The University of Texas System The Fifth Conference Effective Compliance Systems in Higher Education June 5, 2007 Reporting: Duties & Responsibilities of a Compliance Officer and Area Responsible Parties - PowerPoint PPT Presentation

Loading...

PPT – The University of Texas System The Fifth Conference Effective Compliance Systems in Higher Education June 5, 2007 Reporting: Duties & Responsibilities of a Compliance Officer and Area Responsible Parties PowerPoint presentation | free to download - id: 3b7e8e-ZjFlN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The University of Texas System The Fifth Conference Effective Compliance Systems in Higher Education June 5, 2007 Reporting: Duties & Responsibilities of a Compliance Officer and Area Responsible Parties

Description:

Presentation to SJSU - November 18,2004 ... The Fifth Conference Effective Compliance Systems in Higher Education June 5, 2007 – PowerPoint PPT presentation

Number of Views:156
Avg rating:3.0/5.0

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The University of Texas System The Fifth Conference Effective Compliance Systems in Higher Education June 5, 2007 Reporting: Duties & Responsibilities of a Compliance Officer and Area Responsible Parties


1
The University of Texas SystemThe Fifth
ConferenceEffective Compliance Systems in Higher
EducationJune 5, 2007Reporting Duties
Responsibilities of a Compliance Officer and Area
Responsible Parties
  • Rick Moyer
  • Executive Director, Internal Audit and
    Institutional Compliance
  • Stanford University and Hospitals

2
Agenda
  • Stanford Facts/Overview
  • Institutional Compliance Coordinating Committee
  • Committee on Management Control and Compliance
  • Reporting to Board of Trustees
  • Assessment Process
  • STARS
  • Compliance Helpline
  • Next Steps
  • Questions

3
Stanford Facts/Overview
4
Major Components of Stanford
  • Stanford University
  • Stanford Hospital and Clinics
  • Lucile Packard Childrens Hospital
  • Stanford Management Company
  • Stanford Linear Accelerator Center

5
Stanford Facts
  • Total Consolidated Revenues FY06 4.5B
  • Total Revenue University FY06 2.9B
  • Total Revenue Hospitals FY06 1.6B
  • Sponsored Research FY06 994M
  • Total Gifts FY06 911M
  • Endowment end of FY06 14.1B
  • Total Assets Consolidated FY06 24.7B
  • Undergrad Enrollment Oct 2006 6689
  • Grad Enrollment Oct 2006 8201
  • Faculty Oct 2006 1418
  • Nobel Laureates 18
  • NCAA Directors Cups 12

6
Institutional Compliance ProgramBrief History
  • Planning Committee formed in 2000
  • Implementation plan approved by President and
    Audit Committee in Fall 2001
  • January 2002 first meeting of Compliance
    Coordinating Committee (19 original areas
    represented)
  • Original Program Goals
  • Coordinate the Universitys compliance assurance
    activities
  • Ensure the institutional perspective is always
    present
  • Assess existing programs against Federal
    Sentencing Guidelines
  • Implement early warning program for emerging
    compliance issues
  • Carry out specific compliance support activities
  • Taking on direct compliance responsibility and
    creating a new bureaucracy were outside the
    scope

7
Stanford University Internal Audit and
Institutional Compliance
  • Vision
  • To be a valued partner and advisor to management,
    faculty, and the Audit and Compliance Committee
    of the Board of Trustees
  • Mission
  • To assist University management and the Stanford
    Board of Trustees in identifying, avoiding, and
    where necessary, mitigating risks.
  • Charter
  • The Department is responsible for examining and
    evaluating the adequacy and effectiveness of the
    systems of internal control () and
  • procedures for financial and compliance
    monitoring and reporting.
  • The Executive Director of Internal Audit shall
    have the authority to make specific reports
    directly to the President () and shall have
    direct access to the Committee on Audit and
    Compliance.

