Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Similar documents
Future of Revenue Cycle: Hospital and Physician Collaboration. Rosemary R. Sheehan, Vice President Revenue Cycle Operations March 7, 2017

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

: Chief Financial Officer and Head of Corporate Services

Risk Management Strategy

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Practice Guide. Developing the Internal Audit Strategic Plan

CHECKLIST. 7 Steps to Conducting The Perfect Audit

Creating a Culture of Compliance Through Effective Program Structure 2012 HCCA Compliance Institute

From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits

Health Policy Newsletter

The Future of Internal Auditing:

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

ISACA. The recognized global leader in IT governance, control, security and assurance

2017 Healthcare Compliance Benchmark Study

Compliance Plans. Kelly S. McIntosh July 20, 2017

EFFICIENT USE OF AUDIT COMMITTEES

Session 7: Corporate Governance

Enterprise Risk Management

4/9/2015. Large Hospitals and Health Systems HCCA 19 th Annual Compliance Institute. Session Goal. Discussion Facilitators: PREAM1 APRIL 19, 2015

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

Introductions. Enterprise Risk Management. Thinus Nienaber. Why are You here? Where are You coming from? Where are You going?

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY2016

Henry Ford Health System s Baldrige Journey: Driving Accountability for Excellence. June 25, Kathy Oswald Chief Human Resources Officer

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN

Fraud Risk Management

Internal Oversight Division. Internal Audit Strategy

2012 IIA Standards Update

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Measuring Compliance Program Effectiveness

National Director, World Vision South Africa

GOVERNANCE STRATEGY October 2013

Maximizing Your Return on Investment with HIPAA Compliance:

Healthcare Expertise for Your Business

TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED

Large Hospital Systems

Enterprise Risk Management A Practical Approach to Implementation

Enterprise Risk Management. Applying enterprise risk management to environmental, social and governance-related risks.

1. Definition & Mission

Mergers and Acquisitions: Factors to Consider When Restructuring a Compliance Program. HCCA Compliance Institute, Orlando, FL April 21, 2015

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

Vanderbilt s Transformation Journey

IIROC 2015 Financial Administrators Section Conference

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT

THE BODY OF KNOWLEDGE FOR MEDICAL PRACTICE MANAGEMENT A FRAMEWORK FOR SUCCESS

VUMC experience with streamlining and cost cutting

From Dubai to Beijing

2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org

Office of Audit Services Annual Audit Plan For the Year Ending August 31, 2018

Compliance Program Effectiveness Guide

Solvency II and Risk Management: Generali Group approach. Stefano Ferri Group Chief Risk Officer Generali Group

NYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri

A Risk Management Framework for the CGIAR System

Tracking and Measuring Physician Relations

Biopharmaceuticals Investor & Analyst Day

The Value of Agile Self-Service Analytics. Mike Zuschin Director, Decision Support & Business Intelligence March 3 rd 2016

WELLS FARGO & COMPANY CORPORATE GOVERNANCE GUIDELINES

Taking the Lead in Revenue Cycle Transformation

What Every Internal Auditor Should Know Perspectives of a Chief Compliance Officer

Taking ERM to a. 6 GRC Today / October 2015

Executive Compensation

Benchmarking 101: Shaping your E&C Program for Maximum Value

Effective Practice Manager/Physician Relationships

Oklahoma Health Care Authority

7 Keys to Successful Physician Hospital Joint Ventures

Third Party Risk Management ( TPRM ) Transformation

Global Expectations for Addressing Fraud Risk and the Investigative Process

Managing Denials: Covering all the Bases

Advisory Services Governance, Risk & Compliance

See your auditor clearly. Transparency report: How we perform quality audit engagements

BENEFITS OF AN EFFECTIVE OUTSOURCING STRATEGY. March 1, 2017

The Framework of Public- Private Partnerships. by Richard Norment, NCPPP

EU health policy. Strategy for the pharmaceutical industry and biosimilars. Salvatore D'Acunto. DG Research. DG Internal Market. DG Health & Consumers

Top 5 Must Do IT Audits

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

HIPAA: Overview and Impact On Revenue Cycle

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

A Marketing Makeover Changing the Perception and Image of Your Internal Audit Department AHIA Annual Conference

What We Will Cover Today

Quality Assurance and Improvement Program (QAIP)

Healthcare s New Change-Maker: The CFO

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

Audit Committees: A Self-Assessment Checklist

Lab Outreach Connectivity

CSR STRATEGY, GOVERNANCE & MATERIALITY

Closing the Gaps In Senior Care Hiring

HCA ETHICS AND COMPLIANCE PROGRAM

Re: IOSCO Growth and Emerging Markets Committee Corporate Governance Taskforce Report on Corporate Governance

Scottsdale Institute IT Benchmarking

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Auditor General s Office REVIEW OF THE CITY SAP COMPETENCY CENTRE APPENDIX 1. June 1, 2010

Speed to Value: How Data Drives Clinical Insights. November 15, pm 3 pm ET

Training Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch

Healthcare Provider IT Services Service Provider Landscape with Services PEAK Matrix Assessment 2017

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Transcription:

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines of Defense What is Enterprise Risk Management (ERM) Cleveland Clinic s Approach to ERM 2 1

