Compliance and Ethics: Ideas & Answers. Edition 74
Dear friends,
Welcome back to another edition of Compliance and Ethics: Ideas & Answers.
For this week's first piece, Rebecca Walker met with Debbie Troklus to discuss compliance certifications.
What do codes of conduct have to do with data analytics? I recently joined a fascinating webinar, and when they started to explain the topic, it made perfect sense. In our second piece today, I consider how a code of conduct can be a data source.
As always, we finish with a bit of fun in our regular feature Compliance Lite.
And don't forget there's more content on our website so please do visit us there to read our other articles.
You can now also sign up for this newsletter via email here.
Thank you, Joe.
Certified Compliance and Ethics Professional: An Interview of Debbie Troklus
Over the 3-1/2 decades since the promulgation of the Federal Sentencing Guidelines, the field of compliance has matured and evolved into a recognized profession. The certification of compliance professionals is an important component of this development. Establishing a certification credential signifies recognition of expertise within a field. A certification helps to formalize a profession, elevating its status and credibility by ensuring that practitioners meet agreed-upon standards of excellence. In developing the first certification for compliance and ethics professionals (the CCEP), the Society of Corporate Compliance and Ethics (SCCE) significantly advanced the field of compliance and ethics – helping to establish our profession on firmer ground.
I recently had the honor of catching up with Debbie Troklus, a founding member of the Health Care Compliance Association (HCCA) board and the original Advisory Board of the SCCE. ?Debbie helped develop the SCCE and HCCA’s certifications, and she is also the current president of the Compliance Certification Board (CCB). The CCB is an independent body that manages the CCEP and other certification exams. Debbie is, in other words, the perfect person to ask about compliance certifications!
Rebecca: Debbie, can you please tell us a little about the early days of the CCB? How did the SCCE go about developing the CCEP certification?
Debbie: It was in around 1997 that we started thinking about a certification in the healthcare arena. At that time, the SCCE didn’t yet exist. We got a group together, which included [Ideas & Answers Executive Editor] Joe Murphy, and we developed the Certified Healthcare Compliance (CHC) certification. We took the certification to the members of the Healthcare Compliance Association in 1997. That was a tough meeting. The members didn’t like it. They didn’t want anyone to tell them how to do their jobs. We in the HCCA leadership felt strongly about this, and we went ahead with the development despite the negative feedback. I came back the next year with an update, and it was a bit better accepted by then. We then started the first certification program in 1998.
Our second certification was the CHPC, which is Certified in Healthcare Privacy Compliance. Then we did CHRC – Certified in Healthcare Research Compliance and CHCF – Certified in Healthcare Fellowship. Those are all healthcare compliance certifications.
In 2006, we rolled out the Certified Compliance and Ethics Professional – CCEP. Then we followed with the CCEP – International.
Rebecca: I’m curious, Debbie. You mentioned that there was resistance from HCCA members when you first floated this idea of certification. Why did you continue down the certification path after you met so much resistance?
Debbie: At the time, I was on the Board of the HCCA, and Roy Snell (then-President of the HCCA) had given the board members goals. My goal was to help compliance become a profession. I knew that in order to meet that goal, the certification was important. To have a profession, you need a certification or degree program that allows people to demonstrate their knowledge and expertise in the field.
We held our first Academy in 1998 at the University of Pennsylvania. At that time, we were not offering the certification exam on site. But now you can take the exam on site after attending an Academy. ?
Rebecca: What were the key challenges that you faced during the process of developing the certification exam?
Debbie: The primary challenge was from our members. In addition, certification is expensive. You have to have a testing center and a testing firm. It requires a lot of meetings with experts working on all the individual tests. It is expensive to keep the program going.
Rebecca: Can you tell us a little about the test itself? How are the questions developed?
Debbie:? Questions are developed by a board of experts who have been in compliance for more than 20 years. They have worked in the field. Our international test committee has international folks on it. They work together multiple times a year. We have a psychometrician who works with us to make sure that the question is statistically valid. It can take 3 to 9 months to get a new test form out. We pre-test the questions.
Wait, what? A code of conduct as part of data analytics? How could that be?
by?Joe Murphy, CCEP
领英推荐
My friend Kirsten’s firm, Rethink Compliance, was offering a free webinar for SCCE CEUs, which I need as a CCEP.? Plus the firm was covering a topic where I wanted more current information – ?data analytics and AI.?
