W207: How should you leverage internal audit? October 26, 2016

Similar documents
3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?

Internal Audit & the Audit Committee

Single Audit and Yellow Book / Govt. Audit Standards Update Presented by: William Blend, CPA, CFE

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

RSA ARCHER IT & SECURITY RISK MANAGEMENT

Firm Profile TURNING RISKS INTO OPPORTUNITIES

Internal Oversight Division. Internal Audit Strategy

4/26. Analytics Strategy

COMMUNICATING WITH THE AUDIT & COMPLIANCE COMMITTEE OF THE BOARD: LEADING PRACTICES

USDA Shared Services Journey

HEALTHCARE CONSULTING GROUP

Finance & Audit Committee Meeting

Successful healthcare analytics begin with the right data blueprint

CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

HEALTHCARE CONSULTING GROUP

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Texas Facilities Commission (TFC) Office of Internal Audit (OIA)

ROSWELL PARK CANCER INSTITUTE CORPORATION INTERNAL CONTROLS OVER PROCUREMENT AND REVENUES. Report 2005-S-15 OFFICE OF THE NEW YORK STATE COMPTROLLER

26th Annual Health Sciences Tax Conference

Charter for Group Internal Audit. Approved by the Chairman on behalf of the Board of Directors on 18 January 2018.

Enterprise Research Risk

Why do we need Internal Controls?

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Control Environment Toolkit: Internal Audit Function

A Strategic Approach to Bank Fraud

PMO In A Box. Prepared for UBS

BEATING THE FINANCIAL SQUEEZE: How to Drive Performance Transformation in Your Health System

CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

An Integrated Approach to Patient Experience Analytics

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

Bringing patients into focus

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Adopting automation in internal audit Using robotic process automation and cognitive intelligence to fortify the third line of defense

Practice Guide. Developing the Internal Audit Strategic Plan

Auditing Governments and Not-For-Profit Organizations

How can you turn digital risk into a source of competitive advantage?

Advisory Services Governance, Risk & Compliance

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

2017 Healthcare Compliance Benchmark Study

Using Infrastructure & Application Monitoring to Assure an Optimal User Experience. September 19, 2013 Presented by

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

University of Toledo Finance and Audit Committee

IIA WEST CAE ROUNDTABLE September 18, 2016

Internal Audit Appendix: IIA Standards

INTERNAL AUDIT AND ASSURANCE MANDATE

Maximizing value from your lines of defense

LI & FUNG LIMITED ANNUAL REPORT 2016

TEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 9 SUBJECT: Scope and Structure of the Enterprise Compliance Program

Genpact Intelligent Operations SM

CERTIFIED ADMINISTRATOR OF SCHOOL FINANCE AND OPERATIONS

Internal Audit Division FY 17 - Audit Plan Overview

GE Healthcare. Centricity Solutions Financial Management for Large Practices

A COMPLIANCE SOLUTION DESIGNED TO HELP PLANS MEET CMS REQUIREMENTS

CORROSION MANAGEMENT MATURITY MODEL

3/17/2016. Unleashing the Power of Data Analytics Presented to: 2016 Compliance Institute. Today s Agenda. What Makes CHAN Healthcare Unique

September Terms of Reference for the Office of the Auditor General

Taking the Lead in Revenue Cycle Transformation

CIA EXAM CONTENT. Part 1 :The Internal Audit Activitys Role in Governance Risk and Control

TEACHERS RETIREMENT BOARD. AUDITS AND RISK MANAGEMENT COMMITTEE Item Number: 8 CONSENT: ATTACHMENT(S): 1. DATE OF MEETING: November 2, 2017/ 15 mins

TRA Internal Audit Fiscal Year 2019 Audit Plan

International Finance Corporation

Positioning Internal Audit to Deliver Value

CHARTER INTERNAL OVERSIGHT OFFICE (IOO)

2/20/2014. Agenda. Allen Still & Ryan Merryman March 31, CLAconnect.com CliftonLarsonAllen LLP Continuous Auditing Programs

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Internal Auditing 101

The Enterprise Data Governance Evolution: Positioning Your Organization at the Cutting Edge of Data Quality Improvement

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Extended Enterprise Risk Management

Driving healthy growth

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

AHIMA Information Governance & The Information Governance Adoption Model (IGAM )

SESSION 405 Tuesday, November 3, 10:00am - 11:00am Track: Industry Insights

INTERNAL AUDIT PLAN AND CHARTER 2018/19

Does a disrupted Internal Audit function mean a stronger strategic partner?

