CMS-10717 CPE Compliance Officer Questionnaire Compliance Officer

Program Audit Data Request
Compliance Program Effectiveness (CPE)
Compliance Officer Questionnaire (CO-Q)

Name of Sponsoring Organization:
Click or tap here to enter text.
Contract Numbers:
Click or tap here to enter text.
Name and Title of Person Completing Questionnaire:
Click or tap here to enter text.
Date Completed:
Click or tap here to enter text.
This questionnaire will assist CMS with understanding the Sponsoring organization’s
mechanisms for overseeing the performance and effectiveness of the compliance program from
the compliance officer’s perspective.
Please upload the completed form to HPMS within 15 business days of receiving your audit
engagement letter.
We recognize that your time is valuable and appreciate your availability to provide responses to
our questions regarding the compliance program. The responses to these questions may be
discussed during the CPE audit.
Please specifically note the following when completing the questionnaire:
•
•
•
•
•
•

•

•

“You”, “your” refers to your organization, not necessarily a specific person.
“Employees” refer to employees, including senior management, who support your Medicare
business.
“Compliance Officer” refers to the compliance officer who oversees the Medicare business.
“CEO” refers to the Chief Executive Officer of the organization or the most senior officer,
usually the President or Senior Vice President of the Medicare line of business.
“Compliance Program” refers to your Medicare compliance program.
If the Medicare contract holder is a wholly owned subsidiary of a parent company, references
to the governing body, CEO, and highest level of the organization’s management are to the
board, CEO and management of the company (parent or subsidiary/contract holder) that the
organization has chosen to oversee its Medicare compliance program.
“First Tier Entity” refers to any party that enters into a written agreement, acceptable to
CMS, with an organization to provide administrative services or health care services to a
Medicare eligible individual under the Part C and/or Part D program.
“Downstream Entity” refers to any party that enters into a written agreement, acceptable to
CMS, with persons or entities involved with the Medicare Part C and/or Part D benefits
below the level of the arrangement between an organization and a first tier entity. These

Page 1 of 5

OMB Approval 0938-1395 (Expires 05/31/2024)

Program Audit Data Request
Compliance Program Effectiveness (CPE)
Compliance Officer Questionnaire (CO-Q)
written agreements continue down to the level of the ultimate provider of both health and
administrative services.
•

•

“Related Entity” refers to any entity that is related to an organization by common
ownership or control, and
o performs some of an organization’s management functions under contract or delegation,
o furnishes services to Medicare enrollees under an oral or written agreement, or
o Leases real property or sells materials to the organization at a cost of more than $2,500
during a contract period.
Unless specific reference is made in the question to the term “governing body”, it means
either the full board of directors or a committee of the board of directors delegated to conduct
oversight of the day-to-day operation of the Medicare compliance program on behalf of the
full governing body.

1. How long have you been employed with the Sponsoring organization and served as the

Medicare Compliance Officer?

Click or tap here to enter text.
2. Provide a general overview of your responsibilities as the Compliance Officer.
Click or tap here to enter text.
3. Do you have any other responsibilities in addition to being the Compliance Officer for

this Sponsoring organization? If yes, please describe those positions and responsibilities.
Click or tap here to enter text.

4. What resources do you use to keep current on CMS requirements, and, compliance,

audit, and enforcement information and activities? How is this information shared
throughout your organization and First Tier, Downstream, and Related Entities?
Click or tap here to enter text.

5. Briefly explain how you approach a new situation, emerging issue or new CMS policy

where an internal policy or process is not in place to respond to the issue or implement
the new requirement.
Click or tap here to enter text.

6. How is the compliance department informed and kept up-to-date on tasks and

assignments that have been delegated to internal operations and First Tier,
Downstream, and Related Entities?
Click or tap here to enter text.

7. Briefly explain how you would handle a compliance issue that involves a Medicare

operational area and/or a First Tier, Downstream, and Related Entity that impacts

Page 2 of 5

OMB Approval 0938-1395 (Expires 05/31/2024)

Program Audit Data Request
Compliance Program Effectiveness (CPE)
Compliance Officer Questionnaire (CO-Q)
enrollees’ timely access to their health or drug benefits? Provide an example if you
have one.
Click or tap here to enter text.
8. Describe how you handle, or would handle poor compliance performance of Medicare

operations within your Sponsoring organization.
Click or tap here to enter text.

