This post is Part I of a three part series on building a compliance program by Chris Cobourn and Clarissa Crain of Compliance Implementation Services (CIS). For your convenience, the entire whitepaper is available for download at the bottom of the page.
“Drug companies that do not have a compliance strategy in place may soon pay a very high price.” Deborah Autor, Director of Compliance at FDA’s Center for Drug Evaluation and Research (CDER)
The concept of Commercial Compliance in U.S. manufacturing has evolved very quickly over the past five or six years, resulting in increased regulatory requirements and investigation activity. While the security of the supply chain and the ethical promotion of drugs has been a significant focus, recent investigative trends show a shift in the Government’s focus. The U.S. Federal Government and various State Governments are becoming increasingly interested in sales, marketing and distribution activities that ultimately affect the sales or prices witnessed by the Government.
The need for a manufacturer to understand and mitigate the risk of doing business with U.S. Federal Government is real. Various enforcement agencies exist across State and Federal Government. The Office of the Inspector General (OIG) which supports the Health and Human Services (HHS) is one of the most common enforcement agencies representing the Federal Government in the Commercial Compliance space. Responsible for the prevention and detection of fraud, waste, abuse and mismanagement in programs legislated by the Social Securities Act, the OIG conducts and supervises audits, evaluations and investigations within Commercial Compliance.i
The best, most appropriate measure of the effectiveness of a manufacturer’s risk management program is to evaluate it against a standard of enforcement agency audit. Utilizing OIG Audit Readiness as a standard of measure helps develop the highest level of compliance.
With senior management aligned on risk, and by establishing your audit and monitoring programs to manage risk, you can develop transparency and a roadmap that will demonstrate that you take compliance seriously and have developed an effective Compliance Program. So don’t make monitoring and audit the “tail of the dog” that you apply at the end; use it up front to define your strategy and develop better compliance.
Through a series of steps, you can develop a Risk Profile and a Risk Management Program, with monitoring and audit as key components.
Step one is to understand the Government’s view of risk. A manufacturer can get a clear understanding of the OIGs view of risk by reviewing the following:
Step two is to conduct an initial assessment. The initial assessment activity must be deep enough and broad enough to look at all of the potential risk areas. The initial assessment can be used as the basis for developing your Risk Profile and your Risk Management Plan, and will identify compliance gaps so that you can develop a management action plan.
Step three, develop the plan and roadmap. As a result of the assessment activity, you will be able to identify compliance risks which may require immediate attention, develop a Risk Profile based upon the findings (matching the defined Government risk areas to your company), and develop a Risk Management Plan and a roadmap.
Step four is alignment. This is often the hardest step, as it can involve a change in the corporate culture. This involves bringing the results of the assessment to senior management and the Compliance Committee. This can be done in a coordinated effort between Internal Audit, the Compliance Officer, and Internal Counsel. Alignment on the Risk Profile and Risk Management Plan is necessary for the Compliance Officer and Internal Audit to develop a plan that is achievable, and has management agreement.
With an evaluation of risk complete and prioritized, a company must now develop a Risk Management Strategy. Commercial Risk Management is a strategic program designed to decrease compliance risks by using one or more evaluation techniques to identify potential risk. Evaluation techniques may vary, however the most effective Risk Management programs use two or more techniques/tools to proactively identify and mitigate potential risk.
The OIG defines Risk Management as seven elements of compliance, with core elements defined as: Auditing and Monitoring, Enforcing Standards through Well-Publicized Disciplinary Guidelines and Responding to Detected Offenses and Developing Corrective Action Initiatives.
OIG’s Seven Elements of a Successful Compliance Programii
i – Mission. http://www.oig.hhs.gov/. Accessed February 15, 2009.
ii – iiOIG Compliance Program Guidance for Pharmaceutical Manufacturers. Federal Register. Volume 68. Number 86. April 23, 2003.
Editor’s note: Over the next few weeks, we will be posting Part II and Part II of this whitepaper. If you would rather not wait, follow the link to download the entire CIS whitepaper, Building a Compliance Program.
About Compliance Implementation Services (CIS)
Compliance Implementation Services (CIS) is a consulting firm specializing in compliance strategies for pharmaceutical companies, from Global Clinical Research & Development through U.S. Commercial Compliance and Government Programs. Founded in 2004, our deep understanding of industry laws and regulations, innovative and practical applications and custom solutions help our clients establish a “Culture of Compliance” that is both meaningful and practical.
For more information, please see our website: http://www.cis-partners.com
About the Authors
Chris Cobourn is the VP of Regulatory Compliance. He has worked with the industry in Commercial and Government Contracting for over a decade, from the policy and procedure development perspective, as well as systems and audit.
Chris works closely with pharmaceutical manufacturers in areas related to management of Government Programs, including policy review, methodology development, policy and procedure documentation, systems implementation, as well as Class of Trade and related commercial systems.
Clarissa Crain is a consultant specializing in Commercial Compliance at Compliance Implementation Services (CIS), a consulting firm specializing in compliance strategies for pharmaceutical companies.
Clarissa’s background includes Corporate Compliance, Distribution Compliance and Government Programs Compliance.