Washington State University Office of Internal Audit FY 2015 Audit Plan

Office of Internal Auditing

Business Capabilities Definitions

PART 6 - INTERNAL CONTROL

A-9: Audit Committee Effectiveness

Optum Intelligent EDI. Achieve higher first-pass payment rates and help your organization get paid quickly and accurately.

executives Using health insurance exchanges to gain competitive advantage

2013 Southwind Institute

CMMI for Acquisition Quick Reference

Advancing analytics and automation within internal audit

Fixed Scope Offering For Oracle Fusion HCM SaaS Implementation

Accelerate Cash Flow. Optimizing Your Two Sources of Revenue. RelayHealth 9/18/2012

Big data strategy to support the CFO and governance agenda

The Strategic Potential of Internal Audit

Time Topic Responsible

COMPLIANCE TRUMPS RISK

WHITE PAPER. Emerging Trends to Manage your Indirect and Services Procurement Spend

Boards and internal audit: Working together to strengthen risk management

Measuring Compliance Program Effectiveness

Transcription:

W207: How should you leverage internal audit? October 26, 2016

Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2

What are your initial thoughts on internal audit? 3

Internal audit overview What is internal audit? Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. -The Foundation for the IIA Standards Define Align objective of review with management goals Define scope of review Prepare planning / scope memo Determine resources and budget Assess Conduct planning meetings Prepare data collection plan Collect preliminary data Establish detailed approach to review Analyze Establish capability of the process Identify risk to meeting objectives & goals; to organization Identify the root cause (control / process breakdown) Recommend Develop feasible recommendations to reach goals Aggregate root causes addressed by same recommendations Agree findings & recommendations with management 4

Wait! Before we go on.isn t internal audit the same as compliance? Great question! What do you think? Are they the same? How should they differ? 5

3 lines of defense Business Management Risk Management Framework Compliance and Quality Assurance Internal Audit First line of defense Second line of defense Third line of defense Reports on organization s performance Owns day to day control activities Designs & operates controls Considers costs & benefits Re-evaluates processes & controls Communicates risks & needs to board Establishes escalation methods Remediates identified risks Not independent Monitors, consolidates & reports on control performance Collaborates with management to execute controls & set best practices Verifies risk objectives are being met Monitors remediation efforts & provide inputs as needed Proactively responds to changing business needs Independent Periodically verifies the completeness and accuracy of management reported activities Provides assurance controls are designed & operating effectively to mitigate risks Reports on fraud risk Escalates non-performance to governing bodies Verifies remediation plans mitigate identified risks External Auditors Regulatory Bodies 6

Internal audit vis-à-vis compliance Definition Internal Audit Independent, objective assurance and consulting activity designed to add value and improve operations Compliance Preserve corporate integrity and adherence to a code of organization ethics and ensure compliance with regulatory matters Purpose independent appraisals of governance, risk and control review reliability and integrity of financial information safeguarding of assets review consistency with operational goals and objectives recommend operating improvements encourage the use of internal controls to monitor adherence to applicable regulations effect change as necessary to achieve regulatory compliance create organizational compliance policy and procedure, compliance training protect and secure PHI implement HIPAA Privacy and Security standards Authority Audit Committee Charter Internal Audit Charter Compliance Program Compliance Committee Charter Management Relationship Independent with no operational responsibilities; reports directly to Board or Audit Committee; does not own policies Operational responsibility for administering the compliance program; reports to management; may create and / or own policies Expertise Primarily with internal controls Primarily in regulatory matters Internal Controls Confirm internal controls are designed and operating effectively Understand, help design and encourage the use of internal controls 7

Internal audit value enhancement opportunities Strategy implications Efficiency gains Delivering future value Process improvement Monetary savings Value enhancement Improving business performance Systems development Investment decisions Emerging risks Due diligence Assessing future governance, risk management and control Law and regulation Business process & systems Projects & major contracts Financial process & systems Safeguarding assets Corporate governance Value protection Assessing current governance, risk management and control 8

Internal audit value enhancement opportunities Internal audit can provide a wide range of value-added services ranging from traditional financial assurance to organizational-wide risk management / governance models. Specifically, management is now looking for a partner to advise during critical and strategic initiatives. Potential Service Offering Financial / operational audits Assurance IT audits JSOX assessment GRM/RRM assurance Compliance audits Process and control design input Management special requests Training Proactive involvement in risk assessment and consultation Advisory role in large-scale projects (e.g., system implementation) Advisory / Consulting Objective perspective Aligned with management objectives Value add recommendations 9

Ok but why should I care? 10

Audit findings - material settlements Is your internal audit function helping you to manage these risks? How comfortable are you with your processes and controls? Institution Amount Reason University of Minnesota $32M Misuse NYUMC $15.5M Inflated research costs FIU $11.5M Effort certification & direct costs Mayo $6.5M Mischarging grants Northwestern $5M Effort Cornell $4.4M Clinical research UAB $3.4M Effort & clinical research billing Harvard/BIDMC $3.25M Costing Johns Hopkins $2.7M Effort East Carolina $2.4M Questioned costs USC $400k Questioned costs UCSF $92.5k Animal care 11

