review should be conducted by Manager / Supervisor level Review notes / comments should be provided for follow-up Findings should be documented, supported by audit evidence and provided to audit contact prior to finalizing Other audit issues Conducting interviews, Sampling, Extrapolating sample results, Unresolved items
41 Preparing an Audit Report An audit report should be prepared that clearly summarizes significant findings and other issues that may come to the auditor s attention during the audit Audit findings should be supported by documentation Other issues that may require further review should be identified and it should be clearly noted that no conclusions can be drawn Standardized audit report format should be utilized Exit meeting should be conducted with audit contact person, their manager / supervisor, and other appropriate interested parties Clear, unbiased, documented findings should be presented Recommendations for improvement in processes, etc. or to eliminate compliance gaps should be presented
42 Operationalizing the Findings Audit report and specific findings should be shared with all interested / affected parties with the goal of improving future performance and eliminating compliance exposures Ownership of compliance issues needs to be determined Team leader identified to implement recommendations Time frame for implementation should be agreed to Team leader charged to implement recommendations Champion identified for support Follow-up meeting should be scheduled for status update Follow-up audit or limited review should be performed to determine whether findings and recommendations were effectively implemented Can reflect on compliance program effectiveness
43 Effectiveness Evaluation Why measure effectiveness? US Sentencing Guidelines OIG Guidance and Supplemental Compliance Program Guidance American Health Lawyers Association and OIG Resource documents Corporate Integrity Agreements
44 Effectiveness Evaluations What do you measure? Seven elements (plus risk assessment) Authority Policy and Procedures (including Standards of Conduct) Training and Education Reporting Auditing and Monitoring Response and Prevention Enforcement Risk Assessment and Work Plan Development
45 Barriers to Effectiveness Compliance Officer Lack of authority to enforce standards, policies and procedures Lack of support by Board or Executive Management Inadequate skills to perform the essential functions of the job Lack of resources or commitment from employer
46 Barriers to Effectiveness Code of Conduct / Policies and Procedures Well written policies or Code that is not available to workforce Well written policies that are not enforced A poorly written Code or policies that are out-ofdate, are not specific to organization, are inaccurate
47 Barriers to Effectiveness Training and Education Inaccurate training materials Limited access to training Poor quality of training (e.g., dull, technical, too long) Poor quality of delivery of training (e.g., unqualified trainers, boring narration) Limited variation in training
48 Barriers to Effectiveness Open lines of Communication Lack of culture of openness Lack of awareness of mechanisms to report violations Lack of anonymous reporting mechanism Actual or perceived fear of retaliation Limited action on reported issues
49 Barriers to Effectiveness Disciplinary Guidelines Poorly communicated guidelines Preferential or limited enforcement of guidelines Lack of progressive discipline
50 Barriers to Effectiveness Auditing and Monitoring Lack of an auditing and monitoring schedule based on organizational risks Limited resources to perform function Auditors not trained well Lack of independence/objectivity or conflict of interest of the auditors
51 Barriers to Effectiveness Responding to Offenses Lack of thoroughness of investigations Response is not timely No corrective action taken Limited follow up by compliance program Lack of monitoring of corrective actions
52 Tools for Measuring Effectiveness HCCA Resource Document: Evaluating and Improving a Compliance Program: A Resource for Health Care Board Members, Health Care Executives and Compliance Officers Available on home page of HCCA website:
53 Effectiveness Evaluation How do you measure effectiveness? Issue to be Scored Description Score Score Basis Comments 1.00 Annual Risk Assessment and Evaluation 1.01 Has an annual compliance risk assessment been performed by the SJHS Compliance Department in the last two years in order to identify the relevant compliance risk areas? 1.02 Have the results of the prior year compliance risk assessment been communicated to the Board and other stakeholders? Formal mechanism exists to evaluate organizational compliance risks. Process for evaluation is documented, the assessment is completed in accordance with established process, and communicated to the Board and other stakeholders. Documentation in the form of minutes, memoranda or other documentation reflect that the risk assessment is communicated to the Board and other stakeholders along with sufficient detail for the Board to evaluate the adequacy of the assessment and to prioritize resources based on identified risks Was a compliance effectiveness evaluation developed in the last year by the SJHS Compliance Department to identify opportunities to improve the effectiveness of the SJHS Ministry Integrity Program? Formal mechanism exists to evaluate compliance program effectiveness. Process for evaluation is documented and the assessment is completed in accordance with established process Does the compliance office communicate the results of prior annual compliance effectiveness evaluations to the Board and other stakeholders? Documentation in the form of minutes, memoranda or other documentation reflect that the effectiveness assessment is communicated to the Board and other stakeholders along with sufficient detail for the Board to evaluate the effectiveness of the compliance program and determine program improvements necessary to improve effectiveness.
