You are on page 1of 1

A Compliance Plan is a public, written document that details those policies that the organization adheres to regarding its

implementation of the elements of compliance. This document is expected to be an accurate reflection of what is in place at any one time, and is expected to undergo regular, periodic review and revision to ensure that it is always in step with the compliance activities of the organization. It is a living, breathing document. An effective compliance program, on the other hand is a set of formal organizational systems intended to prevent, detect, and respond to potential problems identified by employees and other agents. A compliance program cannot, by definition, exist only on paper. It is a mindset, an operational model for how an organization has internalized the concepts and intent of a compliance culture and made it their own. An effective compliance program is not a thing-in-a-box. In my experience, the best compliance programs evolve over time. One of the required building blocks in creating an effective compliance program is to have an accurate Compliance Plan, among a list of other things. Any organization that attempts to circumvent the process of developing a tailored compliance program for their own organization is really exposing itself to significant risk for having unrecognized/unaddressed problem cauldrons that are boiling away until they are identified by an outside party with the resulting negative audit findings and recoupment. It is not the paper or the binder that makes an effective compliance program. It is the documented patterns of behavior, decision-making and the resulting actions that an organization conducts over time that together creates a shield around the organization and determines its true effectiveness. If all that exists of an organizations compliance program is a binder of great looking paper but there is no documented track record of living by those documents, the entire program is merely a house of cards. Very early on in a Medicaid audit (for example) this lack of substance would be clearly visible. The first breeze could blow it to bits and expose the organization to serious financial penalties, repayment, potential exclusion from participation in programs and a lot of negative publicity. Now, more than ever, the very real potential is that getting caught with what amounts to a non-compliance program in place could have a price tag of millions of dollars of repayment attached to it. To those organizations whose resources are stretched to the breaking point and who may be considering utter reliance on a written Compliance Plan or off the shelf compliance product as proof of an effective compliance program, think about it this way: Your compliance program should be the shield designed to protect your organization. If what you have instead is only so much paper how protected are you?