Skills for the New Healthcare Internal Auditor - PowerPoint PPT Presentation

1 / 66
About This Presentation
Title:

Skills for the New Healthcare Internal Auditor

Description:

Skills for the New Healthcare Internal Auditor – PowerPoint PPT presentation

Number of Views:326
Avg rating:3.0/5.0
Slides: 67
Provided by: LauraS195
Category:

less

Transcript and Presenter's Notes

Title: Skills for the New Healthcare Internal Auditor


1
Skills for the New Healthcare Internal Auditor
2
Training Objectives
  • Discover or verify underlying business needs
    driving a project
  • Identify key stakeholders and contacts for their
    project
  • Determine project scope and objectives
  • Identify the elements of a audit program
  • Use appropriate audit tools to complete a project
  • Structure and conduct fieldwork
  • Discuss findings and recommendations with key
    stakeholders at an exit conference
  • Understand elements of project wrap up

3
Project Management
  • The nicest thing about not planning is that
    failure comes as a complete surprise and is not
    preceded by a period of worry and depression.
  • John Preston, Boston College

4
Project Management
  • If you dont know where youre going, you may
    not get there.
  • Forrest Gump

5
Overview of Audit Process
  • Auditee Selection
  • Audit Planning
  • Preliminary Survey
  • Internal Control Review
  • Detail Testing
  • Audit Results/Findings and Recommendations
  • Results Reporting
  • Closing/Exit Conference
  • Issue Follow-up

6
Emergency Department Overview
  • Presented by
  • Kelly Nueske

7
4 Phases of ED
  • Entry/Triage
  • Diagnostic
  • Treatment
  • Disposition

8
Triage Phase
  • Emergent arrivals typically by pass triage
  • Non emergent arrivals are assessed by a Triage
    Nurse
  • Ask a series of questions related to present
    complaint
  • Assess patient
  • Prioritize/rank on 1 5 scale

9
Triage Phase
  • Prioritization is dynamic
  • Adjustments made after each patient is assessed
  • Ranking system determines who sees the resources
    first
  • Registration typically occurs after triage
  • Only place in healthcare you cant refuse to
    treat

10
Diagnostic Phase
  • Provider reviews triage information
  • Gathers more detail exams patient
  • Waiting period while data is collected i.e. lab
    tests, radiology exams
  • May order more tests after initial set reviewed
  • Working diagnosis is determined by provider

11
Treatment Phase
  • Provider determines follow up care or treatment
  • Inpatient admission
  • Transfer to another facility
  • Follow up with primary care provider

12
Disposition Phase
  • Written plan of care is created by provider
  • Nurse reviews plan of care educational
    materials with patient
  • Discharge instructions provided in writing to
    patient

13
Health Unit Coordinator
  • Maintains log for EMTALA requirements
  • Time in
  • Time out
  • Patient name
  • Chief complaint
  • Treating provider
  • Discharge disposition

14
Health Unit Coordinator
  • Enters orders
  • Telephone management i.e. similar to air traffic
    controller
  • Places calls for orders consults
  • Monitor activities to ensure they happen
  • Follow up on test results
  • Prompt people to keep things moving

15
Charge Specialist
  • Three main components to ED charging facility
    billing
  • Level charge acuity system
  • Procedure charge
  • Supply charges
  • Professional billing could include EM level
    and/or procedure code
  • Monitors charge tickets to ensure there is one
    for each patient on the log

16
Charge Nurse
  • Assures patient flow through ED
  • Removes barriers to flow
  • Looks at equity of assignments among staff
  • Provides transfer report to next shift

17
Divert Status
  • Divert is when the ED is closed to ambulance
    services
  • Determined jointly by charge nurse lead
    physician
  • Some cities/metro areas allow subcategories i.e.
    OB, Trauma, Mental Health
  • If more than 2 EDs on divert, typically everyone
    goes off. This is determined based on the city
    agreement.
  • Cause generally by inpatient staffing shortage,
    not ED staffing shortage.

