Purpose of the Annual Report - MD Anderson Cancer Center€¦ · 16-202 Security Clearance for Contractors Consulting Project – Verbal comments Complete provided to management 16-203

The University of Texas MD Anderson Cancer Center

Internal Audit Annual Report for FY2016

Page 1 of 22

Purpose of the Annual Report

Table of Contents

I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal

Audit Plan, Internal Audit Annual Report, and Other Audit information on Internet

Website

II. Internal Audit Plan for Fiscal Year 2016

Compliance with the Benefits Proportionality Audit Requirements for Higher Education

Institutions.

Compliance with the Purchasing and Contracting Requirements for Higher Education

Institutions.

III. Consulting Services and Nonaudit Services Completed

IV. External Quality Assurance Review (Peer Review)

V. Internal Audit Plan for Fiscal Year 2017

VI. External Audit Services Procured in Fiscal Year 2016

VII. Reporting Suspected Fraud and Abuse



Page 2 of 22

I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit Plan,

Internal Audit Annual Report, and Other Audit information on Internet Website

The Fiscal Year 2017 audit plan, as approved by the Institutional Audit Committee, will be posted on the MD Anderson external website

as part of the Fiscal Year 2016 SAO Annual Report. The Fiscal Year 2016 SAO Annual Report, including summaries of reports, will be

posted on the MD Anderson external website within 30 days of approval by the President but not later than November 1, 2016, as

required.

The following matrix provides a summary of the weaknesses and action taken by management for projects on the Fiscal Year 2016 Audit Plan, as

required by Texas Government Code, Section 2102.015:

Report

No.

Report

Date

Name of Report

Recommendations

Summary of Action Taken

Progress:

· Fully Implemented

· Substantially Implemented

· Incomplete/Ongoing

· Not Implemented

2015-104 11/23/2015 Nocturnal Program Review

We recommended enhanced controls over:

Professional charge capture and reconciliation

Compliance with requirements for verbal provider orders

Standard operating procedures

Management agreed to enhance controls in the recommended areas.

Incomplete/Ongoing Full Implementation is expected by March 1, 2017.

2016-103 10/28/2015 Segregation of Duties and Account Reconciliations

Management should enhance controls and processes to ensure segregation of duties and sensitive access remediations are closed timely and reconciliations of federally funded accounts are performed.


Incomplete/Ongoing Full Implementation is expected by December 15, 2016.



Page 3 of 22

Report

No.

Report

Date

Name of Report

Recommendations


Progress:




· Not Implemented

2016-105 8/26/2016 Procurement Review Management should enhance controls and processes surrounding accuracy of contract information, documentation of approvals for contracts and exclusive acquisition forms, compliance with the emergency purchase policy, and monitoring of unauthorized purchases. Furthermore, the Institutional Contract Management Handbook should be finalized.

Management agreed to enhance controls and processes over the areas noted in the report and finalize the Institutional Contract Management Handbook.

Incomplete/Ongoing Full Implementation is expected by October 16, 2016.

2016-107 5/19/2016 Travel and Entertainment – Development Office

Management should consider revising the Development Office travel and business entertainment policy to be more closely aligned with the Institution’s travel policy when possible, and provide training to all staff, including administrative staff, to ensure travel documentation complies with Travel and Entertainment Guidelines. Management should review the department’s guidelines for possible inconsistencies and operational inefficiencies.

Management has agreed to revise the Development Office’s Travel and Entertainment Guidelines, and to educate travelers and travel preparers on the revised guidelines. Management plans to perform annual review of the departmental guidelines to ensure alignment with institutional policy.

Incomplete/ongoing

2016-108 8/31/2016 Facilities’ Service Vendor Audit

Recommendations related to the following process and control areas were noted:

- Existence of Formal Contract Agreements

- Monitoring of Contract Spend - Consistent Invoice Approval - Validation of Service Vendor

Measurements - Discretion with Respect to PO Fund

Application - Detailed Review of Invoiced Rates


Incomplete/Ongoing Full Implementation is expected by August 31, 2017.



Page 4 of 22

Report

No.