54 Tools for Measuring Effectiveness OIG Supplemental CPG for Hospitals: Developed a monitoring tool based on supplemental guidance Benchmarked status of program against new standards
55 FACTORS COMPLIANCE OFFICER AND COMMITTEE YES NO COMMENTS Does the compliance program have a clear, well-crafted mission? Does the compliance program have sufficient resources (staff/budget), training, authority and autonomy to carry out its mission? Is the relationship between the compliance function and general counsel function appropriate to achieve the purpose of each? Is there an active compliance committee, comprised of trained representatives of each relevant function department as well as senior management? Are ad hoc groups or task forces assigned to carry out special missions, such as conducting an investigation or evaluating a proposed enhancement to the compliance program? Does the compliance officer have direct access to the governing body, the Director, all senior management, and legal counsel?
56 Effectiveness Evaluation How do you measure effectiveness?
57 Other Methods of Measurement Employee Surveys Interviews or Focus Groups Document Reviews Benchmarking against providers Denial Management Existing Measures Compliance Training Quizzes
58 Ethics Resource Center National Business Ethics Survey 2009
59 National Business Ethics Survey 2009 Sixth in a longitudinal survey of U.S. Workplaces starting in report polled 3,010 employees in business, government and nonprofit sectors (separate reports for each sector) Provides national benchmark on organizational ethics Tracks the views of employees at all levels within organizations
60 National Business Ethics Survey 2007 Reported misconduct at work is down from 2007, but is still high at 49% More employees are reporting what they observe up to 63% (from 58 % in 2007) Ethical Cultures are stronger an increase to 62% (from 53% in 2007)
61 National Business Ethics Survey 2009 Perceived retaliation as a result of reporting misconduct is up. About one quarter of respondents agreed that the recession has negatively impacted the ethical culture in their organization. Organizations with weak-leaning cultures report more misconduct.
62 COUNTY OF ORANGE HEALTH CARE AGENCY 2007 COMPLIANCE PROGRAM SURVEY Please select the most appropriate answer to the following statements Agree Agree Disagree Disagree Completely Somewhat Somewhat Completely 1 I understand the purpose of a Compliance Program My management team supports the goals and objectives of the Compliance Program and the Code of Conduct. The Code of Conduct is clear and easy to understand. I am aware of the policies & procedures related to my job.
63 C O U N T Y O F O R A N G E H E A L T H C A R E A G E N C Y C O M P L IA N C E P R O G R A M S U R V E Y P lea se sele c t th e m o st a p p ro p ria te a n sw er to th e fo llo w in g sta te m e n ts A g re e A g ree D isa g ree D isa g re e C o m p letely S o m ew h a t S o m ew h a t C o m p le tely 5 If a c o m p lian c e c on c ern c o m es to m y a tten tion, I w o u ld rep o rt it to a su p erv iso r/m an a g er, th e O ffic e o f C o m p lian c e, o r o th er ap p ro p riate a rea. 6 If a c o m p lian c e c on c ern c o m es to m y a tten tion, I w o u ld b e c o m fo rtab le rep o rtin g it to : M y S u p erv iso r/m a n a g er T h e O ffic e o f C o m p lian c e H C A H u m a n R eso u rc es O th er (e.g. S a fety O ffic er, In tern a l A u d it) 7 F ea r o f reta lia tion w o u ld p rev en t m e fro m rep o rtin g a c o m p lia n c e p ro b lem. 8 T h e C o m p lian c e P ro g ra m h a s a ffec ted th e w a y I p erfo rm m y d a y-to -d a y resp o n sib ilities.
