Internal Audit – Adding Value
-
Upload
cadman-mckinney -
Category
Documents
-
view
45 -
download
2
description
Transcript of Internal Audit – Adding Value
![Page 1: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/1.jpg)
Internal Audit – Adding Value
AHIA NW Regional Seminar
May 7, 2010
![Page 2: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/2.jpg)
April 20, 2023 2
Introductions
Legacy Health> 6 hospital system in Portland metro
region
Management Audit Services (MAS)> 4 person department with broad
responsibilities
Joyce L. Lang> 16 years as IA director, 9 in healthcare
![Page 3: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/3.jpg)
April 20, 2023 3
Background
Audit Committee Chair’s request – find out how others “add value”
Surveyed a sample of healthcare CAEs
No definitive answer
Recurring themes – revenue enhancement/ cost savings audits, balanced scorecards
![Page 4: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/4.jpg)
April 20, 2023 4
PurposeShare information collected and provide specific examples of
> Revenue enhancement/cost savings audits> Balanced Scorecards
Share MAS “new approach”
Provide opportunity for peer-to-peer exchange
So you can take away ideas to formulate your own definition of “Adding Value”.
![Page 5: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/5.jpg)
April 20, 2023 5
Revenue Enhancement and Cost Savings Audits
Source> Queried CAEs who responded to survey for
descriptions of specific audits> Discussion topic at CAE Roundtable in LA
Types> Revenue Enhancement = Charges> Cost Savings = Purchasing, Contracts, Labor
and Construction
![Page 6: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/6.jpg)
April 20, 2023 6
Revenue Enhancement Audits - Handout
Audit Topic Dollars
Implantable devices $400K/yr, net
Pharmaceuticals
Clinic purchases & immunizations *
Administration charges *
Not charged *
Retail Pharmacies – Adjudicated prices
$100K/yr
1% - $66K
$4.5 million
$180K
![Page 7: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/7.jpg)
April 20, 2023 7
Revenue Enhancement Audits - Handout
Audit Topic Dollars
Radiology – Contrast * $18K/yr
Infusion
Charging *
Missing orders, missing start & stop times *
$100K/yr
$2 million
![Page 8: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/8.jpg)
April 20, 2023 8
Cost Savings Audits - HandoutAudit Topic Dollars
Purchasing
Pricing of supplies under GPO *
Bulk purchasing of high cost items *
Duplicate payments *
$200K
$400K/yr
$150K recovered
Contracts
Outsourced collection
Performance terms
$38K
$71K recovered
![Page 9: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/9.jpg)
April 20, 2023 9
Cost Savings Audits - Handout
Audit Topic Dollars
Labor – Abuse of 7/8 minute rule * 2 free days
Construction
Job cost billing
General conditions – not allowable
Work reduction cost adjustment
Change orders
$714K
$194K
$361K
$170K
![Page 10: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/10.jpg)
April 20, 2023 10
Revenue Enhancement and Cost Savings Audits
Your successes and ideas?
![Page 11: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/11.jpg)
April 20, 2023 11
Balanced Scorecard - Definition
A strategy-focused approach to performance measurement that includes non-financial and financial performance measures that are derived from the organization’s strategy and vision.
Generally includes objectives and performance measures in the following dimensions:
> Financial> Customer> Internal processes> Learning, innovation, and growth
![Page 12: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/12.jpg)
April 20, 2023 12
Balanced Scorecard for IA
A Balanced Scorecard Framework for Internal Auditingby Mark L. Frigo, Ph.D., CPA, CMA
The Institute of Internal Auditors Research Foundation, 2002
Four dimensions:> Board/Audit Committee> Management and Auditees> Internal Processes> Innovation and Capabilities
![Page 13: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/13.jpg)
April 20, 2023 13
Balanced Scorecard for IA
Performance Metrics should:> Be driven by the internal auditing department’s
mission and strategy> Include customer measures, internal process
measures, and capability and innovation measures
> Include leading indicators (performance drivers) as well as lagging indicators (outcome measures)
Leading – Training hours per auditor
Lagging – Customer satisfaction survey
![Page 14: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/14.jpg)
April 20, 2023 14
Balanced Scorecards - Dimensions
Framework Board/Audit
Committee Management and
Auditees Internal Processes Innovation and
Capabilities
Examples - Handout Customer Satisfaction,
Internal and External Customers
Quality & Volume, Performance, Quality
Workforce Satisfaction, Associate Engagement, Innovation & Learning
Financial Performance, Cost/Efficiency, Stewardship
![Page 15: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/15.jpg)
April 20, 2023 15
Balanced Scorecards - Handout
Consistent – Project satisfaction survey results, work plan completion
Other surveys – Organization satisfaction, employee engagement
Observations –> Timeliness of reports – Customer
satisfaction or performance?> CAATs/data mining – People or
performance?