8
Institutional Compliance Coordinating
CommitteeStanford University
9
ICCC Members
  • EHS
  • Hospital Compliance Officer
  • Office of Dean of Research
  • Office of Research Administration
  • Director of Research Compliance
  • Human Resources
  • Office for Campus Relations
  • Diversity and Access Office
  • Disability Resource Center
  • Dept. Athletics, PE, Recreation
  • Controller
  • Office of Development
  • School of Medicine
  • Office of Technology Licensing
  • SPCTRM
  • SMC CFO
  • SLAC
  • Registrar
  • Office of General Counsel
  • ITSS
  • Office of Dean of Admissions and Financial Aid
  • Department of Public Safety
  • Procurement
  • University Architect Planning
  • Risk Management
  • Internal Audit and Institutional Compliance

10
ICCC Topics Stanford University
  • Sexual Harassment
  • HIPAA Security
  • New Policy Updates
  • Human Research Protection Program
  • Institutional Conflict of Interest
  • Recent Compliance Developments
  • Receipt and Solicitation of Gifts from University
    Vendors
  • Revised Internal Audit Departmental Compliance
    Program
  • Basics of Communicating with the Media
  • Time Accounting and Reporting for Non-Exempt
    Employees

11
ICCC Topics Stanford University
  • Export Controls
  • Tax Exempt Organizations and Political Activity
  • New California Law on Data Security Reqmts for
    Researchers
  • Emerging Compliance Issues in Research
    Administration
  • Stanford/Packard Center for Translational
    Medicine (SPCTRM) Overview
  • Gift-Grant Policy Task Force
  • EHS Occupational Health Center
  • Human Embryonic Stem Cell Research
  • Annual Risk Assessment

12
ICCC Risk Assessment Top 10
  • Insufficient enforcement of underage drinking
    laws
  • Possible IRS audit of our responsible use of
    University unrestricted funds
  • Inadequate observance of University policies on
    timeliness and justification of expense transfers
  • Lack of expertise in employees with compliance
    responsibilities
  • Undisclosed financial relationships between
    faculty and outside businesses
  • Lack of emergency preparedness SU, hospitals,
    and SoM
  • Inaccurate faculty effort reporting and related
    monitoring
  • Insecure storage of restricted data
  • Lack of an adequate research administration
    support system
  • Use of restricted gifts in compliance with donor
    restrictions

13
ICCC Subcommittees
  • OFAC
  • Private Use and Tax Exempt Bonds
  • Postdoctoral Affairs
  • Expense Reimbursement Policy
  • Accessible Technology
  • Code of Conduct
  • Information Security and Privacy
  • Staff Conflict of Interest and Commitment
  • SEVIS
  • Institutional Training

14
Committee on Management Control and
ComplianceStanford Hospitals
15
CMCC Members - SHC
  • Chief Operating Officer (Chair)
  • Chief Compliance and Privacy Officer
  • Chief Information Officer
  • Chief of Staff
  • Chief Hospital Counsel
  • Chief Risk Officer
  • Chief Financial Officer
  • VP Patient Financial Services
  • VP General Services
  • VP Clinical Services
  • VP Human Resources
  • VP Ambulatory Care Services
  • VP Laboratory Services
  • Director Accreditation and Regulatory Affairs
  • Executive Director Internal Audit and
    Institutional Compliance

16
CMCC Topics - SHC
  • Industry Interaction Policy
  • Recovery Audit Contractor Results
  • Disaster Preparedness
  • Wrong Site Procedures
  • Clinical Trials Billing
  • Professional Fee Billing
  • Transplant Compliance
  • NPI Regulations and Compliance
  • Clinical Labs Compliance
  • Non-covered Services or Devices, Off-label and
    Product Recalls
  • ROI in Mental Health
  • Annual Risk Assessment

17
CMCC Risk Assessment Top 10 - SHC
  • Clinical Trials
  • Professional Fee Billing
  • Disaster Preparedness
  • Clinical Labs Adequacy and Compliance of
    Operations
  • EPIC System Implementation
  • CMS Engaged Recovery Audit Coordinator
  • Hospital Facility Fee Billing
  • Billing Hybrid Model
  • Conflicts of Interest
  • Technical Infusion Center Documentation and
    Coding

18
CMCC Members - LPCH
  • Chief Operating Officer (Chair)
  • Chief Compliance and Privacy Officer
  • Chief of Staff
  • Chief Hospital Counsel
  • Chief Risk Officer
  • Chief Information Officer
  • Chief Financial Officer
  • Chief Medical Officer
  • VP Patient Financial Services
  • VP Clinical Services
  • VP Ambulatory Services
  • VP General Services
  • VP, Human Resources
  • VP Patient Care Services
  • Director Accreditation and Regulatory Affairs
  • Executive Director Internal Audit and
    Institutional Compliance

