the italian compliance environment · 3. compliance program elements of the compliance program:...
TRANSCRIPT
ABCD
1
The Italian Compliance Environment
Budapest, May 14 - 16, 2012
6th Pharmaceutical Compliance Congress
and Best Practices Forum
Giuseppe Palmieri Head of Risk & Compliance Management and Audit Chairman of Supervisory Body
Compliance Program Within Company : Actions , Strategies And Best Practices For Business Continuity And Sustainability
2
Methodology……at BI ItalyProject Phases Risk and Control AssessmentInternal Control SystemExamples of OutputCompliance Program ImplementationCompliance Program as a cost saving strategy?
Table of Contents
SHORTSHORT
3
Compliance Program
Elements of the Compliance Program:
Risk Matrix
Authorization and organizational system
Principles of Control
Budget Control
Ethical Code
Supervisory Body
Reporting to the Supervisory Body
Communication of and Training on the Compliance Program
Disciplinary System
ABCD
1. Organization
2. Processes
5. Risk3. SOP
4. Audit Methodology
Driver “awareness” Driver “compliance”
Internal Audit : “taking care of governance”“monitoring and supervising processes”
5
Project Phases
Phase 1
Planning
Data and information collection
Phase 3
Control assessment
As is Analysis & Gap Analysis(To-be model)
Phase 4
Drawing up a Compliance Program
Phase 5
Implementation
Implementation of the Compliance
Program with all its parts
Set-up
Phase 2
Diagnosis
Risk Matrix
Setting up control procedures
Assistance from the Supervisory Body
in case
There are 5 project phases:
ABCD
6
Resp.Area Scientifica Agostini 1 Rapporti Istituzionali AIFA, Ministero
della Salute
Corruzione per un atto d’ufficio (impropria) (art.318-321 c.p.) MOLTO
BASSA
4,00 2,00 0,40 2,40
Istigazione alla corruzione per un attod’ufficio (impropria) (art.322 c.p.)
MOLTO BASSA
Istigazione alla corruzione per un attocontrario ai doveri d’ufficio (propria)(art.322 c.p.)
ALTA
Corruzione per un atto contrario ai doverid’ufficio (propria) (art.319-321 c.p.) ALTA
Corruzione aggravata (art. 319-bis c.p.) MOLTO ALTA
Rapporti con associazioni di Categoria
Assogenerici,
AFI,SIAR,SFA
Corruzione per un atto d’ufficio (impropria) (art.318-321 c.p.) MOLTO
BASSA
4,00 1,60 0,32 2,72
Istigazione alla corruzione per un attod’ufficio (impropria) (art.322 c.p.)
MOLTO BASSA
Istigazione alla corruzione per un attocontrario ai doveri d’ufficio (propria)(art.322 c.p.)
ALTA
Corruzione per un atto contrario ai doverid’ufficio (propria) (art.319-321 c.p.) ALTA
Corruzione aggravata (art. 319-bis c.p.) MOLTO ALTA
Rischio ResiduoSpecifico Percentuale di
copertura del RischioContatti Reati Gravità Probabilità di
Rischio PotenzialeDirezione Funzione/ Soggetto
Sezione Attività
4,00 2,00 0,40 2,40
Rischio ResiduoSpecifico Percentuale di
copertura del Rischio
Probabilità di Rischio Potenziale
Potential Value at Risk (excluding the value of the impact of specific controls)
Potential Value at Risk (excluding the value of the impact of specific controls)
Specific ControlsSpecific Controls Risk Coverage Percentage
Risk Coverage Percentage
Residual risk: it is calculated considering the proportional impact of controls on the
potential value at risk
Residual risk: it is calculated considering the proportional impact of controls on the
potential value at risk
Risk and control matrix
- Output – Risk Matrix 2/2
ABCDWHICH RISKS DO YOU PAY ATTENTION TO?
Impact
Probability
HIGH
MEDIUM
LOW
Veryhigh
highmediumlowverylow
Action plan:•audits•SOP
B. U. Lotto e Gare
0,00,51,01,52,02,53,03,54,04,55,0
0 1 2 3 4 5
Gravità
Prob
abili
tà
When can you accept risk?