![Page 16: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/16.jpg)
April 20, 2023 16
Balanced Scorecards
Your observations and comments –> Anything missing?> What measures are essential to you?> What should you be measuring but
haven’t?> Frequency of measuring and reporting?
![Page 17: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/17.jpg)
April 20, 2023 17
Integrating the IIA Standards
2100 – Nature of Work
The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.
![Page 18: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/18.jpg)
April 20, 2023 18
Integrating the IIA Standards
2110 – Governance
The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives…
2110.A1 …must evaluate…organization’s ethics-related objectives, programs, and activities
2110.A2 …must evaluate…information technology governance of the organization…
![Page 19: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/19.jpg)
April 20, 2023 19
Integrating the IIA Standards
2120 – Risk ManagementThe internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes.
2120.A1 …must evaluate risk exposures… regarding (information, E&E, assets, compliance)
2120.A2 …must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk
![Page 20: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/20.jpg)
April 20, 2023 20
Integrating the IIA Standards
2130 – ControlThe internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.
2130-A1 …must evaluate the adequacy and effectiveness of controls in responding to risks… regarding (information, E&E, assets, compliance)
![Page 21: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/21.jpg)
April 20, 2023 21
Integrating the IIA Standards
Internal auditing is an independent, objective assurance and consulting activity.
New MAS Charter in February 2010
Scope of Work outlines 5 “assurance” responsibilities – the “musts” in the Standards
Core Audit Program -> Frequency-Based Audits - 36 topics (e.g., charges for patient
care, purchasing, IT); annual to 5-year cycle; frequency reflects risk
> Ad Hoc Audits – Specific high risks (e.g., system implementations, major construction project costs, OIG topics)
![Page 22: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/22.jpg)
April 20, 2023 22
Assurance Activity #1Standards – MAS CharterEvaluate risk exposures and the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations and information systems regarding the:
> Reliability and integrity of financial and operational information
> Effectiveness and efficiency of operations
> Safeguarding of assets> Compliance with laws,
regulations and contracts.
MAS Work PlanSelected audit projects from Core Audit Program catalog of topics
![Page 23: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/23.jpg)
April 20, 2023 23
Assurance Activity #2Standards – MAS CharterEvaluate the effectiveness and contribute to the improvement of risk management processes.
MAS Work Plan Catalog the external and
internal risks to business objectives
Assess impact and likelihood of each risk’s occurrence
Identify who is responsible for the risk’s management and how the risk is managed and monitored
Evaluate the effectiveness of risk management activities.
![Page 24: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/24.jpg)
April 20, 2023 24
Assurance Activity #3Standards – MAS CharterAssess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:
> Appropriate ethics and values> Effective organizational
performance management and accountability
> Communication of risk and control information to the appropriate areas
> Coordination and communication of information between the Board, management and auditors.
1.
MAS Work PlanGovernance process addressed through an assessment of the 10 elements of the “Internal Environment”, a section of COSO ERM
![Page 25: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/25.jpg)
April 20, 2023 25
Assurance Activity #4Standards – MAS Charter
Assess whether IT Governance of the organization sustains and supports objectives and
strategies.
MAS Work Plan Catalog attributes of IT
Governance and develop a plan for assessing effective implementation of each component
Complete an assessment of at least one component this year and work with IT on improvements, if needed.
![Page 26: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/26.jpg)
April 20, 2023 26
Assurance Activity #5Standards – MAS CharterEvaluate the potential for the occurrence of fraud and how the organization manages fraud risk.
MAS Work Plan “Managing the Business
Risk of Fraud: A Practical Guide” - 5 principles for boards/management to consider in protecting the organization from fraud
Use this tool to outline an on-going assessment program and perform initial assessment.
![Page 27: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/27.jpg)
April 20, 2023 27
Integrating the IIA Standards
Questions ?
Discussion ?
![Page 28: Internal Audit – Adding Value](https://reader036.fdocuments.net/reader036/viewer/2022062422/56813929550346895da0d248/html5/thumbnails/28.jpg)
April 20, 2023 28
Thank You !
Joyce L. Lang, CPA, CIA
Director, Management Audit Services
Legacy Health
815 NE Davis St.
Portland, OR 97232
503-413-3312