64 C O U N T Y O F O R A N G E H E A L T H C A R E A G E N C Y C O M P L I A N C E P R O G R A M S U R V E Y Y e s N o 9 I a m f a m ilia r w ith th e H C A C o m p lia n c e P r o g ra m. 1 0 I h a v e c o n s u lte d o r re f e r re d to th e C o d e o f C o n d u c t. 1 1 I k n o w w h e r e to lo c a te H C A p o lic ie s a n d p ro c e d u r e s. 1 2 I k n o w th e n a m e o f th e C h ie f C o m p lia n c e O f fic e r. 1 3 I k n o w h o w to c o n ta c t th e C h ie f C o m p lia n c e O f fic e r. 1 4 I a m a w a re o f th e E m p lo y e e C o m p lia n c e H o tlin e a n d h o w to a c c e s s it.
65 C O U N T Y O F O R A N G E H E A L T H C A R E A G E N C Y C O M P L I A N C E P R O G R A M S U R V E Y I a m a w a r e o f t h e C o m p li a n c e P r o g r a m w e b s i t e o n th e In t r a n e t. I a m a w a r e o f t h e H IP A A w e b s i t e o n t h e In t r a n e t I h a v e a c c e s s e d th e C o m p li a n c e P r o g r a m w e b s i t e o n th e In t r a n e t. Y e s N o 1 8 I h a v e a c c e s s e d th e H IP A A w e b s i t e o n th e In t r a n e t a 1 9 b I h a v e o b s e r v e d w o r k p la c e b e h a v i o r th a t I f e lt v i o la t e d th e C o d e o f C o n d u c t. If y e s, d id y o u r e p o r t th e v i o la t i o n t o a n y o n e? P le a s e t e ll u s w h y y o u d id n o t r e p o r t th e o b s e r v e d v i o la t i o n.
66 C O U N T Y O F O R A N G E H E A L T H C A R E A G E N C Y C O M P L I A N C E P R O G R A M S U R V E Y 2 0 A s s i g n e d S e r v i c e A r e a A d m i n ( i n c l u d e s I T, Q M a n d H R ) B e h a v io r a l H e a lt h F i n & A d m S v c s ( i n c l H C A / A c c t g. ) M e d ic a l & I n s t. H e a lt h P u b l ic H e a lt h S v c s R e g u la t o r y H e a l t h A r e y o u S u p e r v i s o r y / M a n a g e m e n t? Y e a r s w i t h H C A o r H C A A c c o u n t i n g Y e s N o L e s s t h a n 1 y e a r 1-2 y e a r s 3-5 y e a r s y e a r s 1 0 o r m o r e y e a r s 2 3 P l e a s e p r o v i d e a d d i t i o n a l c o m m e n t s o r s u g g e s t io n s y o u m a y h a v e r e g a r d i n g t h e C o m p l i a n c e P r o g r a m :
67 Board Oversight Excerpt from Interview with James G. Sheehan, New York State Medicaid Inspector General full text available at Five reasons board members should be concerned: Right thing to do Fiduciary and legal duty Specific reporting requirements State requirements Board members can face personal exposure
68 Interview Continued Board role to be educated Board can be held responsible for neglecting their duty of oversight The biggest problem with oversight is failing The biggest problem with oversight is failing to ask the tough questions, failing to require and review compliance metrics, and failing to require education for the board and senior managers
69 Reporting Measurement Activities Provides board education Understand risk position Strategic alignment Required as part of oversight duty Sufficiency of budget and resources
70 Closing the Loop Communicate findings with governance and key stakeholders Communicating status and effectiveness of actions Metrics Process v. outcomes
71 Lessons Learned Know the resources you have to commit for both the evaluation processes, corrective action, and work plan Start small and build Continuous effectiveness are you addressing the most important risks? Countrywide example
72 Lessons Learned from Oz If I only had a brain Planning and developing a road map is the best way of reaching your destination, but anticipate a few obstacles on your path If I only had a heart Establish and maintain key relationships to help you be successful If I only had courage Courage is developed, not innate, and grows based upon the confidence that success brings
