Upload
doris-rich
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
Internal Audit – Adding Value
AHIA NW Regional Seminar
May 7, 2010
April 19, 2023 2
Introductions
Legacy Health> 6 hospital system in Portland metro
region
Management Audit Services (MAS)> 4 person department with broad
responsibilities
Joyce L. Lang> 16 years as IA director, 9 in healthcare
April 19, 2023 3
Background
Audit Committee Chair’s request – find out how others “add value”
Surveyed a sample of healthcare CAEs
No definitive answer
Recurring themes – revenue enhancement/ cost savings audits, balanced scorecards
April 19, 2023 4
PurposeShare information collected and provide specific examples of
> Revenue enhancement/cost savings audits> Balanced Scorecards
Share MAS “new approach”
Provide opportunity for peer-to-peer exchange
So you can take away ideas to formulate your own definition of “Adding Value”.
April 19, 2023 5
Revenue Enhancement and Cost Savings Audits
Source> Queried CAEs who responded to survey for
descriptions of specific audits> Discussion topic at CAE Roundtable in LA
Types> Revenue Enhancement = Charges> Cost Savings = Purchasing, Contracts, Labor
and Construction
April 19, 2023 6
Revenue Enhancement Audits - Handout
Audit Topic Dollars
Implantable devices $400K/yr, net
Pharmaceuticals
Clinic purchases & immunizations *
Administration charges *
Not charged *
Retail Pharmacies – Adjudicated prices
$100K/yr
1% - $66K
$4.5 million
$180K
April 19, 2023 7
Revenue Enhancement Audits - Handout
Audit Topic Dollars
Radiology – Contrast * $18K/yr
Infusion
Charging *
Missing orders, missing start & stop times *
$100K/yr
$2 million
April 19, 2023 8
Cost Savings Audits - HandoutAudit Topic Dollars
Purchasing
Pricing of supplies under GPO *
Bulk purchasing of high cost items *
Duplicate payments *
$200K
$400K/yr
$150K recovered
Contracts
Outsourced collection
Performance terms
$38K
$71K recovered
April 19, 2023 9
Cost Savings Audits - Handout
Audit Topic Dollars
Labor – Abuse of 7/8 minute rule * 2 free days
Construction
Job cost billing
General conditions – not allowable
Work reduction cost adjustment
Change orders
$714K
$194K
$361K
$170K
April 19, 2023 10
Revenue Enhancement and Cost Savings Audits
Your successes and ideas?
April 19, 2023 11
Balanced Scorecard - Definition
A strategy-focused approach to performance measurement that includes non-financial and financial performance measures that are derived from the organization’s strategy and vision.
Generally includes objectives and performance measures in the following dimensions:
> Financial> Customer> Internal processes> Learning, innovation, and growth
April 19, 2023 12
Balanced Scorecard for IA
A Balanced Scorecard Framework for Internal Auditingby Mark L. Frigo, Ph.D., CPA, CMA
The Institute of Internal Auditors Research Foundation, 2002
Four dimensions:> Board/Audit Committee> Management and Auditees> Internal Processes> Innovation and Capabilities
April 19, 2023 13
Balanced Scorecard for IA
Performance Metrics should:> Be driven by the internal auditing department’s
mission and strategy> Include customer measures, internal process
measures, and capability and innovation measures
> Include leading indicators (performance drivers) as well as lagging indicators (outcome measures)
Leading – Training hours per auditor
Lagging – Customer satisfaction survey
April 19, 2023 14
Balanced Scorecards - Dimensions
Framework Board/Audit
Committee Management and
Auditees Internal Processes Innovation and
Capabilities
Examples - Handout Customer Satisfaction,
Internal and External Customers
Quality & Volume, Performance, Quality
Workforce Satisfaction, Associate Engagement, Innovation & Learning
Financial Performance, Cost/Efficiency, Stewardship
April 19, 2023 15
Balanced Scorecards - Handout
Consistent – Project satisfaction survey results, work plan completion
Other surveys – Organization satisfaction, employee engagement
Observations –> Timeliness of reports – Customer
satisfaction or performance?> CAATs/data mining – People or
performance?
April 19, 2023 16
Balanced Scorecards
Your observations and comments –> Anything missing?> What measures are essential to you?> What should you be measuring but
haven’t?> Frequency of measuring and reporting?
April 19, 2023 17
Integrating the IIA Standards
2100 – Nature of Work
The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.
April 19, 2023 18
Integrating the IIA Standards
2110 – Governance
The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives…
2110.A1 …must evaluate…organization’s ethics-related objectives, programs, and activities
2110.A2 …must evaluate…information technology governance of the organization…
April 19, 2023 19
Integrating the IIA Standards
2120 – Risk ManagementThe internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.
2120.A1 …must evaluate risk exposures… regarding (information, E&E, assets, compliance)
2120.A2 …must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk
April 19, 2023 20
Integrating the IIA Standards
2130 – ControlThe internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.
2130-A1 …must evaluate the adequacy and effectiveness of controls in responding to risks… regarding (information, E&E, assets, compliance)
April 19, 2023 21
Integrating the IIA Standards
Internal auditing is an independent, objective assurance and consulting activity.
New MAS Charter in February 2010
Scope of Work outlines 5 “assurance” responsibilities – the “musts” in the Standards
Core Audit Program -> Frequency-Based Audits - 36 topics (e.g., charges for patient
care, purchasing, IT); annual to 5-year cycle; frequency reflects risk
> Ad Hoc Audits – Specific high risks (e.g., system implementations, major construction project costs, OIG topics)
April 19, 2023 22
Assurance Activity #1Standards – MAS CharterEvaluate risk exposures and the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations and information systems regarding the:
> Reliability and integrity of financial and operational information
> Effectiveness and efficiency of operations
> Safeguarding of assets> Compliance with laws,
regulations and contracts.
MAS Work PlanSelected audit projects from Core Audit Program catalog of topics
April 19, 2023 23
Assurance Activity #2Standards – MAS CharterEvaluate the effectiveness and contribute to the improvement of risk management processes.
MAS Work Plan Catalog the external and
internal risks to business objectives
Assess impact and likelihood of each risk’s occurrence
Identify who is responsible for the risk’s management and how the risk is managed and monitored
Evaluate the effectiveness of risk management activities.
April 19, 2023 24
Assurance Activity #3Standards – MAS CharterAssess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
> Appropriate ethics and values> Effective organizational
performance management and accountability
> Communication of risk and control information to the appropriate areas
> Coordination and communication of information between the Board, management and auditors.
1.
MAS Work PlanGovernance process addressed through an assessment of the 10 elements of the “Internal Environment”, a section of COSO ERM
April 19, 2023 25
Assurance Activity #4Standards – MAS Charter
Assess whether IT Governance of the organization sustains and supports objectives and
strategies.
MAS Work Plan Catalog attributes of IT
Governance and develop a plan for assessing effective implementation of each component
Complete an assessment of at least one component this year and work with IT on improvements, if needed.
April 19, 2023 26
Assurance Activity #5Standards – MAS CharterEvaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
MAS Work Plan “Managing the Business
Risk of Fraud: A Practical Guide” - 5 principles for boards/management to consider in protecting the organization from fraud
Use this tool to outline an on-going assessment program and perform initial assessment.
April 19, 2023 27
Integrating the IIA Standards
Questions ?
Discussion ?
April 19, 2023 28
Thank You !
Joyce L. Lang, CPA, CIA
Director, Management Audit Services
Legacy Health
815 NE Davis St.
Portland, OR 97232
503-413-3312