Is your internal audit function delivering value? Or is it just checking the box?
If you lead the internal audit function at a U.S. healthcare provider, there’s a good chance that the vast majority of your time is spent on compliance.
It’s likely not where you want your resources to be focused. But, after years of regulatory change, mergers, system integrations and IT upgrades, ensuring compliance – managing a seemingly-endless stream of check-box exercises – is what keeps the business out of trouble.
New world, new expectations
Risks in healthcare are evolving rapidly due to technological, economic, operational and regulatory changes. At the same time, public expectations and the demand for greater transparency are on the rise. This leads to a myriad of compliance requirements and feeds the incessant “check-the-box” exercise vs. elevating the internal audit function to a more strategic, value-focused contributor within the organization.
All of this is placing significant pressure on healthcare provider internal audit functions. Most are already largely overwhelmed with their existing compliance exercises; few have the resources or capacity to take on more. Fewer still have the capabilities, tools or experience to identify control failures, let alone to analyze the root causes of those failures or be proactive in risk management.
Analytics in action
Healthcare provider internal audit functions need to be taking a much more analytical approach to managing controls. Data and analytics can play a valuable role.
Recently, we helped assess the accuracy, efficiency and reliability of the control environment for one major provider organization. Upon first review, it seemed that the organization was (for the most part) in compliance with Medicare billing regulations. However, after a deeper dive that included running some of the provider’s transactional data through analytics tools, we discovered that their employees were finding ways to bypass the controls. Items and services were being billed in a non-compliant way. This created significant financial implications for the organization as more and more reimbursement requests were denied.
By applying data and analytics to our approach, we accelerated the identification of instances of non-compliance, determined the root causes of those control failures and provided recommendations to help remediate them.
