global compliance auditing & monitoringalso graduated at the amp program at iese in barcelona. 5...

29
A member firm of Deloitte Touche Tohmatsu Limited ©2012 All rights reserved. Global Compliance Auditing & Monitoring Presented by: L. Stephan Vincze, Director, Deloitte Financial Advisory Services LLP Luca M. Liberatore, Director Compliance Amgen Sharing of Best Practices The International Pharmaceutical Compliance Congress, Budapest, Hungary May 15, 2012

Upload: others

Post on 09-Jul-2020

0 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Global Compliance Auditing & Monitoring

Presented by:

L. Stephan Vincze, Director, Deloitte Financial

Advisory Services LLP

Luca M. Liberatore, Director Compliance

Amgen

Sharing of Best Practices

The International Pharmaceutical Compliance Congress, Budapest, Hungary

May 15, 2012

Page 2: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.2

Agenda

Introductions

Key Global Compliance Auditing and Monitoring Considerations

Q&A / Thank You

Page 3: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Introductions

Page 4: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Steve VinczeL. Stephan Vincze (“Steve”), Director, Deloitte Financial Advisory Services LLP, Boston, MA. Steve serves as a Director of the Life Sciences practice within Forensic & Dispute Services, Deloitte Financial Advisory Services LLP (Deloitte FAS).

Mr. Vincze advises pharmaceutical, biotech and medical device companies on how to design and implement effective compliance structures and processes (to include due diligence, risk assessment, monitoring, training tools, and performance metric tools) to implement Corporate Integrity Agreements (“CIA’s”) with the Office of Inspector General (“OIG”) of the Department of Health and Human Services (“DHHS”) or Deferred Prosecution Agreements (“DPA’s) with the Department of Justice (“DOJ”).

Mr. Vincze joined Deloitte FAS after serving as vice president, ethics & compliance officer/privacy officer for TAP Pharmaceutical Products Inc. Among the first and largest of its kind in the pharmaceutical industry, “the TAP case” involved sales & marketing, drug pricing and sampling issues and resulted in an $885 million dollar settlement with the DOJ and a complex CIA with the DHHS OIG.

As part of Mr. Vincze’s responsibilities at TAP, he worked closely with the legal and compliance audit teams to conduct gap and risk assessments and made regular reports to the TAP Board of Directors and Executive Management Team. Mr. Vinczewas recruited by TAP in September 2001 to oversee and implement TAP’s 7-year CIA. Under Mr. Vincze’s leadership, TAP’sethics & compliance program was nationally recognized with awards for training and auditing excellence. Mr. Vinczesuccessfully negotiated with the OIG to terminate TAP’s CIA early. Mr. Vincze was recognized by his industry peers and The PharmaVoice trade journal as one of “The Pharma 100 Most Inspiring Leaders” in the pharmaceutical industry in 2007.

Prior to his TAP role, Mr. Vincze served as President and CEO of an award-winning national healthcare compliance consulting firm, Vincze & Frazer, LLC. Prior to his consulting experience, Mr. Vincze was recruited by Medaphis Corp. in Atlanta, GA in 1995 to serve as their first VP, Chief Compliance Officer and establish a compliance program. He was recruited from Washington, D.C. from his position as a counsel to the Committee on Government Reform in the U.S. House of Representatives, where he advised the Chairman on National Security matters and conducted investigations into matters of alleged fraud and abuse in the Department of Defense. He was recommended for this congressional position after distinguished service in the Office of the Secretary of Defense as an officer in the United States Marine Corps, receiving the Defense Meritorious Service Medal for exemplary service while at the Pentagon.

Mr. Vincze is a noted author and speaker, serving on several editorial advisory boards, and has been a guest lecturer at Harvard University and currently serves as an adjunct faculty member at the University of Miami School of Business Executive Education Program for life science executives in Latin America.

Mr. Vincze earned a bachelor's degree from Columbia University (A.B., History), law degrees from Georgetown University Law Center (LL.M., International & Comparative Law, with distinction) and Southern Methodist University School of Law (J.D.) and a Master of Business Administration degree (M.B.A) from the University of Chicago Booth School of Business.

4 As used in this document, “Deloitte” means Deloitte Financial Advisory Services LLP

Page 5: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Director Compliance, Large Countries and CEE, Amgen Int’l.

After joining Amgen Italy in 2002 as Director Regulatory and Government Relations, Luca held several positions of growing responsibility as Compliance Lead for the Italian Affiliate and Director Corporate Affairs. He then moved to Amgen Int’l in 2007 as Director Compliance for South Region and became Director Compliance for Large Countries and CEE in 2010.

Prior to that, Luca was a lawyer by practice, then served at CNR - National Research Council in Rome, Italy as Legal Advisor of the General Manager. In this capacity, he also coordinated legal and contractual aspects of the expansion of the Public Research Program in Southern Italy.

