 | LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH | | | Policy 106.16 Annual Compliance Program Office Risk Assessment
| | Policy Category: Administrative | | Distribution Level: Directly Operated Programs | | Responsible Party: Compliance, Privacy, and Audit Services Bureau | | | | Approved by Marvin J. Southard, DSW, Director, on September 1, 2008 | | | |
|
| I. PURPOSE
| | To comply with the Office of Inspector General (OIG) recommendation that health care organizations regularly examine the status of operations from a compliance perspective.
To establish a baseline for the Compliance Officer and other managers to judge the progress of the Los Angeles County Department of Mental Health (DMH/Department) in reducing or eliminating potential areas of vulnerability. (U.S. Sentencing Guidelines as amended November 1, 2004)
| | II. DEFINITIONS
| | Risk: An observable event or action that can have a material effect on the reputation, financial, operational, or strategic performance of the organization.
Risk Assessment: A means of determining organizational compliance risk distinct from program risk. This assessment is prospective in nature and considers exposures that are strategic, operational, financial, and legal in nature.
Risk Prioritization Score: This is the complete score for each item listed as a risk area. This score will be used to prioritize the risk areas from highest risk down to lowest risk.
| | III. POLICY
| | The Compliance Program Office (CPO) will develop a risk assessment tool that will be approved by the Compliance Program Steering Committee (CPSC). The assessment tool will be evaluated on an annual basis for purposes of making improvements in the assessment process.
The risk assessment tool will include the following elements: -
An evaluation of Federal Health Care Requirements -
The OIG’s Work Plan -
Special advisory bulletins and fraud alerts -
Audit reports -
Evaluation of internal controls -
Evaluation of HIPAA Privacy and Security -
Hotline/Office of County Investigation (OCI) allegations -
Interviews of leadership and managers The assessment will determine the: -
Risk impact on the Department’s mission, i.e., reputation, financial operations, and legal actions -
Vulnerability in relation to likelihood and detectability -
Current Control Environment -
Risk Prioritization Score The outcome of the risk assessment will be used to determine the ongoing work activities of the CPO.
| | IV. PROCEDURES
| Procedures - Annual Compliance Program Office Risk Assessment
| | V. AUTHORITY
| | | | VI. ATTACHMENTS
| | | |
|