Chapter 4: Measuring Effectiveness

Printer Friendly, PDF & Email

Methods and Guidelines for Demonstrating Compliance Program Effectiveness

By Steve McGraw[1]

Introduction

The United States Sentencing Commission voted on April 7, 2010, to modify the Federal Sentencing Guidelines for organizations, including the provisions that set forth the attributes of effective compliance and ethics programs. Under the amended Federal Sentencing Guidelines, which went into effect on November 1, 2010, a convicted organization may be eligible for a reduced sentence if it has established an effective compliance and ethics program. The Guidelines now more fully describe the key attributes that a compliance and ethics program must exhibit for the organization to be eligible to receive benefits. These advantages include reduced fines, a reduced sentence or deferred prosecution.

Compliance guidance and mandates from various government agencies have evolved significantly over the last decade. Just a few short years ago, evidence demonstrating the establishment of a corporate compliance program consistent with the seven elements was viewed as sufficient. But now the focus has shifted from the mere presence of a compliance program to evidence that demonstrates the effectiveness of the compliance program. Regulators are now raising the stakes by asking the question: “Can you prove that your compliance program works?”

This article explores some specific actions and recommendations that can help organizations demonstrate the effectiveness of their compliance program. There are numerous concepts and specific tasks outlined in the article. While it would be difficult to implement all the suggestions all at once, this overview can serve as a useful guide for advancing your company’s compliance program.

What’s the Challenge?

For many organizations, moving beyond a “paper” compliance program to the ability to demonstrate the effectiveness of the compliance program presents significant challenges. These challenges include:

  • Lack of resources compounded by tasks requiring manual, labor-intensive processes

  • Existence of multiple, disparate systems for collecting and managing information

  • Lack of ability to view compliance risk across the organization

  • Inability to provide hard data to the regulators as evidence that the organization:

    • Is in full compliance with governing laws and regulations

    • Proactively monitors for compliance gaps

    • Initiates measures to remediate gaps and assigns accountability

    • Provides up-to-the-minute status reports of assessment results and resulting assignments.

The Building Blocks

With the proper tools and processes in place, demonstrating the effectiveness of your organization’s compliance program can be accomplished. Ideally the compliance process should provide global visibility to all compliance activities. The key building blocks include automation of processes; central visibility and control; and proof of compliance for audits.

Automation of Processes

Repetitive functions such as reviews and approvals, incident investigations, escalation, and others should be automated, and the tasks should be captured with a date and time stamp. Any automation should be designed to augment compliance staff, allowing them to focus more attention on high value activities and reduce manual workloads.

Central Visibility and Control

All information and documentation associated with the compliance program should be stored in a unified repository allowing for easy integration with other governance, risk and compliance (GRC) information such as regulatory content, policies and procedures, audits, and corrective action plans.

Proof of Compliance for Audits

Throughout the entire legal and regulatory compliance lifecycle, there needs to be a central collection point where all compliance and risk management documents and activities are easily tracked and linked back to their relevant laws, regulations and standards. This central collection point should serve as a body of evidence of compliance and enable the organization to easily demonstrate proof of compliance for any audit, investigation, exam, or accreditation review. Additionally, an advanced program should have the ability to provide external parties such as regulators ready access to the information required by an audit. This capability can be used to enhance credibility by demonstrating a commitment to transparency and cooperation with an “open door” approach.

Let’s take a look at each of the seven elements of a compliance program as outlined in the Federal Sentencing Guidelines and see how we can collect hard data that will clearly demonstrate the effectiveness of a compliance program.

  1. Establish policies, procedures, and controls

  2. Exercise effective compliance and ethics oversight

  3. Exercise due diligence to avoid delegation of authority to unethical individuals

  4. Communicate and educate employees on compliance and ethics programs

  5. Monitor and audit compliance and ethics programs for effectiveness

  6. Ensure consistent enforcement and discipline of violations

  7. Respond appropriately to incidents and take steps to prevent future incidents.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2023 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings