Analyzing and improving operational processes
|
|
|
- Shanna Prudence George
- 5 years ago
- Views:
Transcription
1 Analyzing and improving operational processes 178
2 Overview Overview of Internal Audit Review of 2017 Protiviti Survey Health Care Internal Audit Use of Data Analytics Internal Audit Transformation Questions
3
4
5 Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes The Institute of Internal Auditors
6 WhaT's Included in InTernal AudiT
7 Keys To an EffecTive InTernal AudiT FuncTion Organization s leaders must: Be open to discussing tough issues Seize opportunities to make changes for improvement Internal auditors must have: Independent reporting line to the highest governing body Authority to access all areas of the organization Support if and when their views differ from those of management
8 What Internal Audit Brings to the Table Ensures that the organization is held accountable Adds value by providing assurance, insight, and objectivity Saves substantial amounts of money Protects public reputation of organization by identifying: Operating inefficiencies Wasteful spending Employee theft Fraud Cases of noncompliance with laws or regulations
9 InTernal AudiT ResponsibiliTies Offer Insight and Advice Evaluate Risks Assess Controls Ensure Accuracy Improve Operations Review Processes and Procedures Monitor Compliance Assure Safeguards Investigate Fraud Communicate Results
10 InTernal vs ExTernal AudiTors
11 Top AudiT Plan PrioriTies Information System Controls Billing and collections Billing and collections Accounting/finance Accounting/finance Information security/cybersecurity program effectiveness Information Compliance and regulatory monitoring security/cybersecurity program effectiveness Charge capture Information System Controls Electronic health records Ancillary services Compliance and regulatory Fraud, waste, and abuse monitoring Ancillary services Accounts payable Accounts payable Compliance investigations, corporate integrity agreements, regulatory audits, inspections, and sanctions Data/information governance Charge capture HIPAA compliance HIPAA compliance Fraud, waste, and abuse Human resources, employee screening, and payroll Clinical systems Capital projects and construction Supply chain Data/information governance Denial management Business continuity and disaster recovery
12 Top AudiT Plan PrioriTies - CAEs Charge capture Billing and collections Billing and collections Accounting/finance Information System Controls Information security/cybersecurity program effectiveness Accounting/finance Ancillary services Charge capture Fraud, waste, and abuse Data/information governance Electronic health records Denial management Clinical systems Cash applications/postings Information System Controls Supply chain Cash applications/postings Clinical systems Information security/cybersecurity program effectiveness Supply chain Business continuity and disaster recovery Vendor risk management Ancillary services Fraud, waste, and abuse Patient access Data/information governance Third-party contracts and business associate agreements Patient accounting systems Accounts payable
13 HealTh care InTernal AudiT Overview: Industry continues to see high volume of changes New risks & complicated regulatory requirements Reform continues to change the way everyone does business. Risks must be effectively evaluated, now more than ever. Important to identify, prioritize, and evaluate risks that impact your organization
14 HealTh care InTernal AudiT Risk Assessment: Must understand the goals, objectives, processes, and governance structure of your organization. Identify all areas in your system that could be audited and the presence of risks in those areas. Choose smaller number of risks that are easy to quantify and relevant for the industry and your health system. Assessment of the inherent risks and internal control structure is performed; results in a uniform risk rating applied across the health system. Must move departments into the future, do not continue old methods/trends
15 Use of DaTa AnalyTics
16 DaTa AnalyTics InTernal AudiT Data Management Issues: Coordinating w/corporate information technology function Identifying where data resides Capturing needed data elements Other People/Process Challenges: Heavy audit plan workloads Budgets Lack of expertise
17 10 DaTa AnalyTics AcTion ITems 1) Recognize demand is growing 2) Expand knowledge 3) Understand budget and resource constraints 4) Use champions to lead effort 5) Expand data access & implement protocols
18 10 DaTa AnalyTics AcTion ITems 6) Identify new data sources (internal & external) 7) Increase use and reach of data based continuous auditing & monitoring 8) Develop real time snapshots or risks & incorporate results 9) Increase level of input stakeholders 10) Implement steps to measure success
19 InTernal AudiT TransformaTion Historically, internal audit departments focused on periodic and past events, and audited by financial statement categories. Example Accounts Payable Transaction Testing Select sample Verify that amount paid matched invoice Verify that transaction was properly approved Verify that amount paid was properly expensed If transaction met all criteria, the test passed. If the transaction failed to meet the criteria, the transaction failed. Determine if this was an isolated incident Determine if this was a systemic problem
20 InTernal AudiT TransformaTion Example Petty Cash Determine cash locations throughout company Verify that cash on hand matched general ledger Verify that vouchers were available for variances If so, were they used appropriately Secure access to cash If transaction met all criteria, the test passed. If the transaction failed to meet the criteria, the transaction failed. Determine if this was an isolated incident Determine if this was a systemic problem
21 InTernal AudiT TransformaTion Potential Weaknesses and/or Inefficiencies in AP Testing: Large population from which to choose Sample consists of various cost centers Sample consists of various managers with approval authority Variances may not be a good reflection of reality. 1 variance out of 25 looks like an isolated instance. Unless further testing is from same cost center & same manager, the variance may be passed. This may bury a potential problem underneath the larger sample population and company. These tests are always looking in the past!
22 InTernal AudiT TransformaTion Potential Weaknesses and/or Inefficiencies in Petty Cash Testing: Is petty cash material to the organization? Sample consists of various cost centers located in different geographies? How much do we spend in reimbursement for mileage to complete a petty cash audit? Are variances indicative of fraud or error? Again, these audits are looking at prior transactions!
23 InTernal AudiT TransformaTion To Be Effective: Internal Audit needs to be looking backwards and forward. Internal Audit needs to focus on risks to the organization and audit those with the greatest risk. Internal Audit needs to look for ways to improve efficiencies and help streamline processes to promote cost savings. Internal Audit needs to align itself with the organization and be meaningful to its customers. Board of Trustees Executive Management Senior Management Directors, Managers, and Supervisors Front line workers
24 InTernal AudiT TransformaTion Our Journey: Internal Audit Department was reintroduced. Focus was Financial Cash Inventory Fixed Assets Investments Post Implementation Reviews Some Compliance Chart Reviews Medical Necessity for DME (durable medical equipment) Medical Necessity for Ambulance Billing
25 InTernal AudiT TransformaTion Our Journey: Internal Audit Department transformation was presented and approved by Audit and Compliance Committee. Focus was Financial, Compliance & Operational Audit by Location/Department Audits were selected based upon auditor risk perceptions & around Epic Training Audits included: Critical Access Hospitals Physician Practices Physician Contracts
26 InTernal AudiT TransformaTion Our Journey: Internal Audit Department transformation continued to evolve. Focus remained Financial, Compliance & Operational Continued to audit by Location/Department Audits were selected based upon auditor & management risk perceptions. Audits included: Credentialing Heart and Vascular Surgical Services Emergency Department TAVR Physician Contracts Laboratory Urgent Care Centers
27 InTernal AudiT TransformaTion Our Journey: 2018 Internal Audit Department adds Post Implementation Reviews of New Service Lines and Continuous Monitoring Projects. Seeks to become more of a consultant prior to implementation. Focus remains Financial, Compliance & Operational Will continue to audit by Location/Department. Audits selected based upon auditor & management risk perceptions & Management/Director requests. Audits will include: Cancer Center Leased Practice Arrangements New Cath Lab Joint Ventures Continuous Monitoring APC Contracts
28 InTernal AudiT TransformaTion Value Added Observations: Specimen Flow in OR Heart & Vascular and Cath Lab TAVR Documentation Epidural Charges Physician Contract Management Documentation and Billing 340B Drug Pricing
29 QUESTIONS? Adam T. McKenery, MBA, CIA Valley Health System Director Internal Audit voice: e mail: amckener@valleyhealthlink.com Jack H. Lynn Arnett Carbis Toothman LLP Manager Health Care Services voice: e mail: jack.lynn@actcpas.com
30 LUNCH HERE COMES TO FOOD DOO DOO DOO DOO AND I SAY, LET S EAT LUNCH