Luca received a degree in Law from University La Sapienza of Rome. He also graduated at the AMP Program at IESE in Barcelona.

5

Luca Liberatore

Page 6: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Key Global Compliance Auditing and Monitoring Considerations

Page 7: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Global Compliance Program

7

Governance

Compliance Professional

Policies & Procedures

Employee Training

ReportingSystems

Monitoring & Auditing

Corrective Action

A structure for managing regulatory risks within the enterprise

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Page 8: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

8A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Strategic

Tactical (Planning)

Supervisory (Monitoring)

Operational (Transactional)

Product Devmt. Research Sales & Mktg.Regulatory

Strategic Planning

Financial & Back Office

Clinical Trials Mfg. Dist. & LogisticsPre-Clinical

Order Mgt.

Manufacturing

MPSMRP

Procurement

Demand Forecasting

Decision Information Collection and Mgmt

Product Planning

Product Creation

Finance and HRLot Management

LIMS

IP Mgmt

Formulation

Research

Developm

ent

Quality Control

Yield Tracking

Transportation Management

Lot Control

Pricing

Compensation Planning

Com

mercial

Inventory Control

Product Recall

CRM

Product Disposition

Market Strategy

Tax Strategy

Market Analysis

Pharmacol ogy

Self Service

Project Costing

Strategic Planning

Clinical Research

Clinical

Protocol Development

Bio Statistics

Site Management

Data Management

MES

TaxePedigreeDocument

Management

Pre-Clinical

Silo-ed Operations Has Lead to Silo-ed Compliance

Page 9: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

9A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Current State Future State

• Managed in silo’s• Mostly reactionary• More projects than programs• Handled separately from

mainstream processes and decision-making

• People used as middleware• Limited and fragmented use of information

technology

• Enterprise approach• Integrated compliance program• Program based approach• Embedded within business

processes and decision-making • Effective use of information

technology

The Transformation Opportunity

Page 10: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

10A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

• Changing regulations that require greater global consistency, speed, integration, coordination and reporting in a more highly regulated global market place with greater risks are driving this evolution toward “enlightened decentralization.”

• The goal is a fully integrated global program across business units that achieves the right mix between global consistency with local customization to achieve maximum compliance and business effectiveness.

Global Compliance Programs are moving toward a more centralized oversight model, acting as a hub to coordinate key global processes and policies

Page 11: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

11A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Compliance Road MapMonitoring & Auditing

• Develop auditing & monitoring plan

• Develop auditing and monitoring tools

• Prepare for each “audit”

• Define scope

• Define sample

• Test tool – inter-rater reliability

• Conduct review

• Document findings and observations

• Obtain management corrective action plan

• Confirm correction

Test Inter-raterReliability

Conduct Review

Document Observations& Findings

Obtain Management Response

Finalize Report& Corrective

Action Plan

DefineReview Scope &

Assumptions

Develop ReviewCriteria

Define ReviewSample

Page 12: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

12A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.

Policies/ Procedures/ Training

Compliance RisksCompliance Risks

Prioritize 

Resources Reprioritize Risks

Aggregation 

of

Data

Policies/Procedures/TrainingPolicies/Procedures/Training

Compliance 

"Audits"

Compliance 

"Audits"

Compliance

CSA &

Monitoring 

Compliance

CSA &

Monitoring 

Compliance

Investigations

Compliance

Investigations

Compliance Data 

Analysis and reporting of effectiveness of policies, procedures and 

training

Enhancement of 

Infrastructure

Aggregation of 

Data

Enforcement of Standards

“Audit” in the context of a risk-based approach

Page 13: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.13

DefineReview Scope &

Assumptions

ReviewProcess for

Each Risk Area

Conduct Review

Develop ReviewCriteria

Define ReviewSample

Obtain Management

Response

Test InterrelatorReliability

Document Observations & Findings

Finalize Report &

Corrective Action Plan

The Review Process

Page 14: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.14

DefineReview Scope &

Assumptions

Develop ReviewCriteria

Define ReviewSample

Test InterrelatorReliabilityConduct Review

Document Observations

& Findings

Obtain Management

Response

Finalize Report& Corrective Action Plan

DefineReview Scope & Assumptions

Develop ReviewCriteria

Define ReviewSample

Conduct Review

Document Observations

& Findings

Obtain Management

Response

DefineReview Scope &

Assumptions

DevelopReviewCriteria

Define Review Sample

Test InterrelatorReliability

ConductReview

Document Observations

& Findings

Finalize Report& Corrective Action Plan

Monitoring never ends… each review leads to the next, and the monitoring plan and unplanned issues drive additional monitoring activities. It is a continuous process…

