|
Background
Regulations governing our activities are increasing
rapidly both in number and complexity. Oversight agencies frequently
promulgate new regulations, or offer new interpretations of existing
ones. New regulations often cross traditional agency boundaries and
contain multiple mandates. This has resulted in a significant burden
for administrative, research and clinical programs. Furthermore,
the overlap of agency jurisdiction also means that the traditional
concept of a single functional unit having complete responsibility
for compliance is no longer valid.
In 1987, the Federal Sentencing Guidelines (FSG) provided
a framework for what has been accepted as a model for institutional
compliance programs. In September 2003, the Department of Health
and Human Services, Office of Inspector General, published a notice
seeking input from interested parties to develop compliance program
guidance (CPG) documents. The guidelines published were similar to
those of the FSG and outline eight critical elements commonly perceived
as necessary for a comprehensive compliance program.
These eight elements include:
- Implementing written policies and procedures that foster
an institutional commitment to stewardship and compliance
- Designating
a compliance office and compliance committee
- Conducting
effective training and education
- Developing effective lines
of communication
- Conducting internal monitoring
and auditing
- Enforcing standards through
well-publicized disciplinary guidelines
- Responding
promptly to detected problems, undertaking corrective action,
and reporting to the appropriate Federal agency
- Defining roles
and responsibilities and assigning oversight responsibility
with a discussion of importance of effective delegation of oversight
authority
Back to top
UCSF Activity
In response to the need for a more coordinated approach to regulatory
compliance UCSF established a campus-wide
Chancellor's
Steering Committee for UCSF Comprehensive Compliance and Internal
Controls Programs to ensure that appropriate compliance policies
and procedures are in place and widely understood by the campus community.
In addition, the committee’s charge is to provide ongoing assessment
of compliance with established policies and procedures; and make
recommendations for improving the effectiveness of the Comprehensive
Compliance Program.
Back to top
UCSF Compliance
Matrix
The Committee developed a simple matrix to determine
the status of compliance for our programmatic areas.
The purpose
of the matrix is two fold:
- to assist the functional owners
with a basic review
of their programs’ compliance, and
- to be used as a tool for the
Steering Committee to assess the overall compliance effort
across the University.
This process was not intended to be a quantitative
risk assessment
exercise, but rather a high level review to provide information
about the compliance infrastructure from the perspective
of functional
owners.
The matrix uses a simple numerical scale of 0 (no program)
- 5 (fully implemented program) to rank each compliance area
or element.
The results of the evaluations indicate that UCSF currently
has
compliance strategies addressing many of the major programmatic
areas. It further identified the areas that require modification
to accommodate a more integrated approach to compliance.
All UCSF
units and departments are strongly encouraged to use the “matrix” as
a guideline to evaluate their own internal compliance and controls programs.
Back to top
Charge
of, and Membership of, the Committee
Please review the Committee
appointment letter.
Back to top
Federal Sentencing Guidelines Section 8A1.2
Application Instructions
- Organizations
An "effective program to prevent and detect
violations of law" means a plan that has been reasonably
designed, implemented, and enforced so that it will be
effective in preventing
and detecting criminal conduct. Failure to prevent or detect
the instant offense, by itself, does not mean that the program
was
not effective. The hallmark of an effective program to prevent
and detect
violations of law is that the organization exercised due diligence
in seeking to prevent and detect criminal conduct by its employees
and other agents. Due diligence requires at a minimum that
the organization must have taken the following types of steps:
- The organization must have established compliance standards
and procedures to be followed by its employees and other
agents that
are reasonably capable of reducing the prospect of criminal
conduct.
- Specific individual(s) within high-level personnel
of the organization must have been assigned overall responsibility
to oversee compliance
with such standards and procedures.
- The organization
must have used due care not to delegate substantial discretionary
authority to individuals whom the
organization knew,
or should have known through the exercise of due diligence,
had a propensity to engage in illegal activities.
- The
organization must have taken steps to communicate effectively
its standards and procedures to all employees
and other agents,
e.g., by requiring participation in training programs
or by disseminating publications that explain in a practical
manner
what is required.
- The organization must have taken reasonable
steps to achieve compliance with its standards, e.g., by
utilizing monitoring
and auditing systems reasonably designed to detect
criminal conduct by its employees and other agents and by having
in place and
publicizing
a reporting system whereby employees and other agents
could
report criminal conduct by others within the organization
without fear
of
retribution.
- The standards must have been consistently
enforced through appropriate disciplinary mechanisms, including,
as appropriate,
discipline of
individuals responsible for the failure to detect an
offense. Adequate discipline of individuals responsible for an
offense
is a necessary
component of enforcement; however, the form of discipline
that will be appropriate will be case specific.
- After
an offense has been detected, the organization must have
taken all reasonable steps to respond appropriately
to
the offense
and to prevent further similar offenses -- including
any necessary modifications to its program to prevent and detect
violations
of law. The precise actions necessary for an effective
program to
prevent and detect violations of law will depend upon
a
number of factors.
Among the relevant factors are:
- Size of the organization
-- The requisite degree of formality of a program to
prevent and detect violations of law will
vary with the size of the organization: the larger
the organization, the more
formal the program typically should be. A larger
organization generally should have established written policies
defining the standards
and procedures to be followed by its employees
and other agents.
- Likelihood that certain offenses may occur because
of the nature of its business -- If because of the
nature of an organization's
business there is a substantial risk that certain
types of offenses may occur, management must have taken steps
to prevent
and detect
those types of offenses. For example, if an organization
handles toxic substances, it must have established
standards and procedures
designed to ensure that those substances are
properly handled at all times. If an organization employs sales
personnel
who have
flexibility
in setting prices, it must have established standards
and
procedures designed to prevent and detect price-fixing.
If
an organization
employs sales personnel who have flexibility
to represent the material characteristics
of a product, it must have established standards
and procedures designed to prevent fraud.
- Prior history of the organization
-- An organization's prior history may indicate types
of offenses that it should
have taken
actions to prevent. Recurrence of misconduct
similar to that which an organization has previously committed
casts
doubt on whether
it took all reasonable steps to prevent such
misconduct. An organization's failure to incorporate and follow
applicable
industry practice
or
the standards called for by any applicable governmental
regulation weighs against a finding of an effective program
to prevent and detect violations of law.
|
