Introducing the Internal Compliance Audit | ComplianceBridge

Introducing the Internal Compliance Audit

Written by Risk Management Team on October 4, 2021

A compliance audit evaluates a company’s compliance with regulations and rules such as Section 340B of the Public Health Service Act, which grants preferred drug pricing. Covered entities (CE) are subject to audits by participating manufacturers or the federal government. These audits may reveal non-compliant practices and cause an organization to be liable to refund discounts or even trigger removal from the program. 

If you are a 340B covered entity, you should be performing internal compliance audits for unique insights that can help prepare you for the eventual external audit. This article will explain how you can prepare for external program audits by keeping auditable records, documenting compliance with 340B requirements, performing assessments, and correcting errors.

Internal Compliance Audit: Preparation

The first step to preparing your organization for a 340B external compliance audit is to correctly document policies, procedures, key personnel, internal controls, plans, and checklists.

Policies and Procedures

Policies and procedures should be in place to ensure a CE is meeting 340B program requirements. To meet those requirements set by the Health Resources and Services Administration (HRSA), you should document policies and procedures that support the following:

  • Maintaining CE information within the Office of Pharmacy Affairs Information System (OPAIS) up to date. 
  • Showing eligibility and managing annual recertification
  • Preventing the transfer or sale of 340B drugs to ineligible patients
  • Preventing duplicate discounts from the 340B and Medicaid drug rebate programs
  • Preparing for external program audits. 

Key Personnel 

Two essential personnel are the Primary Contact and Authoring Official, who manage annual recertification allowing the covered entity to continue buying drugs at 340B prices. Beyond recertification, the steps to supporting compliance with the 340B program can affect multiple departments within a CE. Coordinating with personnel from these departments can help ensure that critical stakeholders are contributing to critical decisions on the 340B program.

Personnel includes those from the following departments:

  • Pharmacy department is often the project owner and manages the 340B program implementation.
  • Reimbursement department will manage your National Provider Identifier(s) (NPI) for registration.
  • Billing department assesses billing needs for Medicaid and Medicare if necessary.
  • IT department can help manage implementations of third-party administrator (TPA) software.
  • Compliance team or full-time employee will develop internal audit procedures.

Internal Controls

Internal controls, from an auditing perspective, are processes used to support compliance. For example, with the 340B program, internal controls are essential to help prevent a CE from selling drugs with 340B pricing to ineligible patients. Setting up third-party administrator software (TPA) for aligning purchasing is an example of internal control. 

Plans and Checklists

Plans and checklists — such as this one — can help a CE prepare for external audits or have processes to respond to noncompliance. Internal audits are critical for staying compliant with the 340B program, and most organizations should complete internal audits at least once a month. If noncompliant, a CE should have a plan to resolve the issue, including repayment to the manufacturer and reporting to HRSA if necessary.

Finally, when HRSA selects you for an external audit, you should have a plan to know how to respond. This plan should enable you to pull together essential stakeholders within your organization, pull together information typically requested by HRSA, and have a communication plan to supply regular updates.


At a minimum, everyone involved in the 340B program should have at least a basic understanding of the program and how their role impacts the organization’s ability to remain compliant. You should prepare role-specific training for the following roles:

  • Purchasing 
  • Dispensing
  • Billing
  • Auditing
  • Operations
  • Leadership.

Equally as important is preparing an onboarding training plan for new staff and hosting annual staff competency refreshers.

Internal Compliance Audit: Self-Assessments

When enrolled in a program like 340B, frequent audits help minimize the risk of becoming noncompliant and being liable to repayments or losing program eligibility. An internal compliance audit can also help organizations assess typical issues such as missing data, operational barriers, staff knowledge gaps, or incomplete auditable records. 

Software audits can help perform data integrity assessments based on your chosen inventory or billing systems. In contrast, staff knowledge audits require a more direct approach through observation in their roles.

Another helpful technique is to collect sample transactions, like how an external audit would perform, and verify that each transaction is accessible and compliant with the 340B program requirements.

Internal Compliance Audit: Insights

It should be clear by now that participation in the 340B program is no trivial pursuit, requiring a heavy investment in time and resources. Insights from an internal compliance audit can help calculate a 340B program’s net financial impact, help organizations assess the value of staying in the program, and find areas for improvement.

To show your organization’s net financial impact for taking part in 340B: 

  • Calculate 340B savings by looking at the difference between 340B pricing and the usual pricing for all outpatient purchases.
  • Calculate the compliance maintenance cost to support the program, including split-billing software fees, legal fees, consultant fees, internal education costs, and employee time.
  • Calculate the net financial impact by taking the difference between 340B savings and the compliance maintenance costs. 

Insights from performing monthly internal compliance audits can also help you find areas for improvement such as documentation, policies, procedures, and more. By knowing where to target your compliance efforts, you’ll be better able to control costs related to administering the program. And, when you close up these weaknesses, the organization as a whole will be better because of it. 

Streamline the Internal Compliance Audit Cycle with ComplianceBridge

ComplianceBridge’s auditing software is a more sustainable, affordable way to manage your internal compliance auditing cycle. Use ComplianceBridge to create question sets easily and weigh each question differently to aid in analysis. Send questions out to precisely who needs them, and watch in real-time as results come in. Reminders will ensure everyone completes their questions on schedule.

ComplianceBridge will help you analyze responses and see areas for improvement. After you have collected your insights and garnered feedback, use ComplianceBridge’s policy management software to update your existing policies and inform critical stakeholders with targeted distribution.

Internal compliance audits are the best way to prepare for 340B external compliance audits, and ComplianceBridge is the best software suite to manage them. Request a demo with ComplianceBridge today.

Watch a 2 Minute Demo of ComplianceBridge

Find out more about ComplianceBridge’s Policy & Procedure Software, as well as its Risk Management Software by watching a two-minute demo.

Watch Demo Now