Cleveland Clinic Background Unrestricted Revenue of $7.2 Billion Total Assets of $13.7 Billion 49,000 Employees 1,800 Residents & Fellows 6 Million Annual Patient Visits Over 2,500 Research Protocols 3 Cleveland Clinic Background (cont d) Main Campus Founded in 1921 - Structured as a Group Practice - 3,200 Physicians and Scientists - 11,200 Nurses - 4,450 Beds - 208,800 Surgeries 16 Family Health Centers 10 Community Hospitals Las Vegas, Abu Dhabi, Canada, London 4 2

Healthcare Risk Environment Mounting Financial Pressure & Transparency Shift to Value-Based Care Constrained Resources Reduced Reimbursements Regional, Clinically Integrated Networks Competitive Intensity Uncertainty 5 Preventative Medicine vs. Surgery Ombudsman: Patient Advocate Law Department: - Protect the Entity - Tell The Truth Integrity Office: - Transparency - Ethics - Do the Right Thing - Tell The Whole Story 6 3

7 Audit & Compliance Today More Than Just Billing & Balances Process Focused Patient Focused - Quality - Privacy/Security - Transparency Focused on Implementation of the Law - Must Know Operations/Processes - Speak the Language - Staffed with Many Disciplines 8 4

Integrity Office Audit Committee of the Board of Directors Board of Governors CEO Chief Integrity Officer Corporate Compliance Committee IT Security Office of Internal Audit Office of Corporate Compliance 9 Integrity Office (cont d) Internal Audit and Corporate Compliance Under One Umbrella - Leverages Resources - Shared Focus on Risk - Shared Focus on Processes - Still Independent of Each Other Located in the C-Suite Independent of Law Department Separate from Clinical Compliance 10 5

Integrity Office (cont d) Many Backgrounds Required for Integrity Program Effectiveness - CPAs - IT - Forensics - Nursing - Billing/Coding - Research - Pharmacy - Legal - Risk Management 11 Three Lines of Defense First Line of Defense -- Operations Institute of Internal Auditors - Risk Management Position Paper Term from Medieval Castle Systems - Moats - Stone Walls - Interior Forces Focused on External Risks 12 6

Three Lines of Defense (cont d) Second Line of Defense Risk Management Corporate Compliance Clinical Compliance Law Department Supply Chain 13 Three Lines of Defense (cont d) Third Line of Defense Independent Assurance - Internal Audit - External Audit 14 7

What is Enterprise Risk Management Important executive management responsibility to assure key risks are addressed Requires a portfolio review of risk Method to manage uncertainty and volatility Proactive and Strategic: minimize threats and capitalize on opportunities Ongoing process 15 ERM is not Replacement for internal controls Method to eliminate all risk Rigid set of rules to follow in all respects Exactly the same from year to year 16 8

Cleveland Clinic Approach to ERM Audit Committee Executive Session ERM is not the: - Internal Audit Risk Assessment - Corporate Compliance Risk Assessment Risk Evaluation Processes not Documented Not Tied to Strategy 17 Cleveland Clinic Approach to ERM (Cont.d) ERM Program Initiated - Define ERM Project Plan - Establish ERM Governance Structure - Determine Risk Appetite - Tie ERM to Strategy 18 9

ERM Project Summary Phase I Phase II Phase III Phase IV Engagement Planning & Launch Enterprise Risk Identification & Assessment Define Desired State ERM Program & Recommendations ERM Program Implementation Define Project Goals Committee Education Retain Consultant Create Awareness Current State Assessment Document Review Conduct Interviews Assess overall ERM capability Identify Risks and Risk Owners Analyze Information Validate and Prioritize Document Mitigation Steps and Gaps Validate Risk Profile and Rankings Develop Governance and Oversight Framework Determine improvements / Action Plans Develop Awareness and Education Plan Design Reporting and Monitoring Activities 19 Enterprise Risk Management Governance Structure Board of Trustees CEO Council Executive Committee Planning ERM Steering Committee Strategic Council Leadership Council Performance Improvement ERM Working Groups Strategic Planning Financial Planning Internal Audit 20 10

Established ERM Steering Committee Members from Executive and Operations Management Performed Risk Interviews Determined Top 20/10/7 Risks Tied Risks to Strategy Approved by Board of Directors Established Teams to Address Risks Monitored Risk Management Process 21 Strategic Healthcare Risk Universe External Financial Operational People Compliance Business Model Governance Resource Allocation M & A Planning Market Dynamics Network Development Investor Relations Media Relations Economy Political Environment Regulatory Structure Capital Availability Investment Risk Revenue Cycle Benefit Obligations Foreign Currency Cash Management Payer Mix Accounting and Reporting Supply Chain Information Technology Physical Assets Patient Safety and Quality Research Natural Disasters Succession Planning Labor Relations Recruitment and Retention Training and Development Company Culture Tax Compliance Anti-trust Regulatory Provisions (HIPAA, HITECH, RAC) Conflict of Interests Health and Safety Environmental 22 11

Top Risks Mapped to Strategic Initiatives Cleveland Clinic Top Risks Growth Cleveland Clinic Strategic Initiatives Integration Research & Education 23 ERM Risk Evaluation Cycle Annual Assessment Monitor Management & IA Assessments Continuous Evaluation Mitigate Assess Steering Committee & Audit Committee ERM Team Business Leaders Internal Audit 24 12

Integrity Office Involvement Plays an important role in monitoring ERM, but does NOT have primary responsibility for its implementation or maintenance Reviews internal controls and risk management processes Reviews management s risk assessments Provides advice on the improvement of internal controls and risk mitigation strategies Facilitate ERM education Communicates to Management and the Board 25 26 13

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback