II. Compliance Program Elements F. Auditing and Monitoring
An effective compliance program should incorporate thorough monitoring of its implementation and an ongoing evaluation process. The compliance officer should document this ongoing monitoring, including reports of suspected noncompliance, and provide these assessments to company’s senior management and the compliance committee. The extent and frequency of the compliance audits may vary depending on variables such as the pharmaceutical manufacturer’s available resources, prior history of noncompliance, and the risk factors particular to the company. The nature of the reviews may also vary and could include a prospective systemic review of the manufacturer’s processes, protocols, and practices or a retrospective review of actual practices in a particular area.
Although many assessment techniques are available, it is often effective to have internal or external evaluators who have relevant expertise perform regular compliance reviews. The reviews should focus on those divisions or departments of the pharmaceutical manufacturer that have substantive involvement with or impact on federal health care programs (such as the government contracts and sales and marketing divisions) and on the risk areas identified in this guidance. The reviews should also evaluate the company’s policies and procedures regarding other areas of concern identified by the OIG (e.g., through Special Fraud Alerts) and federal and state law enforcement agencies. Specifically, the reviews should evaluate whether the: (1) Pharmaceutical manufacturer has policies covering the identified risk areas; (2) policies were implemented and communicated; and (3) policies were followed.