CORPORATE SCANDALS, SOX AND THE NOT-FOR-PROFIT
25
CORPORATE SCANDALS, SOX AND THE NOT-FOR-PROFIT Presented to the L. Edward Bryant, Jr. Audit & Compliance Gardner Carton & Douglas Committee Academy Chicago, IL September 21, 2006 All Rights Reserved Orlando World Center Copyright 2006 Marriott Resort Orlando, FL
Transcript of CORPORATE SCANDALS, SOX AND THE NOT-FOR-PROFIT
Microsoft PowerPoint -
CH01-#12487361-v2-HCCA_-_Corporate_Scandals__SOX_and_the_Not-for-Profit
[Read-Only]Audit & Compliance Gardner Carton &
Douglas
Committee Academy Chicago, IL
Orlando World Center Copyright 2006
Marriott Resort
Orlando, FL
• To analyze the public policy aspects of SOX.
• To relate applicable public policy to healthcare and NFPs.
• To translate that public policy into operations for audit and compliance committees.
3
Corporate Scandals, SOX
and the Not-for-Profit
• In the process, I’ll try to: • Explain why this arena is getting so much
attention today.
• Indicate what I think our priorities should be.
• Answer as many of your questions as I can.
4
Corporate Scandals, SOX
and the Not-for-Profit
• I assume that I’m here today because of a presentation to SCLHS audit committees last November.
• CHAN is their contract internal auditor. • Spoke on the role of audit committees in NFP
healthcare governance.
• Compliance committees. • Compliance in general.
5
• Good leadership
• Good education.
• Good committees.
• But we get ahead of ourselves. What about scandals?
6
Corporate Scandals, SOX
and the Not-for-Profit
• What makes a worthwhile corporate scandal today? • Usually a supposedly strong organization tanks and/or
its leaders are convicted of wrongdoing. • Not just any organization. • One in which “the public” has an interest:
• Shareholders are the public • Other owners are the public (NFP). • Pensioners and employees are the public. • Patients are the public. • Other consumers are the public.
• See www.citizenworks.org/enron/corp-scandal • See www.google.com/corporatescandals
Corporate Scandals, SOX
and the Not-for-Profit
• If the public is harmed by corporate scandal, it is a cause for “reform.”
• The bigger the financial harm ($$$), the surer (and sometimes faster) the reform.
• Virtually no industry today in the U.S. comes ahead of healthcare as an expense and as a possible source of public harm when abused.
• For evidence of that, we turn to the GAO: – Formerly General Accounting Office
– Now Government Accountability Office
Corporate Scandals, SOX
and the Not-for-Profit
• As with abuse of pensions, stock and stock option values, and other “public interest” property, abuse of expenditures (public and private) in healthcare calls for reform.
• But, what types of reforms?
• Answer:
13
Corporate Scandals, SOX
and the Not-for-Profit
• And do we in healthcare have such reforms on the books today?
• Answer: Yes, there are several.
• Medicare antikickback and Stark laws.
• Intermediate sanctions law.
• Not-for-profit corporation laws.
• Hospital licensing laws.
• Sarbanes-Oxley Act (SOX).
• Experience shows that nearly all health industry audit and compliance committees:
• Know about the Medicare antikickback law.
• Know about the Stark law.
• Know a little about SOX (and aren’t quite sure why).
• But they also know little or nothing about intermediate sanctions, the antitrust laws, the not-for-profit corporation laws and the hospital licensing laws.
15
• Medicare and Medicaid are every hospital’s biggest customers.
• As the pie gets smaller, the table manners get worse.
• Congressman Stark didn’t want CMS to have to live by the same criminal standards as everyone else.
• The OIG has adopted “regulation by intimidation.”
• The OIG has convinced many that he invented the term “corporate compliance.”
16
Corporate Scandals, SOX
and the Not-for-Profit
• The fact is that the fiduciary director/trustee of the NFP hospital has an enforceable Duty of Care that extends to all regulatory applicable laws.
• Accordingly, most compliance committees and some audit committees have an abbreviated view of their duties.
• While prioritization in favor of the OIG’s concerns may make some sense, the job is much bigger.
• Because of this reality, this academy and its sponsoring organizations need a more panoramic vision.
• Again, to illustrate, I use the GAO:
18
Corporate Scandals, SOX
and the Not-for-Profit
• Returning from my digression with a broader context for corporate compliance and the “accountability profession,” why does NFP healthcare worry about SOX?
• Except for the whistleblower provisions, SOX applies at present only to publicly-held entities regulated by the SEC.
• But NFP healthcare is also, in a way, publicly-held.
• Benjamin Franklin saw to that.
• Alexis de Tocqueville memorialized it – Democracy in America.
• And we are its beneficiaries.
19
law to SOX, then private, but publicly-owned NFPs should at
least pay attention.
• The rationale of SOX fit pretty well to the governance duties of
healthcare NFPs.
– Audit committee – no senior managers.
– Audit committee – at least one “expert.”
– Audit committee – auditors hired by committee, not management.
– Audit committee – auditors not also consultants.
– Audit committee – no auditor “alums” as officers.
– Audit committee – prohibition of coercion of auditors.
– Audit committee –authority to hire counsel and others.
– Audit committee – rotate key auditor partner.
20
– General counsel –empowered to blow whistles to board, etc.
– Senior managers – no personal loans.
– Senior managers – barring as “unfit” when convicted.
– Senior managers – must adopt Code of Ethics.
– Senior managers – required certification of financials.
– Senior managers – must assess internal financial controls.
– Senior managers – loss of bonuses for restated financials.
– Consultants – new conflict of interest rules.
– Everyone-crime for retaliation vs. whistleblowers.
– Everyone-crime for destroying certain financial records.
– Everyone-lengthened statute of limitations on these crimes.
– Everyone-SEC freeze of amounts payable during investigations.
– Everyone-strengthening of fines and prison terms for violations.
21
Corporate Scandals, SOX
and the Not-for-Profit
• This does not mean that all NFP organizations must abide by all SOX rules.
• It does mean that each of them ought to assess the SOX rules, both statutory and regulatory, to see which ones may make sense to follow.
• Who should do that assessment?
• The board audit and compliance committees.
• How frequently?
22
Corporate Scandals, SOX
and the Not-for-Profit
• How many here have compliance committees at the board level, regardless of the name?
• How many have audit committees at the board level, regardless of the name?
• This reflects the evolutionary process of corporate compliance and of governance sophistication.
• You don’t achieve either easily or overnight.
• But the objective must be there, despite its being a work in progress.
23
• Analogously, NFP boards’ duties include oversight and responsibility for the quality of care.
• Yet hospital boards have also been slow to assert themselves into the quality arena, except in crises.
• I don’t find that it piques much interest to tell hospital boards that good corporate compliance at the board level helps them under the federal sentencing guidelines. They just don’t relate to that.
• Instead, I have found it better to emphasize their duties of loyalty and care, with examples, and then to talk about best practices.
24
Corporate Scandals, SOX
and the Not-for-Profit
• Audit committees and compliance committees and their respective compliance officers or staff can play a major role in identifying governance best practices.
• Examples include:
– Committee membership/observers.
– Agenda practice regarding conflicts and dualities.
– Serious attention to how minutes deal with compliance.
– Better integration of compliance with risk management.
25
Corporate Scandals, SOX
and the Not-for-Profit
• Audit and compliance committees need to think about how best to interact with governance/vice versa.
• NFP healthcare boards and their committees clearly need to crawl before they try to run.
• But if they crawl too long, they become more of the compliance problem than they are the solution.
• In 2006, it’s time to work together more to enhance both governance and compliance.
LEBjr
Committee Academy Chicago, IL
Orlando World Center Copyright 2006
Marriott Resort
Orlando, FL
• To analyze the public policy aspects of SOX.
• To relate applicable public policy to healthcare and NFPs.
• To translate that public policy into operations for audit and compliance committees.
3
Corporate Scandals, SOX
and the Not-for-Profit
• In the process, I’ll try to: • Explain why this arena is getting so much
attention today.
• Indicate what I think our priorities should be.
• Answer as many of your questions as I can.
4
Corporate Scandals, SOX
and the Not-for-Profit
• I assume that I’m here today because of a presentation to SCLHS audit committees last November.
• CHAN is their contract internal auditor. • Spoke on the role of audit committees in NFP
healthcare governance.
• Compliance committees. • Compliance in general.
5
• Good leadership
• Good education.
• Good committees.
• But we get ahead of ourselves. What about scandals?
6
Corporate Scandals, SOX
and the Not-for-Profit
• What makes a worthwhile corporate scandal today? • Usually a supposedly strong organization tanks and/or
its leaders are convicted of wrongdoing. • Not just any organization. • One in which “the public” has an interest:
• Shareholders are the public • Other owners are the public (NFP). • Pensioners and employees are the public. • Patients are the public. • Other consumers are the public.
• See www.citizenworks.org/enron/corp-scandal • See www.google.com/corporatescandals
Corporate Scandals, SOX
and the Not-for-Profit
• If the public is harmed by corporate scandal, it is a cause for “reform.”
• The bigger the financial harm ($$$), the surer (and sometimes faster) the reform.
• Virtually no industry today in the U.S. comes ahead of healthcare as an expense and as a possible source of public harm when abused.
• For evidence of that, we turn to the GAO: – Formerly General Accounting Office
– Now Government Accountability Office
Corporate Scandals, SOX
and the Not-for-Profit
• As with abuse of pensions, stock and stock option values, and other “public interest” property, abuse of expenditures (public and private) in healthcare calls for reform.
• But, what types of reforms?
