Transcript Evidencing Compliance_Culpability Score

EVIDENCING EFFECTIVE COMPLIANCE TO
MINIMIZE AN ORGANIZATION’S
CULPABILITY SCORE
HFMA – TEXAS GULF COAST CHAPTER
SEPTEMBER 17, 2004
Presented by
Sarbanes-Oxley
 2002 Legislation
 Response to accounting, reporting and executive
misconduct
 Enron, WorldCom, Adelphia, Tyco, HealthSouth, & others
 Attempts to safeguard against future collapses in:
– Corporate governance
– Auditor independence
 “Spill-over” applicability to non-public healthcare entities*
*See: “A readiness check: Your organization should be preparing for Sarbanes-Oxley spillover,” Compliance Today, July 2004
2
Compliance Test 101
Question No. 1
Federal Sentencing Guidelines refer to:
A.
B.
C.
D.
Instructions for attorneys in writing court briefs.
Proper sentence structure by expert witnesses.
Title of a book written by the “hanging judge.”
Statutory guidelines for prison sentences based on the
seriousness of criminal offenses, including certain
compliance violations.
3
Federal Sentencing Guidelines
Federal Sentencing Guidelines
U.S. Sentencing Commission
http:www.ussc.gov/2004gud/2004cong.pdf
Amended April 8, 2004
Chapter Eight, Part B, added new Subpart 2
“Effective Compliance and Ethics Program”
4
Effective Compliance and Ethics Program
“Such compliance and ethics program
shall be reasonably designed, implemented
and enforced so that the program is
generally effective in preventing and
detecting criminal conduct.”
5
Evidencing Compliance
Many, if not most providers have taken steps to
document policies and procedures relative to
compliance matters.
Significantly fewer have accumulated evidence of
the effectiveness of internal controls on a
comprehensive basis.
6
Evidencing Compliance
Step 1: Identify applicable internal controls, policies
& procedures.
Step 2: Implement internal control procedures.
Step 3: Monitor (test) consistent application of
controls.
7
Evidencing Compliance-Identify Controls
over Total Costs Claimed on cost report
Step 1: Control Procedure: Reconcile Worksheet A (trial
balance) of cost report to total expenses per general ledger.
Step 2: (A) Design a reconciliation template and include it in
the cost report review checklist.
(B) Assign preparation and review responsibility
including workpaper sign-off.
Step 3: Implement independent review of cost report files to
verify that the reconciliation was performed and the preparer
and reviewer signed-off as required.
8
Evidencing Compliance
Evidencing compliance does not equate to auditing
compliance.
In the previous example, the evidencing need not
verify that the reconciliation was correct, but rather,
was it completed using the designated method and
evidenced in the cost report workpapers.
9
Compliance Test 101
Question No. 2
What is a Culpability score?
A. The number of times a defendant exclaims “mea culpa”
in one minute.
B. An integral part of the Federal Sentencing Guidelines
which is used to assess the seriousness of compliance
violations and arrive at an appropriate penalty.
C. A mathematical function derived from an individual’s
arrest record.
D. It just sounds bad, and I really don’t want to know.
10
Culpability Score
The Culpability Score is an integral part
of the Federal Sentencing Guidelines which
is used to assess the seriousness of compliance
violations and arrive at an appropriate penalty.
11
Culpability Score
Culpability is evaluated in terms of:
 The steps taken prior to the offense to prevent
and detect criminal conduct;
 The level of involvement and tolerance of the
conduct by certain personnel; and
 The actions taken by the organization
following the offense.
12
Culpability Score
 The culpability score is a range of
“zero or less” to “ten or more.”
 An organization with a compliance violation
automatically begins with a score of five points.
13
Culpability Score Multipliers
Culpability Score
Min. Multiplier
Max. Multiplier
10 or more
9
8
7
6
5
4
3
2
1
0
2.00
1.80
1.60
1.40
1.20
1.00
0.80
0.60
0.40
0.20
0.05
4.00
3.60
3.20
2.80
2.40
2.00
1.60
1.20
0.80
0.40
0.20
14
Culpability Score
To the minimum culpability score, points may be added for:
 Involvement of high-level personnel in the offense or tolerance
of the offense by substantial authority personnel (add 3-5
points depending on organization’s size).
 Past history of the same offense within 10 years following a
civil or administrative settlement or within 5 years following
a criminal adjudication (add 1-2 points).
 Violation of a judicial order or conditions of probation (add
1-2 points); and
 Obstruction of justice (add 3 points).
15
Culpability Score
The culpability score may be lowered by the following:
 The existence of a program to prevent and detect
violations of the law (deduct 3 points); and
 Self-reporting, cooperation in the investigation, or
affirmative acceptance of responsibility for the conduct
(deduct the greatest of 3, 2, or 1 points, respectively).
16
Compliance Test 101
Question No. 3
What is compliance effectiveness?
A. Sufficient activity during the year on compliance
matters to avoid compliance staffing reductions.
B. Compliance monitoring and auditing which is based on
zero tolerance and zero violations.
C. A subjective and judgmental process of determining
whether the organization's compliance plan will
increase or decrease the culpability score.
D. A subjective and judgmental process to ensure an
organization’s compliance program is effective to
prevent and detect violations of law.
17
Compliance Effectiveness
An “effective program to prevent and detect
violations of law” means a program that has been
reasonably designed, implemented and enforced so
that it generally will be effective in preventing and
detecting criminal conduct.
18
Compliance Effectiveness
 Failure to prevent an offense, by itself, does not
mean the compliance program was not effective.
 The hallmark of an effective program is that the
organization exercised due diligence in seeking to
prevent and detect criminal conduct by its employees
and other agents.
 Due diligence requires at a minimum that the
organization must have taken steps to address the
seven elements identified in the Federal Sentencing
Guidelines.
19
Seven Elements of an Effective Corporate
Compliance Program
1. Established compliance standards and procedures
2. Oversight by high-level personnel
3. Discretionary authority vested in persons
unlikely to engage in criminal conduct
4. Effective lines of communication to employees of
compliance standards
20
Seven Elements of an Effective Corporate
Compliance Program
5. Reasonable methods to achieve compliance with
standards, including monitoring and auditing
systems and hotlines
6. Appropriate and consistent enforcement and
discipline
7. Appropriate and consistent responses to detected
violations
21
CMS Compliance Effectiveness Initiative
 May 2004 Pilot Program announced
 10-12 hospitals in Eastern/Southeastern states
 Planned 18 month study
 assess effectiveness
 gather best practices
 September 2004 Program start
 Recommendations expected in late 2006
22
Consequences of Compliance Violations
 Administrative Sanctions
 Civil Money Penalties
 $10,000 per claim
 $100,000 per conspiracy scheme
 Treble damages
 Program Exclusion
 Criminal Charges
 Corporate Integrity Agreement (CIA)
23
Evidencing Compliance Effectiveness
Many providers have taken steps to document
policies and procedures, significantly fewer have
gone as far as they could to evidence the
effectiveness of internal controls.
24
Strategy for Evidencing Effective Compliance
 Conduct a risk assessment
 Document existing internal controls, policies &
procedures
 Conduct a “Base Line” evaluation
 Perform “Annual Reviews” to monitor
effectiveness
25
Base Line Evaluation
1. Evaluate compliance policies
 Review/update written compliance policies
 Compare existing policies to industry best practices
 Assess adequacy of compliance policies
2. Evaluate procedures and practices





