You can download the entire ebook here. Compliance programs must be customized to the needs and challenges facing each company and be comprehensive enough to deal with all of the risks the company has identified. The presence of an effective compliance program could mean more leniency from regulators in the event of a corporate misconduct investigation. In fact, in April , the U. Department of Justice Criminal Division updated their guidance document for prosecutors on how to evaluate corporate compliance programs in the context of conducting corporate investigations.
An effective risk assessment should begin with a detailed picture of the compliance landscape your company operates in. The two questions to answer are 1 where are you doing business, and 2 what regulations cover businesses like yours?
For example, are you trying to work with customers in healthcare? If so, you will need to make sure that your systems that handle patient data can sufficiently meet HIPAA security requirements. If you regularly deal with third parties or suppliers and subcontractors, you will need to make sure these third parties have sufficient compliance programs of their own to address information security, privacy, and fraud risks.
The most important thing is this: your compliance efforts should be aimed squarely at the risks that are most critical to your business. An effective risk assessment must also include a clear picture of how your organization operates. Try to find what already exists. Learn about and document the key company processes, systems, and transactions. It may be possible to find existing business process materials prepared for contract certification purposes.
Interview these people and understand what motivates them and stresses them. You can identify these contact points by evaluating each of the key processes, systems, and recurring transactions identified in Step 1 in terms of questions or issues associated with the regulatory regimes you want to be in compliance with.
Are the existing procedures and controls at your company effectively addressing the risk contact points you identified? For each risk contact point, identify the specific policy, procedure, work instruction, or any other control that applies. To help resolve this situation and continue to add value to their organizations, ethics and compliance professionals need to be sure they understand the full spectrum of compliance risks lurking in each part of the organization.
They then need to assess which risks have the greatest potential for legal, financial, operational, or reputational damage and allocate limited resources to mitigate those risks.
Click here to download a compendium that provides details about all five ingredients. This page document allows for easier reading and reference. This article takes a look at compliance risk assessments. To understand their risk exposure, many organizations may need to improve their risk assessment process to fully incorporate compliance risk exposure.
Download the PDF for insights on:. To stay logged in, change your functional cookie settings. Please enable JavaScript to view the site. Viewing offline content Limited functionality available. My Deloitte. Undo My Deloitte. Fortunately, the OIG has established guidelines for hospitals, physician practices, pharmaceutical manufacturers, clinical laboratories, third-party billing companies, and other healthcare organizations to follow.
Healthcare regulatory compliance is a constantly moving target. Payers issue new documentation, coding, and billing requirements often — frequently without any apparent notification.
It is necessary for healthcare organizations to remain current with all new and updated regulations. Compliance violations can arise from misunderstood or improperly implemented regulations.
Keep in mind that as far as the government is concerned, a violation is a violation, regardless of intent. Unfortunately, particularly when limited resources are a factor, management of regulatory compliance within healthcare organizations is often considered to be of secondary importance, exposing the organization to unnecessary risk.
Compliance risk assessments enable organizations to appropriately and efficiently allocate resources to make sure that important compliance issues are not overlooked. For instance, there are many rules to follow in order to correctly bill and submit claims. It is important to establish good processes and open communications between the clinical and financial departments so that correct information is shared appropriately.
These key processes cannot be accomplished in silos — a multidisciplinary, coordinated effort is required. The main focus of the assessment should be to examine specific areas of risk that pose the greatest threat, resulting in the creation of a compliance work plan, which spells out the strategy for compliance for the following year. An organization uses the compliance work plan to implement the findings and recommendations of the assessment into its day-to-day operations. Of note, the Department of Justice stipulates that individuals can be held responsible for non-compliance and corporate wrongdoing.
If you would like more information about compliance risk assessments, or would like to request a speaker on this topic for your organization or event, contact one of our related PYA executives below at
0コメント