SPECIFIC CONTROLS TO MANAGE THE RISK SPECIFIC CONTROLS TO MANAGE THE RISK
NO RISK
AVOID
MONITOR
MINIMIZE
ACCEPT
SeveritySeverity
HIGH-RISK PROCESS: heavy impact on OPUHIGH-RISK PROCESS: heavy impact on OPU
2 ,6 4
0,00
2,7 9
4,32
0,57
3 ,9 0
2 ,6 1
1 ,26
0 ,00
1 ,00
2 ,00
3 ,00
4 ,00
5 ,00
E N TITY C ON TRO L LEVELgoverna nce
s tand ard of b eha viou r
com m u nicat ion
fo rm a tion
hum a n re sou rc e
con trol
in fo rm a tion
violat ions
GovernanceStandard of behaviour
CommunicationFormation
Humanr ResourceControl
InformazioneInformationViolations
Availability of organization charts which, however, have not been formalized and communicated;Job descriptions are undetermined and not updated;No definition of proxies;Incomplete procedures;
Communication of organization charts, process for timely adoption of changes;Definition of job description system;Definition of proxies;Procedures to update:
- recruiting- balance sheet process- revenue- advisors
As is
HR
CEO,
HR
CEO, HR
Responsability
Examples of output:
As is & Gap Analysis
10
Compliance Program
Elements of the Compliance Program:
Risk Matrix
Authorization and organizational system
Principles of Control
Budget Control
Ethical Code
Supervisory Body
Reporting to the Supervisory Body
Communication of and Training on the Compliance Program
Disciplinary System
SB
OUTSIDE
Deputy Deputy
INSIDE
Head of R&C and IACHAIRMANG.Palmieri
BoDBoard of AuditorsBoard of Auditors
PWCPWC
SUPERVISORY BODY BI ITALY
Law No. 300 of September 29, 2000 and legislative decree No. 231 of June 8, 2001 for the first time recognized administrative liability of legal entities, irrespective of whether or not they are incorporated, for crimes committed by those vested with the power to represent, run or manage the entity or by those subject to the latter's management or supervision, either in order to provide the entities with an advantage or merely in their interest.Administrative liability is in addition to the individual's liability.
ABCD
Risk & Compliance and IAG.PALMIERI
Country Managing Director & CFO
Compliance ManagementCompliance Management Compliance Internal AuditCompliance Internal Audit
Dlgs.231/01
Dlgs.219/06
Farmindustria Code
EPFIACode
ACP BII
ABCDElements of the Program: Adoption and Observance!!!!!
Code Of Conduct
• Principles and rules of conduct to be followed in dealings with the public administration
• Principles concerning the organization
• Principles relating to corporate offences
SOPs operating procedures and protocols to regulate the Entity's decision-making and decision implementation process;
OU
TPU
TO
UT
PUT
Audit
14
Implementation of the Compliance Program
Compliance Program
Management
Commitment
Bottom-up reporting Deterrent power
of the disciplinary
system
“ management knowledge”
(profitability /compliance)
(compliance/ effectiveness)
Communication
Compliance
1. Rules
2. Governance
3. Commitment
4. Communication & Training
5. Audit
Training
output
1
2
3
Communication and Training
Communication
Newsletter
Intranet (home page RCM)
Executive Meeting
Training
E-learning Course
Plenary Section
Focus Group
Brochure_compliance
Communication
Newsletter
Intranet (home page RCM)
Executive Meeting
Training
E-learning Course
Plenary Section
Focus Group
Brochure_compliance
15
16
Identifying major
deficiencies
Measuring severity
investigatingWhy Analysis
Find suggestions for improvement
Keep in mind only the most effective
ones
Prioritize implementation
Information
Comparison
Action plan
Collecting suggestions
AUDITS: “Findings” as a Learning Tool
SHORTSHORT
ABCD
• Reporting to Auditee• Draft report• follow up meeting;• Final report
• Reporting to BOD/Board Of Auditors /CM/Directions
• Disciplinary measures
• Action Plan to implement recommendations
• Reporting to Auditee• Draft report• follow up meeting;• Final report
• Reporting to BOD/Board Of /Board Of Auditors /CM/DirectionsAuditors /CM/Directions
• Disciplinary measures
•• Action Plan to implement Action Plan to implement recommendations recommendations
• Follow Up activities previous year
• Identification of:☺ occurrence of findings☺Process Owners
involved. ☺“GAP awareness”.☺actions to be planned
(updating of procedures)
• Recommendations from the previous year
• Follow Up activities previous year
• Identification of:☺ occurrence of findings☺
Process Owners involved.☺“GAP awareness”.☺
actions to be planned (updating of procedures)
• Recommendations from the previous year
Audit process: • Planned • On demand• “Spot”
Audit process: • Planned • On demand• “Spot”
• risk update (mapping assessment )
• Training and Communication Plan:
• Compliance Program;
• process
• risk update (mapping assessment )
• Training and Communication Plan:
• Compliance Program;
• process
RISK & COMPLIANCE
• interviews• Procedure
requirements (check list …)
• Documentation collection