Report

Date

Name of Report

Recommendations


Progress:




· Not Implemented

2016-201 6/23/2016 Review of Executive Officers’ Travel and Business Entertainment Expenditures

We recommended improvements related to:

Resolution of personal expenses using the state-issued travel card

Adequate supporting documentation related to foreign travel and entertainment expenses


Fully implemented

2016-203 06/23/2016 Onboarding of Visiting Scientists

We identified opportunities for improvement in the following areas:

Conducting criminal background checks

Verifying educational background

Ensuring compliance with required training

Establishing guidance for departmental oversight

Executing legal agreements


Incomplete/Ongoing

2016-204 1/15/2016 Departmental Review – Thoracic Surgery

We recommended enhanced controls over leave management, travel, procurement cards, and system access.


Incomplete/ongoing Full implementation is expected by December 31, 2016.

2016-205 3/15/2016 Division of Surgery Review

We recommended enhanced controls over system access, segregation of duties within the service center, updating the billing rates and monitoring net income for the service center, and strengthening asset management.


Incomplete/ongoing Full implementation is expected by December 31, 2016.



Page 5 of 22

Report

No.

Report

Date

Name of Report

Recommendations


Progress:




· Not Implemented

2016-206 8/31/2016 Departmental Review – Smithville

We recommended enhanced controls over monitoring program income and service center billing rates, enforcement of material transfer agreements (MTAs), monitoring and resolving deficit accounts, monitoring correction requests for over-commitment of effort, accurately recording faculty extramural leave, reviewing and approving grant reconciliations and employee leave in Kronos.


Incomplete/Ongoing

Full Implementation is

expected by December 31,

2016.

2016-210 8/30/2016 Division of Radiation Oncology – Charge Capture Assessment

We recommended that Radiation Oncology improve processes to ensure charges are posted to the patient accounts as appropriate. We further recommended that controls should be strengthened for re-billing charges to ensure when a charge is deleted, re-billing occurs as appropriate.

Management agreed to enhance controls in the recommended area.

Incomplete/Ongoing

2016-212 8/30/2016 Division of Diagnostic Imaging – Charge Capture Assessment

We recommended that Diagnostic Imaging strengthen controls to ensure that charges are posted to patient accounts or research protocol accounts as appropriate. We further recommended that controls be strengthened to ensure when a charge is deleted, the action is appropriate.

Management agreed to enhance controls in the recommended area.

Incomplete/Ongoing

Full Implementation is

expected by January 31, 2017.

2016-300 2/24/2016 Excepted from public disclosure

2016-301 02/19/2016

Excepted from public disclosure





Page 6 of 22

Report

No.

Report

Date

Name of Report

Recommendations


Progress:




· Not Implemented

2016-403 7/5/2016 Cybersecurity NIST Information is excepted from public disclosure

Information is excepted from public

disclosure

Information is excepted from

public disclosure

2016-404

7/5/2016 Data Loss Prevention (Information Security)


disclosure


disclosure


public disclosure

2016-405 8/31/2016 Patch Management Information is excepted from public

disclosure


disclosure


public disclosure




Page 7 of 22

II. Internal Audit Plan for Fiscal Year 2016

The following matrix details the status of the Fiscal Year 2016 Audit Plan:

Project No. Project Title Report Date Project Status

Financial Audits

16-100 FY15 Financial Statement Audit (year-end) Report issued by Deloitte at UT System

level Complete

16-101 FY16 Financial Statement Audit (interim) Report issued by Deloitte at UT System

level Complete

16-102 Physicians Referral Service Practice Plan N/A Project 16-303

Served as the PRS Audit

16-103 Segregation of Duties and Account Reconciliations 10/28/2015 Complete

16-104 Economic Development Agreement Consulting Project – Verbal Comments

provided to Management Complete

16-105 Purchasing Review 8/26/2016 Complete

Risk-Based Audits

16-106 Charge Capture – Division of Pathology and Laboratory Medicine Pending In Progress

16-107 Travel and Entertainment – Development Office 5/19/2016 Complete

16-108 Construction Activities - Facilities’ Service Vendor Audit 8/31/2016 Complete

