What is in this article?:
Audit prep expert Lisa Keilty, CMP, HCC, president /owner of the pharma compliance consulting firm PMC2 (Professional Meeting Compliance Connection), explored what the OIG is looking for, and how pharma planners can prepare for an audit, during a session on audit preparation and standard operating procedures at the 2013 Pharma Forum in Orlando.
Anatomy of an Audit
According to Keilty, whose services include helping companies prepare for audits, pharma companies can undergo everything from financial reviews and operational audits, to assessments of information technology systems, to integrated audits that include all of the above. And then there are investigative auditsthat delve into everything from a meeting’s initiation to its execution and reconciliation. Audits can be performed by internal corporate assessors or by external organizations such as the Office of the Inspector General of the U.S. Department of Health and Human Services.
An internal audit measures how your department adheres to and enforces existing policies and procedures, the risk associated with outdated or non-existent policies, knowledge-training opportunities, and the effectiveness of communication. It also will assess how your department is self-auditing/monitoring, and how you respond to violations. At the minimum, you should have standard operating procedures, or SOPs.
The OIG has seven elements that must be included for a compliance program to be successful:
1. Written policies and procedures
2. Designated compliance officer and compliance committee
3. Effectiveness of training and education
4. Effectiveness of the lines of communication
5. Internal monitoring and auditing
6. Enforcement of standards through well-publicized disciplinary guidelines
7. Prompt response to detected problems through corrective actions
Whether a company’s internal audit departments perform the audit(s) or an external vendor is hired to perform the audit(s),once they are done scrutinizing, they will give you a rating of unsatisfactory, satisfactory, or general satisfactory, which is the top rating. A bad audit result could end up costing your company not just in substantial fines and penalties and an OIG-enforced corporate integrity agreement, or CIA, but also in bad publicity, lowered productivity as staff is diverted from their regular work to accommodate the auditor’s needs, and even a loss of jobs.
“You are accountable,” said Keilty. “The key is to be organized and document as you go.”