Review reconciliation worksheets
Evaluate integrity of data (e.g., source references)
Assess available supporting documentation
Review consistency of data
Assess evidence of internal independent review
26
Base Line Evaluation
3. Evaluate internal review scope and process




Determine the extent and timing of independent review
Review internal workpaper documentation
Evaluate skill and experience of independent reviewer
Assess procedures relative to clearing review points,
unusual data fluctuations and other issues noted
 Assess evidence of internal review (e.g., initial/signoff)
4. Evaluate procedures for identify and reporting
upon sensitive compliance issues within area
27
Annual Review
1. Review existing control environment policies,
procedures and practices between the Base Line or
Prior Year to the Current Year.
2. Review specific key focus areas of OIG Workplans
3. Identify regulatory changes and effects on data
4. Evaluate procedures applicable for assuring the
integrity of data for sensitive issues
5. Assess the integrity and adequacy of review and
reconciliation procedures applied to critical data
28
Compliance Test 101
Question No. 4
What does physician self-referral mean?
A. The attending physician asks the patient to select the
laboratory for needed testing.
B. Due to Medicare payment pressure, the attending
physician voluntarily admits himself to a rehab for
treatment.
C. The attending physician orders tests that will be
performed within his practice office.
D. The attending physician orders tests that will be
performed by another provider where the attending has a
financial interest.
29
Evidencing Compliance
 To ensure the Base Line Evaluation is objective and
provides the greatest measure of evidencing effectiveness,
consider the use of an external consultant
 To the extent that any “audit” of data or transactions is
included, perform the work under the direction of counsel.
 For annual reviews, perform a risk assessment to ensure
an appropriate focus and consider an external review over the
proposed workplans to add a degree of objectivity
 Compile a report on the Base Line Evaluation and the
Annual Reviews which evidences the controls, procedures,
practices, and policies which have been effective.
30
For more information contact:
Lance S. Loria, CPA, FACHE, FAAMA
President
LORIA ASSOCIATES, LLC
14614 Falling Creek Drive, Suite 225
Houston, TX 77068-2941
281-880-6464 Direct
281-880-6465 Fax
[email protected]
31