It always surprised Sue Shollenberger, director of corporate compliance-east at WellSpan Health in York, Pennsylvania, when she found out a department hired an external auditor or consultant on its own, without informing compliance or sharing the results. Things can go wrong when a department acts unilaterally, and the audit may be duplicative.
“The risk is, we can have pockets of people doing these and keeping the results to themselves, without the compliance department knowing they did them,” she said. “The consultant can find problems that are not properly addressed by the management of the department.” To avoid that, WellSpan Health has an updated policy on external reviews, and Shollenberger has emailed all managers to inform them to consult the policy before using outside auditors and consultants.[1]