Top

US DOJ - Tips on Evaluating Your Compliance Program

The United States Department of Justice created and made public a set of specific criteria questions that organizations can use to effectively evaluate their compliance departments and programs. We've pulled out eleven of the most important areas and have provided their specific evaluation questions below...

RISK ASSESSMENT PROCESS

  • What methodology has the company used to identify, analyze, and address the particular risks it faced?

MANIFESTED RISK

  • How has the company's risk assessment process accounted for manifested risks?

EFFECTIVENESS OF THE REPORTING MECHANISM

  • How has the company collected, analyzed, and used information from its reporting mechanisms?

RESPONSE TO INVESTIGATIONS

  • Has the company's investigation been used to identify root causes, system vulnerabilities, and accountability lapses?

CONTROL TESTING

  • Has the company reviewed and audited its compliance program in the area relating to the misconduct, including testing of relevant controls, collection and analysis of compliance data, and interviews of employees and third-parties?
  • How are the results reported and action items tracked?
  • What control testing has the company generally undertaken?

EVOLVING UPDATES

  • How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices?

GATEKEEPERS

  • Has there been clear guidance and/or training for the key gatekeepers in the control processes relevant to the misconduct?

APPLICABLE POLICIES AND PROCEDURES

  • Has the company had policies and procedures that prohibited the misconduct?

  • How has the company assessed whether these policies and procedures have been effectively implemented?

PAYMENT SYSTEMS

  • How was the misconduct in question funded (e.g. purchase orders, employee reimbursements, discounts, petty cash)?

RESPONSE TO INVESTIGATIONS

  • What has been the process for responding to investigative findings?
  • How high up in the company do investigative findings go?

CONTROL TESTING

  • How are the results reported and action items tracked?
  • What control testing has the company generally undertaken?

Compliance is a complex and important subject to keep in mind. Whether your organization needs to adhere to HIPAA policies or Sarbanes-Oxley regulation, compliance practices need to be defined, reviewed, and adhered to. But what are the post evaluation steps once you've identified potential deficiencies?

K2 Compliance addresses many areas within this evaluation and provides a solution to improve your compliance management process.

Powered by Etactics, Inc.

 How The US Department of Justice Evaluates Compliance infographic