Why Independent Effectiveness Evaluations of Compliance Programs Are Necessary

Key Points:
  • Top compliance program priority for 2020
  • Independent evaluations called for by the OIG, DOJ, and Sentencing Commission
  • What doesn’t meet the standard for independent effectiveness evaluations

In the report for the 2020 Healthcare Compliance Benchmark Survey (Benchmark Survey) that Strategic Management helped deliver, most respondents listed evidencing their compliance program effectiveness as their top priority for improving their programs. However, elsewhere in the Benchmark Survey, over half of the respondents reported that the primary means for evaluating compliance program effectiveness was through reviewing results of internal audits and using self-assessment tools or checklists. Some respondents reported using internally generated employee surveys. Further, only slightly more than one third of respondents cited independent evaluations by experts. Unfortunately, internal tools and methods do not meet the standard of an independent evaluation as described by the Department of Health and Human Services Office of Inspector General (OIG), U.S. Sentencing Commission, and Department of Justice (DOJ) guidelines. An organization that comes under government investigation would not want to use internally generated evaluations as its evidence of an independent review of the compliance program’s effectiveness.

The OIG Compliance Program Guidance documents recommend an annual review as an essential part of an effective compliance program. If an organization fails to do this, it can result in serious consequences if there is an encounter with the OIG. Without independent evidence of compliance program effectiveness, little consideration would be given to the mitigation of penalties. In fact, the penalties could be increased. This supports the need for periodic evaluations of compliance programs. As of November 28, 2019, skilled nursing homes are mandated, under federal law, to have compliance program annual reviews. The trend is to mandate this evaluation for all healthcare organizations.

The Sentencing Guidelines for Organizations state that an organization should have a periodic evaluation of the effectiveness of its compliance program. They also specifically call for independent assessments of vulnerabilities to help minimize the likely recurrence of misconduct.

The DOJ “Evaluation of Corporate Compliance Programs” guidance published last year states that all compliance programs are always in progress and never fully completed. It specifically notes that “one hallmark of an effective compliance program is its capacity to improve and evolve. The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment.” The DOJ recognizes that the business environment is continually changing. Therefore, it will consider whether an organization has engaged in meaningful efforts to review its compliance program to ensure that it is up to date. The guidance highlights the importance of effective implementation and evaluation measures to determine whether the compliance program is a “paper program” or one that is fully “implemented, reviewed, and revised, as appropriate, in an effective manner.” Regular, rigorous, and consistent review of compliance programs is now the expectation.

The operative words for these regulatory bodies include the following: independent, evaluation, assessment, and evidence. All of these terms call for reviews by outside experts who are independent of the organization’s operations and have the proper qualifications to make appropriate assessments and offer evidence of the functionality of the program. Only these types of independent evaluations have any credibility with enforcement and regulatory bodies, as well as with most executive leadership and Boards of Directors. According to the Benchmark Survey, the following is a list of practices used by most compliance offices to evidence their compliance program effectiveness, but which do not meet the standard for independent effectiveness evaluations:

  1. Internally Administered Tools and Checklists
  • Not credible for self-evaluation of effectiveness
  • Focus is on process, not outcome
  • Relates to ongoing program monitoring, not independent auditing/evaluation
  • At best, considered internal gap analysis tools and checklists
  • Mostly viewed as self-serving
  1. Gap Analysis
  • Not credible for effectiveness, even if conducted by independent parties
  • Largely process reviews, not outcome evaluations
  1. Internally Developed and Administered Employee Surveys
  • Not likely to be independently developed, tested, and validated; not reliable
  • Mostly viewed as self-serving and biased
  • Anonymity of responses is questionable
  • Results are not benchmarked against other organizations and therefore are questionable

Connect with Our Compliance Experts

Contact Us Now