73
74 Questions?
PHI Air Medical, L.L.C. Compliance Plan
Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation
More informationStrategies to Evaluate the Effectiveness of Your Compliance Program. Compliance Program Check-up
Strategies to Evaluate the Effectiveness of Your Compliance Program Debbie Troklus, CHC-F, CCEP-F, CHRC, CHP Managing Director, Aegis Compliance & Ethics Center, LLP dtroklus@aegis-compliance.com 502-641-9140
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationIntroductions. Today s Topics 10/12/2015
Healthcare Enforcement Compliance Institute Tuesday, October 7, 2015 Laubach/Waltz HCCA October 2015 1 Introductions Judy Waltz Lori Laubach 2 Today s Topics Identifying the need for auditing (and refunds)
More informationVCU HEALTH SYSTEM Compliance Program. Updated August 2015
VCU HEALTH SYSTEM Compliance Program Updated August 2015 Table of Contents Section I. Purpose of the Compliance Program... 3 Section II. Elements of an Effective Compliance Program... 3 A. Written Policies
More informationCOMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS
Department of Health and Human Services CENTERS FOR MEDICARE & MEDICAID SERVICES COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS March 2005 TABLE OF CONTENTS INTRODUCTION...3 ELEMENTS
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationw ith In fla m m a to r y B o w e l D ise a se. G a s tro in te s tin a l C lin ic, 2-8 -2, K a s h iw a z a, A g e o C ity, S a ita m a 3 6 2 -
E ffic a c y o f S e le c tiv e M y e lo id L in e a g e L e u c o c y te D e p le tio n in P y o d e r m a G a n g re n o su m a n d P so r ia sis A sso c ia te d w ith In fla m m a to r y B o w e l D
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationPOLICY SUBJECT: EFFECTIVE DATE: 5/31/2013. To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW
Compliance Policy Number 1 POLICY SUBJECT: EFFECTIVE DATE: 5/31/2013 Compliance Plan To be reviewed at least annually by the Ethics & Compliance Committee COMPLIANCE PLAN OVERVIEW Sound Inpatient Physicians,
More informationFraud Prevention and Deterrence
Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining
More informationEstablishing An Effective Corporate Compliance Program Joan Feldman, Esq. Vincenzo Carannante, Esq. William Roberts, Esq.
Establishing An Effective Corporate Compliance Program Joan Feldman, Esq. Vincenzo Carannante, Esq. William Roberts, Esq. November 11, 2014 Shipman & Goodwin LLP 2014. All rights reserved. HARTFORD STAMFORD
More informationINTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404
INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404 OF THE U.S. SARBANES-OXLEY ACT OF 2002 May 26, 2004 Copyright 2004 by, 247 Maitland Avenue, Altamonte Springs, Florida, 32701-4201, USA Internal Auditing
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationTABLE OF CONTENTS BACKGROUND AND INTRODUCTION... 5 PURPOSE... 5 SCOPE... 6 RISK ASSESSMENT PROCESS... 6
TABLE OF CONTENTS BACKGROUND AND INTRODUCTION... 5 PURPOSE... 5 SCOPE... 6 RISK ASSESSMENT PROCESS... 6 RISK ASSESSMENT AND EVALUATION METHODOLOGY... 6 RESULTS... 8 RISK ASSESSMENT GAPS... 9 RISK ASSESSMENT
More informationOAC Presentation to UNESCO Member States
OAC Presentation to UNESCO Member States Scope and Purpose of Audit and Risk Committees 29 June 2016 1 Content: 1. Context 2. Audit and Risk Management in UNESCO today 3. Relationship between Entreprise
More informationEssentials Elements of an Effective Ethics Compliance Program Submitted to Senate- Government Operations Committee January 26, 2016
Madeline M. Motta MS, JD, JSD Corporate Compliance Ethics Professional Essentials Elements of an Effective Ethics Compliance Program Submitted to Senate- Government Operations Committee January 26, 2016
More informationInside the Beltway: Compliance Effectiveness Tips
Inside the Beltway: Compliance Effectiveness Tips Greg Radinsky Vice President & Chief Corporate Compliance Officer North Shore-LIJ Health System HCCA 2013 Compliance Institute April 22, 2013 Washington,
More informationResearch Compliance Structures: Assessing the Effectiveness of Your Institution s Program
Research Compliance Structures: Assessing the Effectiveness of Your Institution s Program 2014 Research Services Summer Webinar Series June 25, 2014 YOUR MISSION OUR SOLUTIONS Huron Consulting Group Inc.