19
CMCC Topics - LPCH
  • Clinical Trials Budgeting Process
  • Industry Interactions Policy
  • Hybrid Model
  • Disaster Preparedness
  • Lab Governance and Operations
  • Transplant Issues
  • Clinical Trials Billing
  • Professional Fee Billing
  • National Provider Identifier
  • Medication Systems
  • IT Systems
  • LINKS Conversion Status and Emergency
    Protocols/Order Entry
  • Communications Systems
  • Employee Immunizations
  • Annual Risk Assessment

20
CMCC Risk Assessment Top 10 - LPCH
  • Professional Fee Billing
  • Hospital Facility Fee Billing
  • IT Systems
  • Communication Systems
  • Employee Immunizations
  • Disaster Preparedness
  • Links System Conversion
  • Computerized Physician and Provider Order Entry
  • Billing Hybrid Model
  • Clinical Trials Billing

21
Questions re Compliance Committees
  • Do you have an Institutional Compliance
    Committee?
  • Who is represented on the committee?
  • Who chairs the committee?
  • How often does the committee meet?
  • What topics/issues are addressed by committee?
  • What other information is reported to the
    Compliance Officer (i.e. other than through a
    Compliance Committee)?

22
Reporting to Board of Trustees
23
Reporting to Board of Trustees
  • An annual Audit and Compliance report is provided
    to the Audit and Compliance Committee of the
    Board of Trustees
  • Report addresses major activities and
    accomplishments of the Institutional Compliance
    Program
  • Hours devoted to Institutional Compliance Program
  • ICCC Meetings
  • ICCC Subcommittees
  • Specific accomplishments (e.g. new Code of
    Conduct)
  • Early Warning Services provided
  • STARS Business Owner
  • Helpline Investigations
  • ICCC Topics and Subcommittees are itemized in an
    Appendix to the Annual Report

24
Questions re Board Reporting
  • What information do you report to your governing
    Board?
  • How often is this information reported?

25
Assessment Process
26
Compliance Assessment Tool
  • Standards, Policies, Procedures
  • Roles Responsibilities
  • Program Oversight
  • Awareness, Education, Training
  • Lines of Communication
  • Monitoring Evaluating
  • Enforcement
  • Corrective Action
  • Sufficient Resources

27
Standards, Policies, Procedures
  • Is there a code of conduct?
  • Are faculty and staff aware of code of conduct
    and related compliance expectations?
  • Are written policies and procedures in place and
    clearly communicated to manage compliance-related
    risks?
  • Do users know and understand them?
  • Are roles and responsibilities clearly specified?
  • Are monitoring and oversight processes in place
    to ensure policies and procedures are followed?
  • Do the monitoring and oversight processes work?
  • Is responsibility assigned to maintain and update
    policies and procedures to reflect changes in
    laws, regs., etc.?

28
Roles and Responsibilities
  • Are there clearly identified roles and
    responsibilities for those engaged in activities
    to mitigate compliance?
  • Do these individuals understand their roles and
    responsibilities?
  • Do these individuals have the information,
    skills, and authority to fulfill their compliance
    responsibilities?
  • Do these individuals adequately fulfill their
    responsibilities?
  • Are roles and responsibilities accurate, current,
    and easy to locate?

29
Program Oversight
  • Is there a regular process for responsible
    parties to inform management about compliance
    activities and concerns?
  • Is senior management appropriately aware of
    compliance activities and concerns?
  • Do University managers understand the
    significance of ethical conduct and compliance?
    (tone at the top)
  • Do faculty and staff believe ethical conduct and
    compliance are significant institutional
    expectations?
  • Has the university or area named a Compliance
    Officer with appropriate powers and expertise?
  • Does the Compliance Officer function effectively?

30
Awareness, Education, and Training
  • Is there a process to identify who needs to be
    provided with training, education, and awareness
    about compliance risks?
  • Does this process effectively identify new
    employees who need training/education?
  • Does this process effectively identify existing
    employees who need additional/ongoing training or
    education?
  • Is there a process to ensure those who need
    formal education or training on compliance risks
    receive the training?
  • Is attendance documented to ensure those who need
    the training/education receive it?
  • Are there processes to evaluate whether
    recipients of training/education understand the
    information delivered?
  • Are there processes to communicate emergent
    compliance issues, problem areas, and targeted
    awareness to those whose activities create
    compliance risks?
  • Are these processes effective?

