2023 Board Resources

• Compliance training is addressed in Banner’s policy entitled Banner Health Mandatory Compliance Training and Education . The Ethics & Compliance Department may require that remedial training be included, if appropriate, in corrective action plans. How is the Board kept apprised of significant regulatory and industry developments affecting the organization’s risk? How is the compliance program structured to address such risks? • The Audit Committee and Executive Committee are apprised of regulatory and industry developments that could materially affect the system by the President/CEO, Chief Compliance Officer, Chief Legal Officer/General Counsel, or Executive Director of Internal Assurance. In addition, significant developments are presented to the entire Board by the appropriate individual and/or a member of the applicable Committee. • Banner’s Compliance Program is structured to address risks by having individuals within the Ethics & Compliance Department responsible for keeping abreast of current regulatory and industry developments in their area(s). When appropriate, material risks are incorporated into the risk assessment and resulting audit plan. How are “at risk” operations assessed from a compliance perspective? Is conformance with the organization’s compliance program periodically evaluated? Does the organization periodically evaluate the effectiveness of the compliance program? • Most of the system’s “at risk” operations are reviewed through the annual risk assessment and compliance audit plan development process. In addition, the Compliance Officers assist in developing and implementing ongoing monitoring for significant “at risk” areas. Operational areas such as medical records, billing, registration, radiology, and laboratory services independently monitor their operations to help ensure there are no compliance issues. • The Ethics & Compliance Department monitors several compliance activities using various reporting measures, such as ComplyLine Activity Report, Mandatory Training Completion Report, and Management Certification Exception Report. The Ethics & Compliance Department seeks out opportunities to help the Compliance Program be more effective, efficient, and relevant. What processes are in place to ensure that appropriate remedial measures are taken in response to identified weaknesses? • Identified weaknesses may be addressed in the annual audit plan, by conducting a focused audit or a sample review, or by requiring the operational area to develop a self-monitoring plan. In addition, the Ethics & Compliance

