Compliance Program Effectiveness (CPE) protocols help to evaluate performance in the Centers for Medicare and Medicaid Services (CMS) Program Audit Protocol and Data Request related to Compliance Program Effectiveness. The CMS performs its program audit activities in accordance with the CPE Program Audit Data Request and applies compliance standards outlined in this Program Audit Protocol and the Program Audit Process Overview document. At a minimum, CMS will evaluate cases against the criteria listed below. CMS may review factors not specifically addressed below if it is determined that there are other related Compliance Program Effectiveness requirements not being met.

  • Audit Elements Tested
  • Prevention Controls and Activities
  • Detection Controls and Activities
  • Correction Controls and Activities

Inovaare compiled these tables from information contained within the CMS website and displayed the 2021 audit protocol changes in an easy-to-follow format. The red font indicates critical areas health plans need to address and the blue font indicates the actual data required. This table is available for download through the link at the bottom of the page.

Table 1: COA (Combines 1: FTEAM, 3. IA and 4. IM)

2021 Draft

Component 100 CHAR Enter the name of the Sponsoring organization’s department, operational area, or First Tier Entity that is the focus of the oversight activity.
Activity Type 30 CHAR Enter the activity type as:
• Auditing
• Monitoring
• Investigations
Compliance or FWA? 10 CHAR Enter whether the activity was:
• Compliance
• FWA
• Both
Activity Frequency 30 CHAR Enter the frequency of the oversight activity. Valid values include but are not limited to:
• Daily
• Weekly
• Bi-monthly
• Monthly
• Quarterly
• Semi-anually
• Annually
• Ad-hoc
Activity Rationale 200 CHAR Enter the rationale for conducting the activity (e.g., routine audit stemming from risk assessment and/or work plan, referral from FTE, or hotline complaint, operational failure/metric outlier/etc., or audit activity was implemented because the function has an immediate impact on enrollees’ access to immediate medical care and prescription drugs).
Activity Description 400 CHAR Provide a description of the activity (e.g., operational area, training requirements, timeliness, accuracy of organization determinations and notifications, messaging errors, contractual agreements, unannounced or onsite audits, spot checks, compliance monitoring, targeted or stratified sampling, audit protocols).
Activity Start Date 10 CHAR Enter the date that the specific activity was initiated. For example, if the Sponsoring organization started an audit of the appeals process/ function within the Sponsoring organization on January 1, 2020, that is the date that would be used for the date the activity started.
Submit in CCYY/MM/DD format (e.g., 2020/01/01).
Activity Completion Date 10 CHAR Enter the date that the specific activity was completed. For example, if the Sponsoring organization completed an audit of the appeals process/function within the Sponsoring organization on January 31, 2020, that is the date that would be used for the date the activity ended.
Submit in CCYY/MM/DD format (e.g., 2020/01/01).
Enter TBD (To Be Determined) if the activity is currently in progress.
Number of Deficiencies 3 CHAR Enter the number of deficiencies, findings, or issues identified.
Enter TBD if deficiencies have yet to be identified for an ongoing activity.
Description of Deficiencies 1000 CHAR Provide a summary of all deficiencies, findings or issues identified during the oversight activity. If the oversight activity is identified in the pre-audit issue summary submitted to CMS, please include the issue number.
Enter TBD if deficiencies have yet to be identified for an ongoing activity.
Corrective Action Required 3 CHAR
  • Enter “Yes” if any deficiencies were identified during the activity and they required a corrective action.
  • Enter “No” if none of the deficiencies identified during the activity required a corrective action.
  • Enter “TBD” if corrective actions have yet to be determined for an ongoing activity.
Activity Results Shared? 50 CHAR Enter whether activity results were shared:
  • ‘No’ if the results were not shared, or
  • ‘Yes’ if the results were shared.
Also enter the name of the person or Group with whom activity results were shared.
  • Yellow: Audit Review Period
  • Blue: valid values
  • Red: important information to recognize

Download table

Disclaimer: The data included in these tables are transposed directly from the CMS website and have not been edited for grammar and format consistency. Inovaare distilled the content for your convenience and educational purposes; it should not be used as a substitute for health plan compliance team authorization. Due to the unique needs of health plans, the reader should consult her or his compliance officer to determine the appropriateness of the information contained herein.