Sample projects and coverage Internal Audit Engagements Value Based Program Implementation Ambulatory Expansion Risk Management Assessment Clinical Research Billing Consultation Entity Level Controls Readiness Assessment Medical Device Security Assessment Epic Billing Reimbursement Assessment Pharmacy Operations Management Emergency Preparedness and BCM Review Compliance Projects CMS Admission Criteria- Inpatient Status vs. Observation/ Outpatient Admission Orders (Inpatient/ Observation) Evaluation and Management Services - Facility Level Coding Accuracy Anesthesia services Payments for personally performed services HIPAA / Privacy Program Attending Physician Billing Compliance Hospital Same-Day Discharges and Readmissions Provider Based Billing Status - Medicare 12

Example Clinical Research Billing Pre- Implementation Office of Clinical Research (OCR) is participating in the implementation of Epic Research for its Clinical Research Billing processes. The department has started to design its target operating model to meet new system requirements and replace the current manual, paper-based tracking system. Epic Research requires electronic billing protocols, which include charges and their related timelines to be built within the system. Approach: Conduct interviews to obtain a high level understanding of and assess the research billing target operating model Benchmark design of OCR operating model against peer institutions Assess future state processes against prior internal audit risk findings Deliverables: OCR future state workflows (process maps) Benchmarking and threshold guidance for billing grids and related protocols Formal report on potential gaps or control weaknesses with targeted recommendations for improvement 13

Example #2 Molecular Genetics and Cell Biology Department General Controls Review The Molecular Genetics and Cell Biology department was selected for review due to its sponsored award volumes and significant laboratory activity. Scope Considerations: Authorization and monitoring of PI startup packages Procedures for grant pre-award account setup Grant expenditure and payroll activities; including proper authorization, timeliness, accurate recording and related budget monitoring Procedures supporting grant award closing Asset and inventory acquisition, management and disposition Conflict of interest requirements and evaluations Travel and entertainment (T&E) policies and expenditures User provisioning and de-provisioning and system access monitoring Deliverable: Internal audit report that provides assurance over research operations, sponsored research administration and information security activities; including recommendations to enhance controls 14

Audit findings - current areas of focus Ensure you obtain the results of all reports issued by other auditors and discuss with auditors and consider any implications to the current year audit. Federal view of overall need to improve audit quality Nine month report due date is too long and could become six months and eventually three months Several GAO, AICPA and OMB led task forces reviewing aspects of the A-133 process Late reports will have consequences in the future A-133 reports and therefore audit findings to become public information Sub-recipient monitoring Cost transfers Effort reporting Direct vs. indirect charging of administrative costs Service Centers Title IV refunds Internal controls must be robust 15

Internal audit can help navigate the changing technology landscape Internal Audit functions need to evaluate their maturity and ability to help the business identify risks and opportunities in the new technology era. Staffing & Talent Management Allocating right resources towards technology audit function Strategic co-sourcing to augment specialized technical skills Staffing Accelerate Change Agents Create Change Agents Acting as change agents to drive innovation and change in Internal Audit and business Differentiating through skills, focus area, and agility to drive value and impact Strategic Partnerships Strategic Collaborating with Understan Partnerships d information technology to help manage risk and help solve business problems Changing perception from being an auditor to advisor Managing Increasing Protect Expectations the brand Helping companies address risks and identify opportunities in cybersecurity and emerging technologies Keeping Boards and Audit Committees informed Internal Audit Technical Skills Risk Coverage Create Focusing on the Right Risks Being relevant by aligning audits and reviews to enterprise-level risks, key initiatives, and relevant hot topics Conducting continuous or dynamic risk assessment Developing Technology Skills Leveraging technology as part of delivering audit engagements Building, training, and retaining technical capabilities to perform strategy, quality, and value-based technology audits 16

Internal audit analytics With the changing organizational risk landscape facing organizations, Internal Audit must focus the right level of testing at the optimal time. Internal Audit analytics methodology should use flexible, tailored technology throughout the audit lifecycle to highlight, measure, and react to key risk areas, resulting in the right audit coverage, depth and breadth. Analytics-Enabled Internal Audit Methodology The approach should tailor the use of analytics to your audit process and audit mandate to provide you with: Enhanced capabilities and re-usable analytics across risk areas Visibility to risk indicators when and where you need it Increased insight to transaction processing and compliance metrics Data Enabled Risk Assessments Analytics Driven Audit Scoping Analytics Governance and Methodology Intelligent Sampling and Modeling Analytics Libraries Consistent use of analytics to maximize coverage where you need it Toolkit and Accelerators ERP and System Expertise Industry Risk and Relevance Core technical capabilities: visual analytics, risk scoring, data profiling, CAATs, data science and predictive modeling, unstructured data analysis, text analytics, dashboarding, alert monitoring, process interrogation and time sequencing. 17

Key points Internal audit does more than protect the base Independence requirements do not impede internal audit from providing consultative services and value enhancement Leverage your internal audit as another resource 18

Questions For questions, contact: Keith Graff Grants Management Practice Leader Cell: 312 952 5753 E mail: keith.graff@pwc.com 19

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback