Scenario: Suppose RutRo required its first tier entities to submit an attestation by the 15th
of each month, attesting that it had screened its employees against the OIG/GSA exclusion lists
the previous month.
Example of monitoring FDRs: The monitoring of this requirement might be a spot check of
varying first tier entities monthly to see if they had timely submitted the attestations. If the
sponsor found from this monitoring that month after month a significant percentage of the
number of entities checked were not submitting the attestation, then the sponsor has a good
early indication that there is a compliance problem.
Example of auditing FDRs: The outcomes of RutRo’s ongoing monitoring trigger a formal
audit of the non-compliant first tier entities. The Sponsor’s independent audit team uses its
organization audit tools and CMS audit protocols to perform a detailed review of the entities’
policies and processes to identify the root cause of the noncompliance. Some questions that
may be asked during the audit may include: Is there a problem with submitting the attestation?
