This course will offer an introduction to the theory and practice of corporate risk and compliance. This context is useful for the practicing lawyer and, increasingly, is a career path unto itself. The instructor, Kimberly Otte, JD, MA, is Chief Risk Officer at Mayo Clinic.
This course will not focus on the regulations or on criminal prosecution. Rather, we will focus on the governance, processes and behavioral controls that permit an organization to not just manage but, more importantly, optimize risk. We will answer: What constitutes a good risk management program? What is an effective compliance program? What is a risk-based approach to compliance? How do these formal programs provide corporate controls? We will study the still maturing definitions and indices of a good risk management program – the ability to identify, evaluate and manage risk to maximize the objectives of the company. We will use corporate case studies to understand the Office of Inspector General’s seven elements of an effective compliance program – governance, policies, education, reporting, monitoring, enforcement, and response.
This class should prepare a law student to speak the broader language of risk and compliance and to understand how an in-house role in risk functions with corporate governance, the legal department and organizational leadership. The format will be lecture and discussion with an emphasis on practical written communications. I will share practical samples of education modules, policies, risk registers, risk appetite statements and other deliverables commonly assigned to the risk or compliance professional.
The textbook (Corporate Compliance by Carole Basri, 2017, Carolina Academic Press) and learnings apply to all industries. Due to my professional experience in the health care industry, we will utilize many examples from health care and will address the intersection with health care policy and bioethics.