16-903 Travel and Business Entertainment Expense Review 8/31/2016 Complete

Operational Audits

UT System Requested / Externally Requested Audits

16-200 Presidential Housing, Travel, and Entertainment 5/13/2016 Complete

16-201 Executive Travel and Entertainment 6/23/2016 Complete

Risk-Based Audits

16-202 Security Clearance for Contractors Consulting Project – Verbal comments

provided to management Complete

16-203 Onboarding of Visiting Scientists 6/23/2016 Complete

16-204 Departmental Review – Thoracic Surgery 1/15/2016 Complete

16-205 Division of Surgery Review 3/15/2016 Complete

16-206 Departmental Review - Smithville 8/31/2016 Complete

16-207 Dining Services Cash Handling N/A Cancelled

16-208 Anti-Fraud Initiative 8/31/2016 Complete

16-306 Medical Device Maintenance and Security Assessment Pending In Progress



Page 8 of 22


Management Requested Audits

- General Consultation with Management N/A Complete

- Institutional Committee Participation N/A Complete

- Management Involvement on Co-sourced Construction Projects N/A Complete

Consulting Projects

16-209 Division of Pharmacy – Business Operations Review Pending In Progress

16-210 Division of Radiation Oncology – Charge Capture Assessment 8/30/2016 Complete

16-211 EHR OneConnect (EPIC) Consulting Project – Verbal comments

provided to management Complete

16-212 Division of Diagnostic Imaging – Charge Capture Assessment 8/30/16 Complete

Compliance Reviews

Excepted from public disclosure

Information Technology Audits

UT System Requested / Externally Requested Audits

16-400 Deloitte Financial Audit Support Report issued by Deloitte at UT System

level Complete

Risk-Based Audits / Consulting Projects

16-401 Cerner Millennium Helix Implementation Pending In Progress

16-402 Post ICD-10 Audit EPIC Integration Pending In Progress

16-403 Cybersecurity / NIST 7/5/2016 Complete

16-404 Data Loss Prevention (Information Security) 7/5/2016 Complete

16-405 Patch Management 8/31/2016 Complete

16-406 EPIC – Post Implementation Work N/A Merged with 16-401

16-407 Clinical Devices Pending In Progress

16-408 Excepted from public disclosure

Management Requested Audits

15-409 OneConnect Program Expenditure Process Assessment 11/23/2015 Complete

Other IT Projects

- IT Follow-up N/A Complete

- Knowledge Sharing and/or Training Documentation Projects N/A Complete

- IT Liaison Activities N/A Complete



Page 9 of 22


- IT Risk Assessment - FY 17 N/A Complete

- Financial and Operational Audit Assistance N/A Complete

- Administrative Activities N/A Complete

Follow-Up Audits

- Follow-up Audits (Quarterly Reporting and Validation) N/A Complete

Projects

Development - Operations

- Internal Quality Assurance Activities N/A Complete

- Internal Audit Committee Preparation/Participation N/A Complete

- Institutional Risk Assessment & Work Plan Development N/A Complete

- TeamMate Software Upgrade N/A Complete

- All-Hazards Risk Leadership Council N/A Complete

Development – Initiatives & Education

- UT System Coordination N/A Complete

- Professional Organization/Association Participation N/A Complete

Carry Forward

15-104 Nocturnal Programs 11/23/2015 Complete

15-108 Collection of Patient Co-Payments 7/5/2016 Complete

15-107 Clinical Services Spot Agreements 9/28/2015 Complete

Investigations

- Various investigations Consulting Projects – Verbal Comments

provided to management

Complete

Audit / Project cancelled

Audit / Project added to Plan



Page 10 of 22

Compliance with the Benefits Proportionality Audit Requirements for Higher Education Institutions: At the request of the Governor, an internal audit of the proportionality of higher education benefits process was performed during fiscal year 2016. A consistent audit methodology has been deployed across the UT System that assessed the reporting process and accuracy of benefits funding information provided to the State Comptroller as applicable under Rider 8, page III-41, the General Appropriations Act (84th Legislature, Conference Committee Report). An audit of the benefits proportionality process will also be conducted during fiscal year 2017 and will comply with Rider 8, page III-41, the General Appropriations Act (84th Legislature, Conference Committee Report). The audit will be complete by February 28, 2017. Compliance with the Purchasing and Contracting Requirements for Higher Education Institutions:

Senate Bill 20 (84th Legislative Session) made several modifications and additions to Texas Government Code (TGC) and Texas Education Code (TEC) related to purchasing and contracting. Effective September 1, 2015, TEC 51.9337 requires that, “The chief auditor of an institution of higher education shall annually assess whether the institution has adopted the rules and policies required by this section and shall submit a report of findings to the state auditor.” The MD Anderson Cancer Center Internal Audit Department conducted this required assessment for fiscal year 2016, and found the following:

Based on review of current institutional policy and the UT System Board of Regents’ Rules and Regulations, MD Anderson Cancer Center has generally adopted all of the rules and policies required by TEC 51.9337. Review and revision of institutional and System policy is an ongoing process. These rules and policies will continue to be assessed annually to ensure continued compliance with TEC 51.9337.