More informationHealth Management Annual Compliance Training
Health Management Annual Compliance Training 2011 1 Introduction Welcome to 2011 Annual Compliance Training! The purpose of Annual Compliance Training is to: 1. Remind all associates of the elements of
More informationPuerto Rican Family Institute, Inc.
Puerto Rican Family Institute, Inc. Stronghold for Families, a Pathfinder for Children Corporate Compliance Program Plan - 2014 Updated by: Approved by: Yolanda Alicea Winn, LCSWR Vice President/Corporate
More informationADMINISTRATIVE MANUAL Subject: CORPORATE RESPONSIBILITY 21.49. Directive #: 21.49 Present Date: January 2011
Page: 1 of 18 Directive #: 21.49 Present Date: January 2011 Original Date: September 2004 Review Date: January 2013 Applicable To: SVHC & Affiliated Companies SVMC SCLM SLH FCPC POLICY In furtherance of
More informationSempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on 1 30 09)
Sempra Energy Corporate Compliance and Ethics Plan This page is managed by the Director of Business Conduct (Last revised on 1 30 09) Sempra Energy and its subsidiaries and affiliates ("Company") conduct
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationUS Sentencing Commission Compliance Recommendations Page 1 of 5
8B2.1. Effective Compliance and Ethics Program 1 (a) To have an effective compliance and ethics program an organization shall (1) exercise due diligence to prevent and detect criminal conduct; and (2)
More informationEnterprise Risk Management
Enterprise Risk Management The Basics or ERM 101 1 Enterprise Risk Management Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as: COSO s
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationEnterprise Risk Management
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
More informationCORPORATE COMPLIANCE PROGRAM
CORPORATE COMPLIANCE PROGRAM BACKGROUND AND POLICY: The Oakwood Accountable Care Organization, LLC. ( ACO ) corporate policy relating to compliance with applicable laws and regulations is embodied in this
More informationAstraZeneca US Compliance Program
AstraZeneca US Compliance Program Key Objectives AstraZeneca's US Compliance Program is focused on two equally important objectives: Exercising due diligence to prevent, detect and correct unlawful conduct
More informationPRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions
PRACTICE GUIDE Formulating and Expressing Internal Audit Opinions 2 of 23 Table of Contents 1. Executive Summary... 1 2. Introduction... 2 3. Planning the Expression of an Opinion... 3 3.1 Expressing an
More informationInternal Audit Quality Assessment. Presented To: World Intellectual Property Organization
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationUNIVERSITY COMPLIANCE PLAN
UNIVERSITY COMPLIANCE PLAN Objectives of the Compliance Program The University Compliance Program provides a proactive program that ensures full compliance with all applicable policies, procedures, laws
More informationDepartment of Veterans Affairs VHA HANDBOOK 1030.02. Washington, DC 20420 November 8, 2010 COMPLIANCE AND BUSINESS INTEGRITY (CBI) PROGRAM STANDARDS
Department of Veterans Affairs VHA HANDBOOK 1030.02 Veterans Health Administration Transmittal Sheet Washington, DC 20420 November 8, 2010 COMPLIANCE AND BUSINESS INTEGRITY (CBI) PROGRAM STANDARDS 1. REASON
More informationEM EA. D is trib u te d D e n ia l O f S e rv ic e
EM EA S e c u rity D e p lo y m e n t F o ru m D e n ia l o f S e rv ic e U p d a te P e te r P ro v a rt C o n s u ltin g S E p p ro v a rt@ c is c o.c o m 1 A g e n d a T h re a t U p d a te IO S Es
More informationPerforming a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations
Performing a Compliance Risk Assessment for Compliance Auditing & Monitoring in Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San Diego, CA Introduction
More informationRisk Assessment & Enterprise Risk Management
Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less
More informationTest du CISM. Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais.
