With few exceptions, organizations in every sector and industry face compliance risks, and those risks grow every year. This is reflected in statistics that show compliance audits account for an increasing percentage of internal audit plans.
In health care, compliance with laws and regulations is critical. Not only do compliance breaches subject health-care providers to potential fines and penalties, they are often literally a matter of life or death. I think everyone could learn something from the way cultures of compliance are built within that highly regulated industry.
The U.S. Department of Health and Human Services (HHS) oversees hundreds, if not thousands, of regulations and rules designed to make the provision of health care safe and efficient. The department’s Office of Inspector General (OIG) has published a list of seven elements for effective compliance that offers sound advice for building a strong compliance culture, regardless of the industry.
As internal auditors are increasingly called upon to assess the effectiveness of their organizations’ compliance programs, they might do well to benchmark these compliance programs against the HHS OIG’s seven elements:
These seven steps offer a strong foundation for developing a healthy compliance culture. But let me offer a word of warning: While a strong compliance culture is an important goal for all organizations, internal audit functions should not fall into the trap of obsessing on compliance audits that find fault and offer no solutions.
Great internal auditors dig to find the root cause of compliance failures, then offer solutions. Stakeholders will quickly grow weary of audits that criticize and offer no way to help them improve the efficiency and effectiveness of their operations.
As always, I welcome your comments.