Microsoft PowerPoint -
CH01-#12487361-v2-HCCA_-_Corporate_Scandals__SOX_and_the_Not-for-Profit
[Read-Only]Audit & Compliance Gardner Carton &
Douglas
Committee Academy Chicago, IL
Orlando World Center Copyright 2006
Marriott Resort
Orlando, FL
• To analyze the public policy aspects of SOX.
• To relate applicable public policy to healthcare and NFPs.
• To translate that public policy into operations for audit and
compliance committees.
3
Corporate Scandals, SOX
and the Not-for-Profit
• In the process, I’ll try to: • Explain why this arena is getting
so much
attention today.
• Indicate what I think our priorities should be.
• Answer as many of your questions as I can.
4
Corporate Scandals, SOX
and the Not-for-Profit
• I assume that I’m here today because of a presentation to SCLHS
audit committees last November.
• CHAN is their contract internal auditor. • Spoke on the role of
audit committees in NFP
healthcare governance.
• Compliance committees. • Compliance in general.
5
• Good leadership
• Good education.
• Good committees.
• But we get ahead of ourselves. What about scandals?
6
Corporate Scandals, SOX
and the Not-for-Profit
• What makes a worthwhile corporate scandal today? • Usually a
supposedly strong organization tanks and/or
its leaders are convicted of wrongdoing. • Not just any
organization. • One in which “the public” has an interest:
• Shareholders are the public • Other owners are the public (NFP).
• Pensioners and employees are the public. • Patients are the
public. • Other consumers are the public.
• See www.citizenworks.org/enron/corp-scandal • See
www.google.com/corporatescandals
Corporate Scandals, SOX
and the Not-for-Profit
• If the public is harmed by corporate scandal, it is a cause for
“reform.”
• The bigger the financial harm ($$$), the surer (and sometimes
faster) the reform.
• Virtually no industry today in the U.S. comes ahead of healthcare
as an expense and as a possible source of public harm when
abused.
• For evidence of that, we turn to the GAO: – Formerly General
Accounting Office
– Now Government Accountability Office
Corporate Scandals, SOX
and the Not-for-Profit
• As with abuse of pensions, stock and stock option values, and
other “public interest” property, abuse of expenditures (public and
private) in healthcare calls for reform.
• But, what types of reforms?
• Answer:
13
Corporate Scandals, SOX
and the Not-for-Profit
• And do we in healthcare have such reforms on the books
today?
• Answer: Yes, there are several.
• Medicare antikickback and Stark laws.
• Intermediate sanctions law.
• Not-for-profit corporation laws.
• Hospital licensing laws.
• Sarbanes-Oxley Act (SOX).
• Experience shows that nearly all health industry audit and
compliance committees:
• Know about the Medicare antikickback law.
• Know about the Stark law.
• Know a little about SOX (and aren’t quite sure why).
• But they also know little or nothing about intermediate
sanctions, the antitrust laws, the not-for-profit corporation laws
and the hospital licensing laws.
15
• Medicare and Medicaid are every hospital’s biggest
customers.
• As the pie gets smaller, the table manners get worse.
• Congressman Stark didn’t want CMS to have to live by the same
criminal standards as everyone else.
• The OIG has adopted “regulation by intimidation.”
• The OIG has convinced many that he invented the term “corporate
compliance.”
16
Corporate Scandals, SOX
and the Not-for-Profit
• The fact is that the fiduciary director/trustee of the NFP
hospital has an enforceable Duty of Care that extends to all
regulatory applicable laws.
• Accordingly, most compliance committees and some audit committees
have an abbreviated view of their duties.
• While prioritization in favor of the OIG’s concerns may make some
sense, the job is much bigger.
• Because of this reality, this academy and its sponsoring
organizations need a more panoramic vision.
• Again, to illustrate, I use the GAO:
18
Corporate Scandals, SOX
and the Not-for-Profit
• Returning from my digression with a broader context for corporate
compliance and the “accountability profession,” why does NFP
healthcare worry about SOX?
• Except for the whistleblower provisions, SOX applies at present
only to publicly-held entities regulated by the SEC.
• But NFP healthcare is also, in a way, publicly-held.
• Benjamin Franklin saw to that.
• Alexis de Tocqueville memorialized it – Democracy in
America.
• And we are its beneficiaries.
19
law to SOX, then private, but publicly-owned NFPs should at
least pay attention.
• The rationale of SOX fit pretty well to the governance duties
of
healthcare NFPs.
– Audit committee – no senior managers.
– Audit committee – at least one “expert.”
– Audit committee – auditors hired by committee, not
management.
– Audit committee – auditors not also consultants.
– Audit committee – no auditor “alums” as officers.
– Audit committee – prohibition of coercion of auditors.
– Audit committee –authority to hire counsel and others.
– Audit committee – rotate key auditor partner.
20
– General counsel –empowered to blow whistles to board, etc.
– Senior managers – no personal loans.
– Senior managers – barring as “unfit” when convicted.
– Senior managers – must adopt Code of Ethics.
– Senior managers – required certification of financials.
– Senior managers – must assess internal financial controls.
– Senior managers – loss of bonuses for restated financials.
– Consultants – new conflict of interest rules.
– Everyone-crime for retaliation vs. whistleblowers.
– Everyone-crime for destroying certain financial records.
– Everyone-lengthened statute of limitations on these crimes.
– Everyone-SEC freeze of amounts payable during
investigations.
– Everyone-strengthening of fines and prison terms for
violations.
21
Corporate Scandals, SOX
and the Not-for-Profit
• This does not mean that all NFP organizations must abide by all
SOX rules.
• It does mean that each of them ought to assess the SOX rules,
both statutory and regulatory, to see which ones may make sense to
follow.
• Who should do that assessment?
• The board audit and compliance committees.
• How frequently?
22
Corporate Scandals, SOX
and the Not-for-Profit
• How many here have compliance committees at the board level,
regardless of the name?
• How many have audit committees at the board level, regardless of
the name?
• This reflects the evolutionary process of corporate compliance
and of governance sophistication.
• You don’t achieve either easily or overnight.
• But the objective must be there, despite its being a work in
progress.
23
• Analogously, NFP boards’ duties include oversight and
responsibility for the quality of care.
• Yet hospital boards have also been slow to assert themselves into
the quality arena, except in crises.
• I don’t find that it piques much interest to tell hospital boards
that good corporate compliance at the board level helps them under
the federal sentencing guidelines. They just don’t relate to
that.
• Instead, I have found it better to emphasize their duties of
loyalty and care, with examples, and then to talk about best
practices.
24
Corporate Scandals, SOX
and the Not-for-Profit
• Audit committees and compliance committees and their respective
compliance officers or staff can play a major role in identifying
governance best practices.
• Examples include:
– Committee membership/observers.
– Agenda practice regarding conflicts and dualities.
– Serious attention to how minutes deal with compliance.
– Better integration of compliance with risk management.
25
Corporate Scandals, SOX
and the Not-for-Profit
• Audit and compliance committees need to think about how best to
interact with governance/vice versa.
• NFP healthcare boards and their committees clearly need to crawl
before they try to run.
• But if they crawl too long, they become more of the compliance
problem than they are the solution.
• In 2006, it’s time to work together more to enhance both
governance and compliance.
LEBjr