compliance auditing monitoring n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Compliance Auditing & Monitoring PowerPoint Presentation
Download Presentation
Compliance Auditing & Monitoring

Loading in 2 Seconds...

play fullscreen
1 / 22

Compliance Auditing & Monitoring - PowerPoint PPT Presentation


  • 135 Views
  • Uploaded on

November 16, 2004. Compliance Auditing & Monitoring. 3.02 Auditing and Monitoring for Compliance. Sheryl Vacca, CHC West Coast Practice Leader, Life Sciences & Health Care Regulatory Deloitte & Touche LLP. Karen R. Lines, Esq. Associate General Counsel Genentech, Inc.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Compliance Auditing & Monitoring' - teryl


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
compliance auditing monitoring

November 16, 2004

Compliance Auditing & Monitoring

3.02 Auditing and Monitoring for Compliance

Sheryl Vacca, CHC

West Coast Practice Leader,

Life Sciences & Health Care Regulatory

Deloitte & Touche LLP

Karen R. Lines, Esq.

Associate General Counsel

Genentech, Inc.

South San Francisco, CA

building the emerging model
Building the Emerging Model

Code of Conduct

Corporate Policies

Board & Executive Committee

Corporate Compliance Program

Compliance Standards

Financial Risk

Regulatory Risk

Systems/IT Risks

Operational Risks

Standard

Operating Procedures

Day-to-Day Operations

Departmental

Procedures

the compliance program design dilemma
Designing an integrated compliance program that operates as one unit rather than many silos is challenging

The business’s processes and operations often function in silos

The compliance-related risks touch every aspect of the organization’s business & are difficult to “compartmentalize”

The design should be based upon the organization’s business strategies

The design should result in an organization-wide compliance monitoring plan

The Compliance Program Design Dilemma

Business

Strategy

Risk Mitigation

Monitoring

Business Processes

create a compliance crosswalk
Create a Compliance “Crosswalk”
  • Monitoring plan should be designed with the Compliance Program dilemma in mind.
  • Monitoring creates the crosswalk between the Business Strategies and the Risk Areas.

Monitoring

Quality Control and Drug Safety

Vaccines will be available for the public

Risk Area

Apply to more than

one business strategy

Business Strategy

Will be impacted by

many risk areas

Monitoring

focus on regulatory risks and controls
The vast majority of health care/life science regulatory & compliance program requirements align with Sarbanes & Internal Audit standards.Focus on Regulatory Risks and Controls
  • Federal Sentencing Guidelines
    • Calls for evaluation of internal controls
  • HHS Office of Inspector General
    • Regulatory-specific standards
    • Employee Training
    • Compliance Audits
  • Sarbanes
    • Calls for evaluation of internal controls
  • COSO Standards
    • Compliance with laws and regulations
how sarbanes 404 integrates into your auditing and monitoring
How Sarbanes 404 Integrates into your Auditing and Monitoring
  • Objectives
    • Operations
    • Financial reporting
    • Compliance
  • Components of a 404 Readiness
    • Monitoring
    • Information & Communication
    • Control Activities
    • Risk Assessment
    • Control Environment
auditing and monitoring cycle
Auditing and Monitoring Cycle

Develop Review

Criteria

Define

Review Scope &

Assumptions

Define Review

Sample

Reaudit

Define Methodology

Education, Remedial Action

Review

Process for

Each Risk Area

Test Inter-rater

Reliability with Multiple Reviewers

Finalize Report &

Corrective Action Plan

Conduct Review

Obtain

Management

Response

Validate Findings

Document

Observations & Findings

continuous monitoring cycle
Continuous Monitoring Cycle
  • Monitoring never ends… each review leads to the next, and the monitoring plan and unplanned issues drive additional monitoring activities. It is a continuous process…

Re-audit and add new audits to the cycle

Define

Review Scope &

Assumptions

Finalize Report

& Corrective

Action Plan

Finalize Report

& Corrective

Action Plan

Define

Review Scope &

Assumptions

Finalize Report

& Corrective

Action Plan

Develop Review

Criteria

Define

Review Scope &

Assumptions

Develop Review

Criteria

Obtain

Management

Response

Document

Observations

& Findings

Define

Review

Sample

Obtain

Management

Response

Develop

Review

Criteria

Define

Review

Sample

Document

Observations

& Findings

Conduct

Review

Document

Observations

& Findings

Define

Review Sample

Conduct Review

Test

Interrator

Reliability

Test

Interrator

Reliability

Conduct Review

Re-audit and add new audits to the cycle

practical considerations related to auditing and monitoring strategy
Practical Considerations Related to Auditing and Monitoring Strategy
  • Developing your Auditing and Monitoring Plan
    • Deciding what to monitor
      • Prioritize Risk Areas
        • Internal Factors, i.e.: any system changes, people changes, new practice, etc.
        • External Factors, i.e.: new regulation, national and local enforcement activity
      • Compliance Program evaluation
      • Identify controls that make the process work : PROCESS AUDIT
      • Determine overall purpose effective: OUTCOMES AUDIT
    • Resources available to execute plan
    • Consider integration with Internal Audit Plan
    • Identify timeframes for audits
    • Communication and Commitment to Plan
developing your audit approach
Developing Your Audit Approach
  • Deciding the scope
    • Narrow down the purpose of the audit
    • Avoid scope creep before you start
  • Resources available to execute the audit
  • Methodology
  • Sample size determination
  • Communication/Reporting Results
sampling methodologies
Sampling Methodologies
  • Things to Consider:
    • The purpose of the sample or the review objective
    • The universe/population/sources of data
    • The size of the sample
    • What you are going to do with the results
sampling methodology
What should you consider before you decide what your sample size will be?

