The Difference Between Governance and Day-to-Day Management
It is not unusual for a conflict to arise concerning the degree to which the Compliance Officer is accountable to the Governing Board. The compliance guidance from the Department of Health and Human Services, Office of Inspector General, and the Department of Justice underscores the Compliance Officer having direct contact with the Board to enable proper oversight and support. The question often arises as to how much direct contact there should be. The Board should not try to manage the day-to-day operations of any program operation of an organization, including compliance. The Compliance Officer should report to and be accountable to the Chief Executive Officer (CEO). Boards are too remote and not present at all times, nor will they likely have the required expertise for managing the daily operation of the Compliance Program. Meeting periodically makes it impossible to do this. Effective boards understand the difference between governing and managing; dysfunctional boards do not. The Board makes policy, and management carries it out. It is tempting for directors to believe they are doing their jobs by delving into management decisions. The temptation is particularly strong for some board members who think they know how things should be done as a result of having ideas based on their personal experience or what they have heard from friends who work in the organization.
It is unwise for directors to co-manage or second-guess individual management decisions. Healthcare compliance is complex, and tinkering with compliance is dangerous. Compliance Officers must be strong, knowledgeable, and expert executives to ensure the many facets of the compliance program are functioning properly. This requires making prompt decisions. Boards that try to manage compliance often end up generating unintended consequences. They undermine the Compliance Officer and CEO’s credibility and authority to the detriment of the organization as a whole. They also risk driving away competent Compliance Officers who are uncomfortable with a Board that always second-guesses daily decision-making. Also, by being involved in daily decisions regarding compliance, they assume personal responsibility for actions taken, rather than the Compliance Officer, CEO, and executive leadership.
Understanding the difference between governance and management rests on the cornerstone of fiduciary responsibility. The governing body has a fiduciary duty and responsibility to ensure that the organization is acting in the best interests of the public and those served by the organization. Boards conduct several roles as independent fiduciaries, including (1) choosing the CEO and Compliance Officer; (2) approving major policies; (3) approving major policy decisions; (4) ensuring adequate resources for program operations; and (5) overseeing performance. Their focus should be the organization’s mission and strategic direction, finances, quality, community benefit, and compliance with laws and regulations. The role of management for the Compliance Program is to ensure that the organization operates in line with the board’s direction. The Compliance Officer should be accountable to the CEO for the functioning of the program. Management, which includes the Compliance Officer, (a) makes operational decisions and policies; (b) keeps the board educated and informed; and (c) brings the board well-documented recommendations, analyses, and information to support its policymaking, decision-making, and oversight responsibilities.
A governing board functions best when it focuses on higher-level, future-oriented matters of strategy and policy and performs its oversight responsibilities in a rigorous but highly efficient manner. Directors should know the red flags that signal the need for closer inquiry. The board should not micromanage workable solutions to compliance programs but hold the Compliance Officer accountable for producing better results.
The Board should (a) play a key role in selecting and evaluating the Compliance Officer’s performance; (b) approve the Code of Conduct and major compliance-related policies; (c) oversee the Compliance Officer’s performance; (d) review the budget for the Compliance Program and ensure adequate resources to carry out objectives. To meet their obligations for providing proper oversight and support for the Compliance Program, they should include members who are “compliance literate” in that they have full knowledge and understanding about the roles and operation of Compliance Programs and be able to seek and analyze information provided concerning the operation of the Compliance Program. On the other hand, program managers such as the Compliance Officer should (a) manage the Compliance Program in line with Board direction; (b) keep the Board educated on the everchanging regulatory and enforcement environment and compliance response to these forces; (c) seek approval of the Board for updated Code of Conduct and key compliance-related policies; (d) bring the Board timely information related to significant compliance issues or problems; (e) respond to a request for additional information regarding the operation of the Compliance Program; and (f) communicate to the Board with candor problems and operational issues.
You can keep up-to-date with Strategic Management Services by following us on LinkedIn.