I signed up and joined the seminar ready to learn about this state-of-the-art topic. So when the discussion shifted to codes of conduct, I was a bit mystified. What do codes have to do with data analytics? I was certainly hoping they are not going to tell us to count how many codes were distributed! But as they started to explain the topic it made perfect sense and drew my full attention. ??
How can a code of conduct be a data source?
Codes are not simply the little books that were handed out to employees to sign (and actually read – maybe?). Today codes can reside on the company’s intranet or web site and be connected for a broad range of data acquisition.? The data is not simply how many copies were distributed or signed.? Instead, companies can see how much time employees spend on the code and especially how much attention was given to different risk areas.? Interaction by employees and others associated with the company can inform the compliance program about possible areas of interest and concern.
It can be possible to monitor access by areas in the business. When a particular location or business unit shows a sudden and sharp interest in bribery, this may be an indication to pursue an investigation or audit. Where attention to the coverage of harassment spikes, the compliance program can be put on the alert to pay attention and dig deeper.? ??
It would likely be wise not to have a system that identifies which individuals are accessing the code, because this could sharply decrease use of the code and strike employees as too invasive.? There could also be privacy issues in gathering personally identifiable information. However, other types of information such as business units and locations not traceable to specific individuals can be highly useful.
Today’s codes can also have links to other key resources, such as specific policies, training materials, and guides.? Again, if there is much activity regarding a specific topic, this might signal to internal audit the need to conduct reviews related to that point.? There can also be a search function available to those accessing the code that allows the compliance team to see what specific issues people were pursuing.?
Sources and uses of data
Of course, data may not provide full answers, but can provide a guide for further inquiry. Unusual usage patterns may have very simple causes. But this type of data can be valuable when combined with other risk factors in determining how to allocate limited auditing and investigation resources.? Codes of conduct that are available on the web may draw from larger data sources beyond just employees (e.g., suppliers, customers, agents), but a high interest in a company’s coverage of topics like foreign bribery is of concern whether it is limited to employees, as would be the case for policies only on a company’s intranet side, or if it is accessible to others who might be outside witnesses to the company’s misconduct.?
Be Careful What You Teach
by Adam Balfour
While our readers get to see and read our weekly newsletter, you don’t get to experience the behind the scenes back and forth banter and exchanging of ideas that takes place among our four editors. Whether it is our biweekly calls or our regular emails throughout the week, we are in near constant dialogue and I’m fortunate to learn from (and laugh with) my fellow editors on a regular basis.
In one of our recent email exchanges, Joe shared the following:
“Paul Fiorelli, in his book Establishing Workplace Integrity, repeats this story told by Dan Ariely:
A little boy gets in trouble in school for stealing a pencil from another student. The father is mortified and calls his son to account. While scolding the boy and telling him “you never steal” he also notes how unnecessary this was, because if the boy needed a pencil the dad could just bring home a box of them from the office.”
I replied to Joe, Jeff and Rebecca that this reminded me of a time last year when we stopped behind another car at a red light and how my now 7 year old yelled “come on, move car.” I was shocked and told him not to speak that way. I was thinking to myself “where on earth did he learn that it was acceptable to say that?” He must have picked that up from somewhere, but I could not think where (I’m sure you can guess where this story is going ??).
It was only when we got to the next traffic light and stuck behind a car in front of us that I realized where he had picked it up from as the words “come on, move car” came out of my mouth in almost comical slow motion. Without realizing it until then, I now knew I was the source of the problem and that I must have said this before - perhaps even multiple times - for him to pick it up and say it.
While we could rightly categorize this as a “parenting fail,” I’ll happily spin the story to be one about ethics and compliance and how true the point in Paul’s book is. When we are in a position of authority, we need to ensure that our actions match the expectations we set for others and that we hold ourselves accountable when we fall below those standards.
Next time your employees are doing something you don’t like or agree with, stop and ask if they are simply reenacting how they have seen you act and behave. We will all fail from time to time, but we can learn from our errors and shortcomings, and help those we can influence to aspire to our better behavior instead of our bad habits. Remember this bit of wisdom in an old saying: “your actions speak so loudly, I cannot hear what you are telling me to do.”
Receive Compliance and Ethics: Ideas & Answers via Email
If you, or someone you know, would like to receive our newsletter directly in your inbox, simply click the link below and sign up to stay updated on the latest compliance and ethics tips and discussions.