The Monitoring Plan

Page 15: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.15

• Risk Assessment Data• Interviews with Senior Leadership• Input from Compliance Organizations and Legal• Linked to Enterprise Risk Management activities

Sample Risk Drivers

– Sales Growth

– Staff Inexperience Factor

– External Ethical Environment

– Prior “Audit”

– Management Team Turnover

– Self Assessment QuestionnaireR

isk

Impa

ctRisk Potential

Annual “Audit” Plan Development a Risk-Based Approach

Page 16: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

“It is part of our business processes and practices”

“We do just as much as we have to do”

“It’s just a part of doing business”

“It helps us proactively remove potential liabilities”

“It is an integral part of how we do business and who we are as an organization”

Organizational dimensions drive increased maturity of the organization’s compliance programs and overall culture of compliance

Org

aniz

atio

nal

Dim

ensi

ons

No defined compliance processes or policiesSiloed and inconsistent practicesBusiness areas follow different paths to reconcile compliance issuesNo systems in place to track key processes

Compliance programs are centralized and ubiquitous, but may lack proactive efforts or coordinationManual or limited compliance testingLimited involvement from key stakeholders

Endorsement and buy-in from leadership and all business areasOwnership of content -policy, standards and procedural is established for ongoing maintenance

Actively managed and proactive compliance program with ability to anticipate risks and exposuresA combination of standard and custom-developed toolsMature records management practices

Compliance programs are managed in unisonPrograms offer complete visibility of requirements across the enterprisePrograms are regularly audited for complianceCompliance is an integral part of all business processes

16

A member firm ofDeloitte Touche Tohmatsu©2012 All rights reserved

Page 17: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Q & A / Thank You!

Page 18: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

Appendix -- Back-up Slides

Page 19: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.19

Auditing and Monitoring Strategy

• Consider integration with Internal “Audit” Plan • Determine resources available to execute the plan• Identify timeframes for “audits”• Prioritize risk areas• Communication of “audit” to stakeholders

There are many issues to consider when determining the organization’s auditing and monitoring strategy including:

Page 20: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.20

Some key elements of HCC auditing

• Transparency on “audit” process and ratings• Clarity on expected role of local team• Preparation, fieldwork, closing• Agreement on corrective actions and timelines• Follow up and validation• Planned “audit” vs. surprise

Page 21: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.21

Auditing Technique

Sampling: Determine the risk

Example :• High risk = pay more attention-use a standard sample size• Low risk = less monitoring-consider using a probe sample

Page 22: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.22

Sampling Methodologies

Things to Consider:• The purpose of the sample or the review objective• The universe/population/sources of data• The size of the sample• What you are going to do with the results

Page 23: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.23

Purpose of the Sample

Is the review for:• Self - disclosure?• Education?• Part of an on-going monitoring plan?• Response to the government, subpoena, etc.?• Known risk area?

Page 24: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.24

Sampling Size

How much is enough?• What is the purpose of your sample?• If you are not sure you may want to start with a 30 probe sample

Do you need to test every commercial funding event?• If you have an employee new to the funding processing role you

might want to test to see if this employee is processing the requests as required.

Page 25: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.25

Sampling Techniques

• There are many ways to make samples statistically significant.• Probe/Discovery Samples are used mainly to determine the size of the

full sample in order to meet the required precision and confidence levels.

• Use a statistical sampling when it is impossible or prohibitively expensive to “audit” all claims in an overall population using a census covering 100% of these claims.

• The alternative is to “audit” a statistical sample of these claims that is representative of the population using randomly selected & statistically significant number of claims in the sample where every member of the population has an equal positive probability of being selected.

Page 26: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.26

Sampling Summary

• Random or judgmental sample selection• Things to consider:

• Size of the population/universe• Time and expense to review

• There are many ways and reasons to sample or test• Remember to :

• Determine why you are testing• Who or what you want to test• What you are going to do with the results

Page 27: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.27

Information & Communication

• The right amount of the right information• At the right time• To the right people

Page 28: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

A member firm ofDeloitte Touche Tohmatsu Limited©2012 All rights reserved.28

“Audit” Reporting – Board and Senior Management Oversight

• Aggregate results reported to “Audit” Committee and Senior Management

• Senior Management receives final report• Management action plan completed for critical issues are tracked by

“Audit” Services• Past due action plans for critical issues are reported to the “Audit”

Committee

Page 29: Global Compliance Auditing & Monitoringalso graduated at the AMP Program at IESE in Barcelona. 5 Luca Liberatore Key Global Compliance Auditing and Monitoring Considerations Global

.

Copyright © 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

About DeloitteAs used in this document, “Deloitte” means Deloitte Financial Advisory Services LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

DisclaimerThis presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.