18
ED Staffing
  • Will not see traditional Day, Evening, Night
    shifts
  • Staff stagger start every couple hours
  • Weekday heaviest patient flow typically 11am
    11pm
  • Weekend heaviest patient flow typically 9am
    5pm and 7pm 2am

19
Department Readiness
  • See a larger level of supplies and pharmaceutical
    agents in ED
  • Try to be prepared for 80 90 of what presents
    in the ED
  • Closets partners are registration, radiology,
    pharmacy, lab with horizontal or vertical access
    to surgical suites

20
Trauma Designation
  • American College of Surgeons assigns trauma level
    based on application
  • Level 1 teaching/research focused facility
  • Level 2 same as 1 without teaching/research
  • Level 3 5 defined at state level. Can deal
    with most walk in trauma, stabilize and transfer
    to another facility
  • Currently 4 6 states dont have trauma
    designation.

21
Other ED Services
  • Sometimes used for scheduled procedures. More
    typical in smaller facilities/rural communities.
  • Fast Track used to treat level 4 5 rated
    patients. Method to avoid these patients
    constantly being moved to bottom of priority
    list.
  • Urgent Care is different than fast track.

22
  • Questions

23
Developing a Risk Assessment Approach
  • Presented by
  • Debi Weatherford

24
Annual Risk Assessment
  • Key deliverables
  • Completed risk assessment
  • Company risk profile
  • Annual audit plan for audit committee approval

25
Annual Audit Plan Objectives
  • Focus on high risk activities.
  • Focus significant financial and operational
    impact/risk.
  • Provide coverage of regulatory compliance risks.
  • Provide coverage of information technology risks.
  • Provide proactive coverage of emerging areas.

26
Conducting the Annual Risk Assessment
  • Interviews
  • Senior management
  • Members of the Audit Committee
  • Risk factors to consider (see questionnaires)
  • Review of past results
  • Other

27
Potential Audit Areas
  • Business units or departments
  • Transactions
  • Trans-departmental processes
  • Specific programs and service lines
  • Information systems
  • Other

28
Business Models and Risk Frameworks
  • Healthcare business model
  • COSO Internal Control Framework
  • COSO-Enterprise Risk Management Framework
  • Risk Framework from ASHRM

29
Strategic Analysis - Enterprise Level Business
Model
30
Enterprise Risk Management
  • Key elements of ERM
  • Interrelationships and interdependencies among
    risks.
  • Managing risks within and across business units.
  • Identify and seize opportunities inherent in
    future events.

31
Enterprise Risk Management
  • Other key elements of ERM
  • Considers risk in the formulation of strategy.
  • Applies at every level and unit of an entity.
  • Facilitates communication via common risk
    language.
  • Portfolio view of risks throughout the enterprise.

32
Risk Domains
  • Strategic
  • Operational
  • Financial
  • Human Capital
  • Legal and Regulatory
  • Technology
  • Governance

33
Risk-Based Audit Planning Structure
CORPORATE OBJECTIVES
NOT NECESSARILY LINEAR
Typically, outlined during the Strategic Analysis
- interviews with C level executives. These
corporate planks are the foundation of the Risk
Assessment effort.
The strategies/initiatives constitute the action
plans for the execution of the Corporate
Objectives. Strategies/Initiatives are generally
developed at the Business Unit level. The
strategies/initiatives are embedded in processes.
STRATEGIES / INITIATIVES
Risks could occur at the strategic level or at
the process level. Risks at the strategic level
typically manifest themselves at the process
level.
PROCESSES - CORE RESOURCE MANAGEMENT
Processes support the Corporate Objectives
strategies/initiatives are executed at the
process level. There are objectives at the
process level.
Gross Risks are best described as threats or
impediments to the accomplishment of the
Corporate Objectives or the Process Objectives.
Risks are rated based on a pre-determined risk
descriptors or risk intervals for Magnitude of
Impact and Probability of Occurrence.
GROSS RISKS
Controls are managements response to the risk or
impediments to the achievement of objectives.
Controls or responses mitigate risks - impact or
the probability of the risk. The effectiveness
of the control is determined by the type of
control for example preventive vs. detective.
CONTROLS
In a Risk Assessment, controls are evaluated
based on managements perception rather than an
independent assessment.
RESIDUAL RISKS
Depending on the effectiveness of the control or
response, the impact and/or probability of the
risk is affected. The risks are re-evaluated in
the context of the controls in place. These
re-evaluated risks constitute the Residual Risks.