Test du CISM Attention, les questions, comme l'examen, ne sont disponibles qu'en anglais. 1. Which of the following would BEST ensure the success of information security governance within an organization?
More informationAligning Compliance Program Priorities with Business Objectives
Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for
More informationBusiness Logistics Specialist Position Description
Specialist Position Description March 23, 2015 MIT Specialist Position Description March 23, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level
More informationManaging Research Compliance Risks
Managing Research Compliance Risks James Moran, J.D., CPA Executive Director of Compliance, University of Pennsylvania School of Medicine Rick Rohrbach, MBA, CPA Senior Manager, Healthcare Consulting Practice
More informationBAPTIST HEALTH CORPORATE COMPLIANCE PLAN
BAPTIST HEALTH CORPORATE COMPLIANCE PLAN BAPTIST HEALTH and its subsidiaries have a long-standing reputation for conducting both business and patient care activities with the highest level of ethical behavior
More informationPreventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations
Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)
More informationMNsure Compliance Program Strategic Plan. December 17, 2014
MNsure Compliance Program Strategic Plan December 17, 2014 Page 2 of 12 TABLE OF CONTENTS Introduction... 3 Compliance Program Mission... 3 Compliance Department Mission... 3 Regulatory Profile... 4 Key
More informationLocation of the job: CFO Revenue Assurance
JOB PROFILE Title of position: Manager: Revenue Assurance Operations Number of subordinates: 5-10 Location of the job: CFO Revenue Assurance Level: 3 Position Code: Time span: 2-3 years Key Performance
More informationLeadingAge Maryland. QAPI: Quality Assurance Performance Improvement
LeadingAge Maryland QAPI: Quality Assurance Performance Improvement NOT ALL CHANGE IS IMPROVEMENT, BUT ALL IMPROVEMENT IS CHANGE Donald Berwick, MD Former CMS Administrator 2 WHAT IS QAPI? Mandated as
More informationForensic Audit Building a World Class Program
Forensic Audit Building a World Class Program PAUL E. ZIKMUND DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT 1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL Why the Need for Forensic Audit Program In response
More informationInternal Auditing Guidelines
Internal Auditing Guidelines Recommendations on Internal Auditing for Lottery Operators Issued by the WLA Security and Risk Management Committee V1.0, March 2007 The WLA Internal Auditing Guidelines may
More informationHow To Understand The Role Of An Internal Audit
Top Ten Issues facing Internal Auditing in the Future The IIA Dallas Chapter April 6, 2006 Presented by: David A. Richards, CIA, CPA President The Institute of Internal Auditors drichards@theiia.org 1
More informationGAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports
GAO United States Government Accountability Office Report to the Committee on Armed Services, U.S. Senate December 2011 DEFENSE CONTRACT AUDITS Actions Needed to Improve DCAA's Access to and Use of Defense
More informationHCA ETHICS AND COMPLIANCE PROGRAM
HCA ETHICS AND COMPLIANCE PROGRAM The HCA Ethics and Compliance Program is intended to accomplish two goals. One of these goals is trying to ensure that everyone associated with HCA-affiliated facilities
More informationCompliance. TODAY February 2013. Meet Lew Morris
Compliance TODAY February 2013 a publication of the health care compliance association www.hcca-info.org Meet Lew Morris Senior Counsel with Adelman, Sheff and Smith in Annapolis, Maryland; former Chief
More informationAN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981. P. A. V a le s, Ph.D.
AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981 P. A. V a le s, Ph.D. SYNOPSIS Two in d ep en d en t tre a tm e n t g ro u p s, p a r t ic ip
More informationComprehensive Risk Assessment and Developing the Audit Plan
Comprehensive Risk Assessment and Developing the Audit Plan Laure Boyd, CIA, CGAP Internal Audit Manager Leon County Clerk of the Circuit Court and Comptroller Our Time Today Background Risk Assessment
More informationBehaviors and Actions That Support Leadership and Team Effectiveness, by Organizational Level
Good Practice INPO 15-012 October 2015 Behaviors and Actions That Support Leadership and Team Effectiveness, by Organizational Level Revision 0 OPEN DISTRIBUTION OPEN DISTRIBUTION: Copyright 2015 by the
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More information1-2 Corporate Compliance Practice Guide 2.03. Corporate Compliance Practice Guide
1-2 Corporate Compliance Practice Guide 2.03 Corporate Compliance Practice Guide Copyright 2009, Matthew Bender & Company, Inc., a member of the LexisNexis Group. Chapter 2 Creating a Basic Compliance
More informationOffice of Compliance and Ethics Introductory Report. Lynette Fons, Chief Compliance Officer
Office of Compliance and Ethics Introductory Report Lynette Fons, Chief Compliance Officer Why the Office of Compliance and Ethics was Created The City operates in a highly complex regulatory environment
More informationCorporate Compliance and Ethics Program Effective as adopted on February 21, 2012
Corporate Compliance and Ethics Program Effective as adopted on February 21, 2012 Page 1 of 7 SECTION 1. STATEMENT OF INTENT As a specialty pharmaceutical company and diagnostic laboratory, Prometheus
More informationWMACCA Small Law Department Initiative. Scaling a Compliance Program To Your Organization And Small Law Department
WMACCA Small Law Department Initiative Scaling a Compliance Program To Your Organization And Small Law Department Michael C. Hardy, II Womble Carlyle Sandridge & Rice, LLP michael.hardy@wcsr.com 410.545.5873
More informationUniversity of California San Diego. Audit & Management Advisory Services
University of California, San Diego University of California San Diego Governance Overview and Compliance Activities Audit & Management Advisory Services Regents Committee on Compliance and Audit Health
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationDepartment of Veterans Affairs VHA HANDBOOK 1030.01. Washington, DC 20420 July 31, 2006 COMPLIANCE AND BUSINESS INTEGRITY (CBI) PROGRAM ADMINISTRATION
Department of Veterans Affairs VHA HANDBOOK 1030.01 Veterans Health Administration Transmittal Sheet Washington, DC 20420 July 31, 2006 COMPLIANCE AND BUSINESS INTEGRITY (CBI) PROGRAM ADMINISTRATION 1.
More informationThe University of Texas Health Science Center at Houston Institutional Healthcare Billing Compliance Plan JANUARY 14, 2013
JANUARY 14, 2013 I. Preamble The University of Texas Health Science Center at Houston (UTHealth) is committed to ensuring that its affairs are conducted in accordance with applicable laws and regulations.
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationEast Carolina University Office of Internal Audit Risk Assessment Preliminary Work
Risk Assessment Preliminary Work Attch: 1-A Date: Name: Area of Responsibility: Prior to meeting with your units gather and review the following information: 1. Review unit s website. Note anything of
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationRisk Management Services
Risk Management Services GridSME is proud to offer organizations a variety of risk management services, including the following: RISK ASSESSMENTS Strategic identification of enterprise risks & latent organizational
More informationEnhancing Law Enforcement Response to Victims:
Enhancing Law Enforcement Response to Victims: Strategy Implementation Checklist Enhancing Law Enforcement Response to Victims is a new professional standard developed by the International Association
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More information75% On the Record. Is Your Organization s Records Management Program Providing High Value or High Risk?