• Record recovery
• interviews• Procedure
requirements (check list …)
• Documentation collection
• Record recovery
Diagnosis Projecting Auditing ReportingPlanning
For the various sensitive activities, specific ways of committing crimes can be identified:
o influencing the physicians' fair and/or independent judgment and getting them to unduly prefer
prescribing the company's products over other proprietary medicinal products within the
framework of their medical activities;
o getting hospital/NHS trust buyers to unwarrantably prefer the company's pharmaceuticals
over other medicinal products;
o getting the owners of a spending power committing a Body (public, but also private if the owner
of that power is a public official or civil servant) to favor the Company versus other competitors;
o getting the owners of a power to grant authorizations to favor the company's position;
o in general, getting public officials or civil servants to do, omit to do and/or delay one or more acts
of their office.Bribery (art. 318 - art. 322 of the Penal Code )
Risk of Compliance Violations under Legislative Decree N° 231/01
Congresses & Meetings
Source: Farmindustria Guideline under Legislative Decree No.231/01
Control Risk Self-Assessment Process
☺
Provide for segregation of duties for the different operational phases;
☺
AIFA's specific authorization for the event (Legislative Decree No. 219/06);
☺
selection of local events with CME accreditation (CME guidelines), relevance
of the event to products for which the company is the MA holder or
concessionaire or co-promoter (Legislative Decree No. 219/06);
☺
selection of scientifically worthy venues and non-tourist resorts in certain
periods of the year (Farmindustria Code), constraints on the hospitality to be
offered to the medical class (Farmindustria Code)
Source :Farmindustria Guideline under Legislative Decree No.231/01
Congresses & Meetings
HCP Consultancy
Enforce established fee limits
Mitigate risk from lack of transparency in handling payments
Review contract terms and fees for service or time in order to make sure that they are set according to local fair market rates / limits
Review relevant payment documentation, e.g. expense accounts, budget reportsRequirements criteriaD.D.pdf
Specific audits
Key Risk Area Objectives of Compliance Action Taken
Compensation level not in line with fair value rates and/or time required to render the service
Insufficiently tracked and documented payment
Consultancy
HCP Consultancy: General Statements
☺
Arrangements are never used in an effort to get or influence physicians to prescribe or reward them for prescribing any company product, or as a way to build a relationship with or gain access to HCPs.
☺
The Company has a real, “bona fide” and objective business need for the physician's services.
☺
The selected individual is qualified to render the services.☺
The selected individual has been chosen by company personnel qualified to assess the individual's expertise and ability to effectively provide the requested services.
☺
The individual is compensated for his/her services at their fair-market value ☺
The services are provided after a written contract is signed.☺
The services are not a duplication of other services, but offer real added value to the business.
☺
The number of physicians hired for the service is actually required to satisfy the business need.
☺
The services are actually rendered and used by the business.☺
There is adequate documentation that the services were actually provided.
Consultancy
Consultancy Agreement Template : Main Local Requirements
1. The Consultant represents and warrants that, if applicable, he/she has obtained authorization from his/her employer prior to entering into this Agreement as provided by Article 53 of Legislative Decree No.165 of March 30, 2001 (T.U. sul rapporto del pubblico impiego) or any other provisions or regulations applicable to his/her employment.
2. Travel expenses and subsistence costs shall be priorly agreed upon with the Company. The Company will assume travel expenses and subsistence costs subject to submission of the relevant receipts in accordance with the applicable industry codes, including Farmindustria Code of Professional Conduct, which allows economy-class air fares and hotel accommodation not exceeding four stars.
22
23
Compliance Program : ….cost savings?Compliance Program : ….cost savings?
Control is an economic KPI:Assessing costs / benefitsAiming at low residual riskWaste is our enemy!
Source : Associazione Italiana Internal Audit (AIIA)
OBJECTIVEWAST E
RISK COST
CONTROL
THE VALUE OF THE CONTROL
Compliance : ….Embrace Change if you care about business sustainability
“It is not the strongest of the species that survives, nor the most intelligent, but the most
responsive to change.”
Charles Darwin, 1859
www.231farmaceutiche.i t