• Answer:
13
Corporate Scandals, SOX
and the Not-for-Profit
• And do we in healthcare have such reforms on the books today?
• Answer: Yes, there are several.
• Medicare antikickback and Stark laws.
• Intermediate sanctions law.
• Not-for-profit corporation laws.
• Hospital licensing laws.
• Sarbanes-Oxley Act (SOX).
• Experience shows that nearly all health industry audit and compliance committees:
• Know about the Medicare antikickback law.
• Know about the Stark law.
• Know a little about SOX (and aren’t quite sure why).
• But they also know little or nothing about intermediate sanctions, the antitrust laws, the not-for-profit corporation laws and the hospital licensing laws.
15
• Medicare and Medicaid are every hospital’s biggest customers.
• As the pie gets smaller, the table manners get worse.
• Congressman Stark didn’t want CMS to have to live by the same criminal standards as everyone else.
• The OIG has adopted “regulation by intimidation.”
• The OIG has convinced many that he invented the term “corporate compliance.”
16
Corporate Scandals, SOX
and the Not-for-Profit
• The fact is that the fiduciary director/trustee of the NFP hospital has an enforceable Duty of Care that extends to all regulatory applicable laws.
• Accordingly, most compliance committees and some audit committees have an abbreviated view of their duties.
• While prioritization in favor of the OIG’s concerns may make some sense, the job is much bigger.
• Because of this reality, this academy and its sponsoring organizations need a more panoramic vision.
• Again, to illustrate, I use the GAO:
18
Corporate Scandals, SOX
and the Not-for-Profit
• Returning from my digression with a broader context for corporate compliance and the “accountability profession,” why does NFP healthcare worry about SOX?
• Except for the whistleblower provisions, SOX applies at present only to publicly-held entities regulated by the SEC.
• But NFP healthcare is also, in a way, publicly-held.
• Benjamin Franklin saw to that.
• Alexis de Tocqueville memorialized it – Democracy in America.
• And we are its beneficiaries.
19
law to SOX, then private, but publicly-owned NFPs should at
least pay attention.
• The rationale of SOX fit pretty well to the governance duties of
healthcare NFPs.
– Audit committee – no senior managers.
– Audit committee – at least one “expert.”
– Audit committee – auditors hired by committee, not management.
– Audit committee – auditors not also consultants.
– Audit committee – no auditor “alums” as officers.
– Audit committee – prohibition of coercion of auditors.
– Audit committee –authority to hire counsel and others.
– Audit committee – rotate key auditor partner.
20
– General counsel –empowered to blow whistles to board, etc.
– Senior managers – no personal loans.
– Senior managers – barring as “unfit” when convicted.
– Senior managers – must adopt Code of Ethics.
– Senior managers – required certification of financials.
– Senior managers – must assess internal financial controls.
– Senior managers – loss of bonuses for restated financials.
– Consultants – new conflict of interest rules.
– Everyone-crime for retaliation vs. whistleblowers.
– Everyone-crime for destroying certain financial records.
– Everyone-lengthened statute of limitations on these crimes.
– Everyone-SEC freeze of amounts payable during investigations.
– Everyone-strengthening of fines and prison terms for violations.
21
Corporate Scandals, SOX
and the Not-for-Profit
• This does not mean that all NFP organizations must abide by all SOX rules.
• It does mean that each of them ought to assess the SOX rules, both statutory and regulatory, to see which ones may make sense to follow.
• Who should do that assessment?
• The board audit and compliance committees.
• How frequently?
22
Corporate Scandals, SOX
and the Not-for-Profit
• How many here have compliance committees at the board level, regardless of the name?
• How many have audit committees at the board level, regardless of the name?
• This reflects the evolutionary process of corporate compliance and of governance sophistication.
• You don’t achieve either easily or overnight.
• But the objective must be there, despite its being a work in progress.
23
• Analogously, NFP boards’ duties include oversight and responsibility for the quality of care.
• Yet hospital boards have also been slow to assert themselves into the quality arena, except in crises.
• I don’t find that it piques much interest to tell hospital boards that good corporate compliance at the board level helps them under the federal sentencing guidelines. They just don’t relate to that.
• Instead, I have found it better to emphasize their duties of loyalty and care, with examples, and then to talk about best practices.
24
Corporate Scandals, SOX
and the Not-for-Profit
• Audit committees and compliance committees and their respective compliance officers or staff can play a major role in identifying governance best practices.
• Examples include:
– Committee membership/observers.
– Agenda practice regarding conflicts and dualities.
– Serious attention to how minutes deal with compliance.
– Better integration of compliance with risk management.
25
Corporate Scandals, SOX
and the Not-for-Profit
• Audit and compliance committees need to think about how best to interact with governance/vice versa.
• NFP healthcare boards and their committees clearly need to crawl before they try to run.
• But if they crawl too long, they become more of the compliance problem than they are the solution.
• In 2006, it’s time to work together more to enhance both governance and compliance.
LEBjr