Page 11 of 22

III. Consulting Services and Nonaudit Services Completed

Project No. Project Title Report Date Project Objective Services / Observations / Results / Recommendations

2016-104 Texas Economic Development Agreement

Consulting – Verbal Comments provided to Management

To review the reporting methodology and schedules for the annual compliance verification of job creation for the Texas Economic Development Agreement.

The methodologies appeared consistent with previous submissions. Nothing came to our attention that would indicate the Annual Compliance Verification was materially misstated.

2016-200 Presidential Housing, Travel and Entertainment

Consulting – Assisted University of Texas System Audit Office

To assist/coordinate audits by UT System to determine if travel and entertainment activities and expenditures of the President and his spouse are conducted in accordance with UT System and MDACC policy.

Internal Audit assisted The University of Texas System Audit Office (UT System) by providing documentation from institutional systems for review. Any recommendations for improvement were made by UT System.

2016-202 Security Clearance for Contractors


To determine whether appropriate security clearance (Criminal background checks, badging, access, etc.) has been consistently provided for contracted services and independent contractors in accordance with contract provisions.

A consistent process was developed for conducting criminal background checks for all contractors entering the institution.

2016-208 Anti-Fraud Initiative


Utilize external consultants to identify potential fraudulent activity. Follow-up on reports from consultants, and report results to management.

An external vendor performed forensic data mining analysis of accounts payable, vendor, and patient accounting information. Internal Audit conducted a detailed review of the results and did not identify any improprieties or errors that warranted further review. No recommendations were made by Internal Audit as a result of this review.

2016-211 EHR OneConnect (EPIC)


To consult with management and coordinate with consultants regarding the design and implementation of the electronic health record.

The EHR Risk Oversight Council identified financial compliance, and information security controls risks throughout the OneConnect implementation and monitored the status of remediation efforts. Verbal updates were provided to management throughout the project.

- Various investigations

N/A To conduct investigations as necessary.

Information was provided to appropriate levels of management.



Page 12 of 22

IV. External Quality Assurance Review (Peer Review)



Page 13 of 22

V. Internal Audit Plan for Fiscal Year 2017

FY 2017 Audit Plan Audit/Project

Budgeted Hours

% of Total

Description

Risk Based Audits

Charge Capture - Division of Anesthesiology and Critical Care

700 To conduct a charge capture audit of select areas within the Division to determine if services provided were captured and recorded appropriately. Sustainability - Charge Capture

Charge Capture - Regional Care Centers

700 To ensure that charge capture for professional services at community hospitals is accurately captured and recorded. Sustainability - Charge Capture

Nursing Charge Capture 750 To ensure that charge capture for nursing services is accurately captured and recorded. Sustainability - Charge Capture

Denials Management 650 To conduct an assessment to determine the root cause of denials and assist management with identifying possible solutions to reduce future denials. People We Serve - Patient Registration

650 Excepted from public disclosure

Payroll Review 600 To assess the governance structure and key controls over payroll processes to include employee set-up, payroll adjustments and corrections, reconciliations, interfaces, tax compliance, accuracy of the payroll calculation, and any other related processes. Systems That Support - Payroll

Division of Pediatrics Review 700 To provide a general assessment of the financial, administrative, and compliance controls within the selected division. People Who Serve, Science That Enables, Systems That Support

Departmental Review - Infectious Diseases, Infection Control & Employee Health

600 To provide a general assessment of the financial, administrative, and compliance controls within the selected department. People Who Serve, Science That Enables, Systems That Support



Page 14 of 22


Budgeted Hours

% of Total

Description



Physicians Referral Service (PRS) Practice Plan

450 To conduct the annual financial review of the PRS Practice Plan, as required by UTS 155. The scope of this project will be consistent for all applicable UT System components and will be determined by UT System. Systems That Support - Expenses/Accounts Payable

Information Technology Audits

PeopleSoft 9.2 Upgrade 300 Perform a post-implementation review for the PeopleSoft 9.2 upgrade to determine if project objectives were successfully met, gain an understanding on the effectiveness and efficiency of project management practices, effectiveness of the integration with EPIC, and to determine vulnerabilities for the application from the following perspectives: operating effectiveness, ITGC's, security, reporting, and compliance. Systems That Support


Asset Management 400 Evaluate the Asset Management Process from procurement, commissioning, inventory, and decommissioning for assets including laptops, ipads, iphones, servers, medical devices/workstations, and applications (including cloud/software as a service). Systems That Support

System Portfolio and Roadmap for System Retirement

350 Assess the application portfolio and supporting organizational costs/headcounts as well as the status on specific systems identified as replaced by recent implementations to determine plan for and progress for decommissioning. Evaluate the roadmap for retiring and decommissioning legacy systems replaced by recent implementations such as Epic, PeopleSoft, etc. Consider the cost to the institution and assess risks (security, integrity, data availability, support, etc.) risks to the institution for continuing to maintain legacy systems. Systems That Support



Page 15 of 22


Budgeted Hours

% of Total

Description

Epic - Post Implementation and Governance Process

350 Perform a post-implementation review for Epic to evaluate functionality (charge capture, interfaces, etc.) optimization, and vulnerabilities for the application from the following perspectives: operating effectiveness, ITGC's, security, and compliance. Evaluate governance process post go-live for addressing issues and optimizing the system. Systems That Support

Pharmacy System Assessment 300 Perform a post-implementation review for Willow/Epic to evaluate functionality (charge capture, interfaces, etc.) and assess the controls in place post go live related to the pharmacy applications from the following perspectives: operating effectiveness, ITGC's, security, and compliance. Systems That Support

Management Involvement on Co-Sourced IT Projects

150 To oversee/facilitate audits of IT activities.

Construction Activities 500 To conduct a review of key construction activities and/or processes. Reviews will be co-sourced, utilizing staff with construction expertise. Systems That Support - Facilities Management

Management Involvement on Co-Sourced Construction Projects

50 To oversee/facilitate audits of construction activities.

Carry-Forward Audits

Charge Capture - Pathology and Laboratory Medicine

350 To conduct a charge capture audit of select areas within the Division to determine if services provided were captured and recorded appropriately. This will be an integrated audit with the IT Internal Auditors. Sustainability - Charge Capture

Risk Based Audits Subtotal 10,000 50%

Required Based Audits (Externally and Internally)

FY 2017 Financial Statement Audit (year-end)

325 To assist Deloitte with testing relating to the External Financial Statement Audit. Systems That Support - Financial Reporting



Page 16 of 22


Budgeted Hours

% of Total

Description

FY 2017 Financial Statement Audit (interim)

325 To assist Deloitte with testing relating to the External Financial Statement Audit. Systems That Support - Financial Reporting

Deloitte Financial Audit Support - IT

160 Perform IT general controls procedures as requested by MDACC to support the Deloitte Financial Audit of MDACC. Systems That Support - Financial Reporting

Texas Administrative Code (TAC) 202

350 To evaluate controls and processes at MD Anderson for compliance with TAC 202 regulatory requirements. Systems That Support

Segregation of Duties and Account Reconciliations

250 To review the institution's Monitoring Plan and departmental subcertifications and validate the assertions made by management regarding segregation of duties and account reconciliations, as required by UTS 142.1. Systems That Support - Financial Reporting

Economic Development Agreement

100 To review the reporting methodology and schedules prepared for the annual compliance verification of job creation targets associated with the Economic Development Agreement between MDACC, UT HSC-Houston, and the State of Texas. Systems That Support - Corporate Compliance

Presidential Housing, Travel, and Entertainment

50 To assist/coordinate audits by UT System to determine if travel and entertainment activities and expenditures of the President and his spouse are conducted in accordance with UT System and MDACC policy. Systems That Support - Expenses/Accounts Payable

Executive Travel and Entertainment

300 To perform audits to determine if travel and entertainment activities and expenditures of executive management are conducted in accordance with UT System and MDACC policy. Systems That Support - Expenses/Accounts Payable

Required Audits Subtotal 1,860 9%



Page 17 of 22


Budgeted Hours

% of Total

Description

Consulting Projects

Employee and Faculty Criminal Background Checks

500 Internal Audit will partner with key stakeholders to ensure a background check is conducted for all employees, including faculty, as part of the on-boarding process. People Who Serve - Personnel Management