Records Management SUrvey Report 75% of Most Respondents Said a Senior Executive Oversees the Records Program On the Record Is Your Organization s Records Management Program Providing High Value or High
More informationA shift in responsibility. More parties involved Integration with other systems. 2
EFFECTIVE SERVICE RELATIONSHIP MANAGEMENT ALSO INCLUES THE FOLLOWING ACTIVITIES: Today, organizations frequently elect to have certain services be provided by service vendors, also referred to as service
More informationCHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives
More informationPrincipal Investigator and Sub Investigator Responsibilities
Principal Investigator and Sub Investigator Responsibilities I. Purpose To define the roles and responsibilities of Principal Investigators conducting research at GRU. II. Definition The term Principal
More informationImplementing HIPAA into a Compliance Program
Implementing HIPAA into a Compliance Program HCCA Annual Conference April 24, 2002 Kenneth W. Fody, Esq. - Independence Blue Cross Carole A. Klove, RN, JD Deloitte & Touche Agenda Introductions The HIPAA
More informationHouston, We ve Had a Problem: Addressing Data Breaches with an Incident Response Team
Houston, We ve Had a Problem: Addressing Data Breaches with an Incident Response Team HCCA 16th Annual Compliance Institute Las Vegas, NV To Heal. To Teach. To Discover. April 30, 2012 Jennifer Edlind,
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationRisk Management Primer
Risk Management Primer Purpose: To obtain strong project outcomes by implementing an appropriate risk management process Audience: Project managers, project sponsors, team members and other key stakeholders
More informationAPEC General Elements of Effective Voluntary Corporate Compliance Programs
2014/CSOM/041 Agenda Item: 3 APEC General Elements of Effective Voluntary Corporate Compliance Programs Purpose: Consideration Submitted by: United States Concluding Senior Officials Meeting Beijing, China
More informationPharmaceutical Compliance and Regulatory Congress 2009
Pharmaceutical Compliance and Regulatory Congress 2009 Compliance Program Elements Track I: How Program Management Can Keep You On Track Edward H. Leskauskas Director, Compliance and Ethics Operations
More informationThe Framework for Quality Assurance
Chapter 1 The Framework for Quality Assurance O v e rv i e w One of internal audit s major assets is its credibility with stakeholders. To provide credible assistance and constructive challenge to management,
More informationAudit of NRC s Network Security Operations Center
Audit of NRC s Network Security Operations Center OIG-16-A-07 January 11, 2016 All publicly available OIG reports (including this report) are accessible through NRC s Web site at http://www.nrc.gov/reading-rm/doc-collections/insp-gen
More informationBusiness Analyst Position Description
Analyst Position Description September 4, 2015 Analysis Position Description September 4, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 2 Explanation of Proficiency Level Definitions...
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationFramework for Enterprise Risk Management
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
More informationAudit of the Test of Design of Entity-Level Controls
Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
More informationDCAA Audits of Compliance Systems and the Implications of Changes in the False Claims Act for Universities
DCAA Audits of Compliance Systems and the Implications of Changes in the False Claims Act for Universities SCCE s Higher Education Compliance Conference Kwamina Thomas Williford Partner, Holland & Knight
More informationPractice Guide. Selecting, Using, and Creating Maturity Models: A Tool for Assurance and Consulting Engagements
Practice Guide Selecting, Using, and Creating Maturity Models: A Tool for Assurance and Consulting Engagements July 2013 Table of Contents Executive Summary... 1 Introduction... 2 Example of Maturity
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationAMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals
AMTRAK CORPORATE GOVERNANCE: Implementing a Risk Management Framework is Essential to Achieving Amtrak s Strategic Goals Report No. OIG-A-2012-007 March 30, 2012 NATIONAL RAILROAD PASSENGER CORPORATION
More informationThe United States spends more than $1 trillion each year on healthcare
Managed Care Fraud and Abuse Compliance Guidelines I. Introduction The United States spends more than $1 trillion each year on healthcare representing approximately 15 percent of the gross national product.
More informationA Risk-Based Audit Strategy November 2006 Internal Audit Department
Mental Health Mental Retardation Authority of Harris County ENTERPRISE RISK MANAGEMENT A Framework For Assessing, Evaluating And Measuring Our Agency s Risk A Risk-Based Audit Strategy November 2006 Internal
More informationPerformance Measures for Internal Auditing
Performance Measures for Internal Auditing A simple question someone may ask is Why measure performance? An even simpler response would be that what gets measured gets done. McMaster University s discussion
More informationMANATEE COUNTY SCHOOL DISTRICT RISK ASSESSMENT UPDATE PROCESS REPORT
MANATEE COUNTY SCHOOL DISTRICT RISK ASSESSMENT UPDATE PROCESS REPORT Shinn & Company LLC was contracted by the Manatee County School Board (the Board ) to update the current risk assessment. The initial
More informationThe Management System Track
The Management System Track 1. What Is It? 2. How Does It Relate to Certification Bodies? 3. How to Implement It? 1 Presenters Paul Grace, MS, CAE Executive Director, NBCOT Dale Cyr, MBA, CAE Executive
More information