31
Lines of Communication
  • Are there processes for faculty and staff to get
    answers to compliance-related questions?
  • Do faculty and staff know where to go to get
    answers to compliance-related questions?
  • Do they receive timely, accurate answers?
  • Is there a process to allow confidential
    reporting of compliance concerns?
  • Is the process in receiving and promptly
    responding to compliance concerns?
  • Have adequate protections been established for
    employees who lodge reports and employees against
    whom reports are made?
  • Is the process for protections effective and
    consistently followed?
  • Do faculty and staff know about and feel
    confident to use these processes?

32
Monitoring and Evaluating
  • Are there formal plans for ongoing monitoring of
    compliance activities?
  • Do the monitoring plans address high priority
    compliance risks?
  • Is regular monitoring conducted?
  • Are there formal plans for evaluating compliance
    effectiveness?
  • Do the evaluation processes address high priority
    compliance risks?
  • Are the results of compliance evaluations
    documented?
  • Is there a process to communicate the results of
    monitoring and evaluation to senior management?
  • Is senior management effectively informed of the
    results of compliance monitoring and evaluation?

33
Enforcement
  • Are there clearly established and well publicized
    consequences for violations of compliance rules?
  • Are the consequences understandable and
    effectively communicated?
  • Do faculty and staff believe there will in fact
    be consequences for violation of significant
    compliance rules?
  • Are employee retention, advancement, and
    compensation expressly tied to compliance
    expectations?
  • Do employees believe adherence to compliance and
    ethical standards is part of their retention,
    advancement, and compensation?

34
Corrective Action
  • Is there a system for prompt and adequate
    investigation of detected non-compliance by
    appropriate officials?
  • Are incidents promptly and adequately
    investigated?
  • Is there a system to ensure timely and
    appropriate corrective action is taken?
  • Are appropriate corrective actions taken?
  • Is there a process for reporting (internally and
    externally) compliance violations?
  • Are compliance violations properly and promptly
    reported?
  • Is there a process to ensure detected violations
    are not systemic problems or indicators of larger
    compliance issues?
  • Are appropriate mechanisms in place to ensure
    similar breakdowns do not occur and that systemic
    problems are corrected?

35
Sufficient Resources
  • Is there a process to evaluate whether adequate
    resources are provided to support compliance
    functions based upon risk levels?
  • Has the University provided adequate resources to
    implement necessary compliance practices?

36
Compliance Assessment Results
37
STARS
38
STARS
  • Stanford Training and Registration System (STARS)
    is the Learning Management Systems for
    Stanford University
  • STARS is a component of our PeopleSoft system
  • Institutional Compliance is the process owner of
    STARS
  • STARS is designed to capture all compliance
    related training
  • STARS is a key reporting tool for
    compliance-related training

39
Compliance Helpline
40
Compliance Helpline
  • Stanford employees who have concerns of any kind
    stemming from possible noncompliance with
    government or external agency regulations,
    related University policies, errors or
    irregularities in Stanfords financial accounting
    practices or policies can report them.
  • Raising such concerns is a service to the
    University and will not jeopardize your
    employment.
  • The Compliance Helpline is confidential,
    anonymous (if desired), and resolution will be
    made by knowledgeable individuals.
  • The program is managed by the Executive Director
    of Internal Audit and Institutional Compliance.
  • All contacts are communicated to the General
    Counsel and the Chair of the Audit and Compliance
    Committee.
  • Submissions may be made via
  • Web, Email, Phone, Fax

41
Next Steps
42
Next Steps
  • Expand roles and responsibilities of Institute
    Compliance Officer
  • Update Website
  • Conduct Program Assessment during next fiscal
    year
  • Enhance capabilities and support of STARS
    Learning Management System
  • Develop schedule for functional areas to report
    at ICCC meetings

43
  • Questions?
  • http//www.stanford.edu/dept/Internal-Audit/
  • rick.moyer_at_stanford.edu
  • 650-736-1201
About PowerShow.com