Strategic Industry Ventures 250 Internal Audit will partner with key process owners to identify opportunities to mitigate significant business risks during the contracting process for strategic industry ventures. This effort will include, but not be limited to, collaboration with Strategic Industry Ventures, Institutional Compliance, Legal, Research Administration, and Clinical Research Administration. Science That Enables - Research Administration


General Consultation with Management

150 To consult with management on various high-risk topics.

Institutional Committee Participation

225 To participate, in a consulting role, on committees within the institution.

All-Hazards Risk Leadership Council

120

Consulting Projects Subtotal 1,795 9%

Follow-Up

Quarterly Reporting / Monitoring Activities

250

Validation Activities 500

IT Follow-up Validation Activities 250

Follow-Up Subtotal 1,000 9%



Page 18 of 22


Budgeted Hours

% of Total

Description

Reserve

Reserve for Just-In-Time Auditing/Advisory Services

1.450 Reserve will be used to respond to management’s requests in high-risk areas, as well as to address changing risks in our environment throughout the year.

Reserve for Investigations 400 Reserve will be used to respond to any investigative requests throughout the year.

IT Reserve Just-In-Time Auditing/Advisory Services

100 Reserve Just-In-Time Auditing/Advisory Services will be used to respond to management and Internal Audit’s requests for assessments in emerging high-risk areas related to IT.

IT Financial and Operational Audit Assistance

100 Participation in limited scope activities with the Internal Audit team.

Reserve Subtotal 2,050 10%

Development - Operations

Internal / External Quality Assurance Activities

400 To conduct on-going reviews of audits/projects for compliance with the International Institute of Internal Auditors (IIA) standards. In addition, to prepare for an External Quality Assurance Review

Internal Audit Committee Preparation / Participation

182 To prepare audit committee packets and participate in quarterly meetings.

Institutional Risk Assessment and Work Plan Development

350 To update the comprehensive risk assessment and Work Plan

Audit Strategic Planning 550 To perform strategic planning and manage the overall audit activity.

IT Risk Assessment Fy17 250 Updating of the IT risk assessment and audit plan.

IT Administrative Activities 150

Development – Operations Subtotal

1,882 9%

Development - Initiatives & Education

UT System Coordination 500 To participate in UT System initiatives.

Professional Organization / Association Participation

100 To participate in the IIA Houston Chapter Annual Conference

Training / Continuing Professional Education

818



Page 19 of 22


Budgeted Hours

% of Total Description

IT Knowledge Sharing and/or Training Documentation Projects

80 Sharing thought leadership, perspective, and bringing in technical resources to assist where needed

IT Liaison Activities 80 Participation in staff meetings, the UT InfoSec, IT Leaders meetings, etc.

Development – Initiatives & Education Subtotal

1.578 8%

TOTAL HOURS 20,165 100%



Page 20 of 22

Additional “high” risks not included in the FY 2017 Work Plan are found in the following areas:

Timely patient access to services

Updating of patient records

Research protocol billing and coding

Documentation to support hiring decisions

Adherence to institutional badging process

Maintenance of DRG-exempt status

Business continuity

Billing and reimbursement

Privacy and Information security regulated activities and work force training

Regulated research activities

Operational efficiencies

Quality and performance metrics

Our risk assessment methodology included interviews with and/or questionnaires with various

levels of management in the institution. Identified risks were organized into institution-wide

auditable units. For each identified risk, impact and probability were assessed. Our work plan was

developed from the highest risk areas in the institution that are not already being addressed by

other mitigation strategies.



Page 21 of 22

VI. External Audit Services Procured in Fiscal Year 2016

Service Provider

Opinion on financial statements of UT MD Anderson Cancer Center

Deloitte

Opinion on financial statements of UT MD Anderson Physicians Network

Deloitte

Opinion on financial statements of UT MD Anderson Services Corporation

Deloitte

Information Technology Internal Audit Co-Sourcing PwC

Electronic Health Record Consulting PwC

Construction Internal Audit Co-Sourcing Protiviti

Construction Internal Audit Co-Sourcing Townsend



Page 22 of 22

VII. Reporting Suspected Fraud and Abuse

Documents

Purpose of the Annual Report - MD Anderson Cancer Center€¦ · 16-202 Security Clearance for Contractors Consulting Project – Verbal comments Complete provided to management 16-203