PRESENTATIONS DELIVERABLES
Presentations and deliverables tailored to
management.
34
Residual Risk
  • Residual Risk is defined as
  • Residual Risk
  • Is the organizations unmanaged vulnerability
  • Is key to optimizing control structure
  • Provides focused audit efforts
  • Identifies areas/processes that are broken
  • Helps make invisible risks visible
  • Provides valuable insight to stakeholders

Controls
Total Risk- (Effective Process) Residual Risk
35
Strategic Analysis Risk Matrix (Residual)
Likelihood of
Occurrence
S
S
H
H
H
A
Almost
A1
Certain
H
Likely
M
H
S
S
B
L
H
S
M
Moderate
H
C
D
L
H
S
L
M
Unlikely
B1
C1
D1
L
L
M
S
S
Remote
Insignificant
Minor
Moderate
Major
Catastrophic
TRAP
Magnitude of Impact
36
Aligning Controls with Risk Appetite
Risk Appetite
Insufficient Risk
Insufficient Risk
Appropriate Risk
High
Insufficient Risk
Appropriate Risk
Excessive Risk
Medium
Appropriate Risk
Excessive Risk
Excessive Risk
Low
High
Medium
Low
Level of Revised Risk
based on your appetite for risk
37
Risk Profile - Strategic Risk Matrix
Example Heat Map Based on Risk Assessment
Almost Certain





HIPAA
Billing, Credit Balances
Research
Pharmacy
Medical Education
Hotline
Risk Management
Credentialing and Licensure
FLSA (Overtime)
Experimental Drugs, Devices
Co-pays, Deductibles
Labor
Taxes
Environmental
Remote
Insignificant
Catastrophic
Magnitude of Impact
38
Risk Profile - Multiple Business Units
39
Identifying Audit Customers
  • Key stakeholders
  • Inside the audited function
  • Outside the audited function
  • Governance
  • Other

40
Risk Assessment in an Audit Project
  • Assessing risk in the current state research
    customers business
  • Targeting limited audit resources

41
Questions Directions Review and get familiar
with the preliminary survey documents for this
case study. You will have a couple hours to gain
an understanding of your customers environment.
42
Developing Audit Programs Questionnaires
  • Presented by
  • Ted Walters

43
Role of Audit Program
  • What is to be done
  • When it is to be done
  • How it is to be done
  • Who will do it
  • How long it will take
  • Link between preliminary survey and fieldwork

44
Audit Program Objective
  • IIAs Standards for the Professional Practice of
    Internal Auditing (SPPIA) 2200 states that
    internal auditors should develop and record a
    plan for each engagement.
  • SPPIA 2210 states that the audit objectives
    should address the risks, controls and governance
    processes associated with the activities under
    review.
  • The auditor should identify and assess risk
    relevant to the activity under review. The audit
    objective(s) should reflect the results of the
    risk assessment.
  • The auditor should consider the probability of
    significant errors, irregularities, noncompliance
    and other exposures when developing the
    engagement objectives.
  • Source IIA Standards for the Professional
    Practice of Internal Auditing

45
Internal Control Review Preliminary Survey
  • Conduct analytical procedures analyses
  • Complete internal control matrix
  • Complete internal control risk assessment
    analysis
  • Complete internal control questionnaires
  • Conduct documentation or process walk-throughs
  • Conduct probe testing
  • Complete information systems control review

46
Audit Program Development
  • The internal auditor should identify sufficient,
    reliable, relevant and useful information to
    achieve the audits objectives.
  • Audit results and conclusions should be based on
    appropriate analyses and evaluations.
  • Audit findings and recommendations should be
    supported by sufficient, competent, relevant and
    useful information documented in the auditors
    working papers.
  • The auditors is responsible for planning and
    conducting the audit.
  • The audit program is your road map for the audit.

47
Audit Program Development
  • The audit program should include
  • Documenting the procedures and information used
    by the auditor during the audit.
  • State the audit objective
  • State the scope and degree of testing to achieve
    the audit objectives
  • Identify technical aspects, risks, processes and
    transactions that should be examined.
  • State the nature and extent of the testing
    required.
  • Develop audit program prior to the start of the
    audit and modify during the course of the audit,
    as necessary.

48
Testing Techniques
  • Defining the testing objective
  • Identifying the type of testing that will achieve
    the objective
  • Determining the sequencing of the test
  • Defining or identifying the standards or criteria
  • Identifying the testing population
  • Determining the sampling methodology
  • Examining the samples

49
Sampling Methods
  • Unless 100 testing occurs, sampling will draw
    reasonably accurate inferences from the sample to
    the total population. Sample methods include
  • Random number sampling
  • Interval sampling
  • Stratified random sampling
  • Cluster sampling
  • Haphazard sampling
  • Judgment sampling
  • Statistical Sampling is using one of the above
    methods to reduce risk that the sample selected
    is not representative of the total population.
  • Probe Sampling is used when little or no errors
    are expected.

