Is Your Corporate Compliance Program Well-Designed?

According to the DOJ, certain factors indicate a well-designed compliance program. It is comprehensive, thereby maximizing the effectiveness of the program in preventing and detecting misconduct; sends a clear message of zero tolerance for misconduct regardless of position within the company; and is well-integrated into the company’s day-to-day operations. What goes in to making a compliance program structure, comprehensive?

Seven Fundamental Elements

It goes without saying of course that a well-designed compliance program encompasses each if the seven fundamental compliance program elements:

  1. Written policies, procedures and standards of conduct.
  2. Designating a compliance officer and compliance committee.
  3. Effective training and education.
  4. Open lines of communication.
  5. Internal auditing and monitoring.
  6. Well-publicized disciplinary standards.
  7. Prompt response to detected offenses, including corrective action.

Risk Assessment

But in addition to ensuring the compliance program encompasses the 7 fundamental elements, the DOJ guidance emphasizes the importance of the performance of a risk assessment on a periodic basis. The reason is because the risk assessment is foundational, assisting the organization in identifying company and industry-specific risk areas so that it can tailor its compliance workplan around the identified high-risk areas. When performed correctly, It also serves as a living document, updated routinely as lessons are learned within the organization from compliance missteps.


Integration requires that in addition to ensuring the compliance program addresses all areas/entities within the organization, that it also touches upon other common relationships, such as third-party vendors and potential new acquisitions. How are third party vendors vetted to ensure they have not had previous compliance issues? How does your organization ensure that the vendor knows about the existence of the compliance program and how to report (and the expectation that they report) compliance concerns? What policies exist to ensure that agreements with vendors adequately state the business need and document the reasonable fees in exchange for the services? Have these relationships been reviewed as part of your compliance workplan? Also, with mergers and acquisitions in healthcare continuing to be an important business strategy, how and to what extent does your organization subject potential targets to compliance diligence? The answer to this question reflects how well-designed your compliance program is because doing so provides your organization with an understanding of what potential existing compliance concerns there are so that the deal structure can be tailored, as necessary, and the organization can implement its post-acquisition integration plan, including remediating any existing known issues.In summary, be sure to maximize the effectiveness of your compliance program by structuring it in a robust, comprehensive manner.For additional information, please see our white paper Compliance Program Effectiveness.Coker has a full menu of compliance services available, including the following:

  • Mergers and acquisitions compliance diligence
  • Root cause analysis facilitation
  • Physician compensation governance procedures

Contact Coker Group today for more information regarding your organization's compliance program.

Related Insights