9. Briefly describe the communication process between the compliance officer, compliance

committee, senior management and governing body. Please provide an issue, or topic,
you reported to the committee, CEO or senior-most leader and governing body.
Click or tap here to enter text.

10. As the Compliance Officer, what types of decisions do you make at your level

without consulting with your leadership? What indicators or triggers are used to
determine when and what to escalate to your leadership?
Click or tap here to enter text.

11. Describe how the compliance department determines what issues to escalate to the

governing body? Include, how and when the parties are advised of operational and
regulatory compliance activities (e.g., critical discussions with the CMS Account
Manager, Notices of Non- Compliance, Civil Money Penalties, Marketing/Enrollment
Sanctions).
Click or tap here to enter text.

12. How do you measure employee, governing body member, and First Tier, Downstream,

and Related Entity awareness and understanding of the compliance program?
Click or tap here to enter text.

13. Briefly explain how compliance program education and training is implemented. Please

include the timing/frequency, the vehicle for distribution, mechanism for tracking and
to whom it is provided.
Click or tap here to enter text.

14. What is your process to ensure written policies and procedures and standards of

conduct are available within your Sponsoring organization?
Click or tap here to enter text.

15. How do you ensure that your staff is aware of disciplinary standards?
Page 3 of 5

OMB Approval 0938-1395 (Expires 05/31/2024)

Program Audit Data Request
Compliance Program Effectiveness (CPE)
Compliance Officer Questionnaire (CO-Q)

Click or tap here to enter text.

16. What reporting mechanisms are in place to communicate concerns/issues (i.e.

operational areas compliance, fraud, etc.) to the compliance department?
Click or tap here to enter text.

17. Since CMS no longer collects call logs for program audit purposes, what has your

organization done to ensure that incoming requests are handled properly?
Click or tap here to enter text.

18. During the review period, how many compliance issue reports did you receive? If

multiple reporting mechanisms are available, please provide a breakout by mechanism.
Ex: compliance hotline, FWA hotline, web, drop box, etc.
Click or tap here to enter text.

19. How often do you check your mechanisms, and what assurance do you have that your

mechanisms are confidential?
Click or tap here to enter text.

20. How do you ensure the Medicare compliance program is effectively identifying and

correcting compliance and fraud, waste, and abuse issues/incidents? Has this been
effective?

Click or tap here to enter text.
21. Describe the methods or process used for tracking compliance issues through resolution

and remediation and to ensure the root cause has been addressed to prevent recurrence
(e.g. centralized tracking database, logs, etc.).
Click or tap here to enter text.

22. Briefly explain your system for identifying compliance risks.
Click or tap here to enter text.
23. Briefly describe how you create and implement auditing and monitoring for compliance

and oversight of Medicare operations.
Click or tap here to enter text.

24. Describe the process for sharing the results of internal monitoring and auditing activities

with parties within the organization.
Click or tap here to enter text.

Page 4 of 5

OMB Approval 0938-1395 (Expires 05/31/2024)

Program Audit Data Request
Compliance Program Effectiveness (CPE)
Compliance Officer Questionnaire (CO-Q)
25. Explain how your organization tracks, measures and documents the

effectiveness of its compliance program.
Click or tap here to enter text.

26. Do you have any questions or comments for CMS?
Click or tap here to enter text.

According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it
displays a valid OMB control number. The valid OMB control number for this information collection is 0938-1395 (Expires
05/31/2024). This is a mandatory information collection. The time required to complete this information collection is estimated
to average 701 hours per response, including the time to review instructions, search existing data resources, gather the data
needed, and complete and review the information collection. If you have comments concerning the accuracy of the time
estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: PRA Reports Clearance
Officer, Mail Stop C4-26-05, Baltimore, Maryland 21244-1850. ****CMS Disclosure**** Please do not send applications,
claims, payments, medical records or any documents containing sensitive information to the PRA Reports Clearance Office.
Please note that any correspondence not pertaining to the information collection burden approved under the associated OMB
control number listed on this form will not be reviewed, forwarded, or retained. If you have questions or concerns regarding
where to submit your documents, please contact [email protected].

Page 5 of 5

OMB Approval 0938-1395 (Expires 05/31/2024)