Who do you expect to share the information with and what is their frame of reference?

Are you trying to figure out whether there is really a problem?

What is the organization’s perspective on “fixing” problems?

What resources are available to audit this area?

Does Senior Management agree this risk area is important?

What is the worst case scenario if this audit reflects unfavorable outcomes?

Attorney/Client Privilege?

Sampling Methodology
purpose of the sample
Is the review for:

Self - disclosure?

Education?

Part of an on-going monitoring plan?

Response to the federal government, subpoena, carrier or FI?

Known risk area?

Purpose of the Sample
other considerations
Other Considerations
  • Priority
    • Internal
    • External
  • Timeframe of data collection
    • concurrent
    • retrospective
  • Availability of data
    • Manual
    • Leverage Technology
leveraging technology
Leveraging Technology

Sophistication of solution

practical application case study
Define Review Scope & Assumptions

Develop Review Criteria

Conduct Review

Document Findings and Observations

Obtain Management Response

Finalize Report & Corrective Action Plan

Practical Application : Case Study

Risk Area

Review Process

Compliance Training

Managed Care Contracting

case study
Define Review Scope & Assumptions

Conduct interviews with Business Process Owners

Review Policies & Procedures

Review Education and Training materials

Document scope & assumptions

Develop Review Criteria

Test Review Criteria

Enter criteria into database

Conduct Review

Review documentation

Enter findings into database

Document Findings and Observations

Query database for exception findings

Summarize observations

Develop recommendations

Obtain Management Response

Share findings with Business Process Owners

Obtain reactions to recommendations

Draft a Corrective Action Plan

Finalize Report & Corrective Action Plan

Case Study

Review Process

Risk Area

Compliance Training

Managed Care Contracting

sample report card
Sample Report Card
  • Develop the Report Card

Department

Risk Area

Inducements

Privacy

Privacy Notice

Employee Training

Complaints

Employee Discipline

Authorizations

Minimum Necessary

Access to Records

Amendment of Records

Confidential Communications

Facility Directory

Business Associate Agreements

Admissions

Customer Service

Marketing

Medical Records

Or

integration into business strategy
Integration into Business Strategy
  • Use monitoring findings to develop and document ROI
  • Assist the business process owners to identify root cause of findings
  • Use corrective action to enhance efficiency and mitigate risk
  • Organization-wide (vs. silo) allow program leverage
summary
Summary
  • An effective Auditing and Monitoring approach provides a method to:
    • Assist in identifying risk to the business that may have been otherwise undetected internally
    • Assist by identifying if the controls developed to remediate a risk are working and have actually helped to mitigate the risk
    • Assist with preventing a real and/or potential risk from escalating by early detection through auditing which may help avoid additional harm to the company’s business
    • Provides a “good faith” organization the ability to approach their real and/or potential risk weaknesses with a reasonable, scaleable method
  • Auditing and Monitoring is a critical element for an effective compliance program which helps to drive compliance and behavior.
slide22
Karen R. Lines, Esq.

Associate General Counsel

Genentech, Inc.

South San Francisco, California

krl@gene.com

(650) 225-8673

Ms. Lines is Associate General Counsel with Genentech, Inc. in South San Francisco, California. Genentech, Inc. is a biotechnology company that discovers, develops, manufactures and markets human pharmaceuticals for significant unmet medical needs. She manages a team of lawyers responsible for providing legal advice and guidance to Genentech’s commercial organization. In the past few years, much of her focus has been on leading ongoing efforts to enhance Genentech’s Commercial Compliance Program. She began her legal career in private practice in Wilmington, Delaware. Ms. Lines is admitted to the practice of law in California, Delaware and Pennsylvania.

Sheryl Vacca, CHC

West Coast Practice Leader

Life Sciences and Health Care Regulatory

Deloitte & Touche LLP

(714) 436-7710

svacca@deloitte.com

Ms. Vacca is the West coast Leader for Deloitte & Touche’s National Life Sciences and Health Care Regulatory practice. She has assisted several life science companies develop their compliance programs, investigations, perform risk assessments and develop auditing and monitoring plans for the compliance department. She has significant experience consulting with life sciences and health care organizations on compliance issues including self disclosure, writing plans of correction, implementing systems in response to plans of correction, implementing QA systems and general regulatory compliance.