50
Sample Size
  • Sample size is based on
  • Population size all the items an auditor
    concludes on
  • Sampling Risk/Confidence Level level of
    risk/confidence that the sample is representative
    of the entire population
  • Maximum Tolerable Error Rate maximum error
    accepted
  • Precision Rate the range of allowable error
    expected in the sample

51
Testing Attributes
  • Attributes are controls, procedures, practices or
    regulations that are expected to occur.
  • For example if a diagnosis code of X is
    required for medical necessity, then X is the
    attribute to be tested for. Another example is
    if all expenses of 5,000 are to be signed by the
    CFO, the attribute is the presence of the CFO
    signature on expenses.

52
Audit Questionnaires
  • Develop questionnaires which investigate
    organizational, operational, personnel, and
    management controls.
  • Designed for Yes/No answers to establish
    reliability and integrity of information
    compliance with PPs, laws and regulations
    safeguarding assets and efficiencies and
    effectiveness of resource uses
  • Internet searches (www.cms.gov FI website CCH
    subscription service www.oig.hhs.gov/publications
    /workplan )
  • AHIA library (www.ahia.org)
  • Develop questions using departments policies and
    procedures

53
Questions Directions Your team is to develop
an audit program for two audit objectives. Once
the audit programs are done, develop an interview
questionnaire for a health unit coordinator/unit
clerk and a registration clerk.
54
Report Writing
  • Presented by
  • Mark Eddy

55
Potential Audience
  • Board Members
  • Executive
  • Front-line Management
  • External Auditor (public or government)
  • General Public or Media

56
Elements of an Audit Report
  • Table of Contents
  • Executive Summary
  • Scope Objectives
  • Background Information
  • Detailed Recommendations
  • Appendix Exhibits

57
4 Phases of Writing
  • Planning
  • Outline Issues
  • Evaluate Information
  • Drafting
  • Detailed Recommendations
  • Executive Summary
  • Editing
  • Organization
  • Readability
  • Mechanics
  • Formatting

58
5 Elements of Writing
  • Approach
  • Tone Presentation Method
  • Development
  • Logical Sequential Presentation
  • Correctness
  • Grammar, Spelling, and Punctuation
  • Clarity
  • Choice of Words Presentation of Main Idea
  • Style
  • Active vs. Passive Voice

59
Preparing to Write
  • Eliminate distractions
  • Mentally prepare
  • Schedule time
  • Use tools (grammar check, spell check, etc.)
  • Write 1st draft quickly
  • Proofread 2nd and 3rd drafts
  • Take a step back and look at the big picture

60
5 Elements of a Recommendation
  • Condition
  • What is the problem/issue? What is happening?
  • Effect
  • Why should the reader care? What is the impact?
  • Cause - focus on Root Cause
  • Why did the condition happen?
  • Criteria
  • How do you know it is a problem? What should
    happen?
  • Recommendation
  • How do we solve the condition? How can we prevent
    recurrence?

61
Recommendation Structure
  • Approach
  • Deductive or Inductive
  • Tone
  • Positive words
  • Active voice
  • Management ownership
  • Recommendation Title
  • Action Oriented
  • Level of Detail
  • Avoid more than 2 paragraphs

62
Executive Summary
  • Identify most important issues
  • Describe significance
  • Include managements response or corrective
    action
  • May want to summarize number of recommendations
    by general categories

63
Editing
  • Organization
  • Big picture to detail and flow of information
  • Readability
  • Clear and concise
  • What is the Fog Index?
  • Grammar Punctuation
  • Nothing is more distracting than poor grammar and
    punctuation

64
Report Format
  • Table Style
  • Paragraph Style
  • Bullet Style

65
Questions Directions Your team is to create a
list of issues/findings using the information
gathered in the two interviews. Group the issues
into like categories to formulate
recommendations. Each team is to write a minimum
of five recommendations using the indirect
approach and the five elements of a
recommendation (condition, cause, effect,
criteria, and recommendation). Next, your team
is to develop exit conference materials to
communicate the recommendations.
66
Wrap Up
  • Questions
  • Verbal Feedback
  • Complete Evaluation Forms
  • Thanks!!
Write a Comment
User Comments (0)
About PowerShow.com