INTERNAL INVESTIGATIONS - Health Care Compliance ...



CC-04 _AUDITING_________________________________________________________

I. Policy: The Restore Compliance Department performs audits in accordance with Internal Audit Standards and best practice.

II. Purpose: To establish Department guidelines for performing an audit and formatting audit documents.

III. Procedure:

A. Working Papers - General

Working papers documenting the audit should be prepared by the auditor and reviewed by the Compliance Officer. These papers should record the information obtained and the analysis made and should support the findings and recommendations reported. Information should be sufficient, competent, relevant, and useful in providing a sound basis for audit findings and recommendations.[1] Working papers document planning; the examination and evaluation of the adequacy and effectiveness of internal controls; the procedure performed, information obtained, and conclusions reached; review; reporting; and follow-up.[2]

Working papers must contain the following elements:

1. Heading - consists of a purpose statement, department audited, audit date (month/year)

2. Reference - Working papers will be filed so that references are located in the bottom right corner of the working paper throughout the file.

a. appropriate index

b. date completed

c. preparer’s initials

Example: A-1

01/01/01

kb

3. Audit verification symbols (tick marks) - necessary on most working papers and should be explained on the front of the working paper in a footnote.[3] Different symbols should be used for each explanation.

4. Working papers should be sequenced in the audit file in order of significance and relevance.

5. Electronic working papers may only be edited by the auditor who prepared them.

6. Working papers are the property of the Compliance Department and contain confidential data.

7. Working papers should not be made accessible to other members of the organization without prior approval of the Compliance Officer.[4] When access is approved, the review should be conducted in the Compliance offices.

8. During fieldwork, working papers should be properly protected and in the auditor’s possession. In the Compliance Department, working papers should be kept in a lockable file cabinet.

9. Working papers are destroyed in accordance with Record Retention policies.[5]

a. Working papers stored in the warehouse are to be listed on disk titled “Files in Warehouse Storage” and stored in sealed boxes labeled consistently with other Compliance boxes.

B. Working Papers - Referencing

A complete audit file contains the following working papers (if applicable)--

referenced and signed:

1. Audit Checklist (inside cover of file, no reference)

2. Administrative Working Papers (A-papers)

Audit Report (Final) A-1

Correspondence Related to Report A-1.1, 1.2, 1.3, etc.

• Notes for Report/Summary of Findings A-2

• Memo on Patient Account Adjustments A-3

3. Planning Working Papers

Audit Planning Memo B-1

Prior Audit Report* B-2

Requests for Audit B-3

*In a follow-up/evaluation audit file, a copy of the initial audit report serves

as the Audit Planning Memo and is referenced B-2. B-1 is not required.

4. Performing the Audit

Audit Program C-1

Evaluation of Internal Controls C-2

Surveys, Interviews, Questionnaires, Criteria C-3

used to select sample

5. Testing and Fieldwork (D, E, F, etc. through end of working papers)

Testing Working Paper (primary work paper) D-1

Other documents supporting work paper D-1 D-2, -3, -4, etc.

Subsequent sets of work papers E-1

" " " F-1

AUDIT FILE CHECK LIST

❑ Notify Management of audit and provide Announcement Letter

❑ Review Audit Planning Memo and Audit Program with Director

❑ Document in Audit Log the Audit Title and Start Date

❑ Complete Audit Program steps

❑ Number and reference working papers

❑ Draft audit report and submit for peer review

❑ Submit working papers and draft report to Director to review

❑ Clear review notes

❑ Schedule Management Conference

❑ Director to sign off on the following:

❑ Audit Planning Memo

❑ Audit Program

❑ Notes for Report

❑ Evaluation of Internal Control

❑ Working papers

❑ Audit Report (Final)

❑ Date final report issued _____________________

❑ Document in Audit Log Audit “End” Date

❑ List of Auditees to Receive Survey to Coordinator

C. Working Papers - Standardized Forms

1. Correspondence Related to Report

This is defined as any correspondence from the auditee subsequent to the audit or final report and may include correspondence relating to the draft report, i.e., audit acknowledgement or audit draft approval. Also included, is documentation of the exit conference between auditor and auditee, if applicable.

2. Notes for Report/Summary of Findings

This form lists each finding, with whom in the audited department the finding was discussed, working paper reference, and inclusion/ exclusion from report.

3. Audit Planning Memo

The Audit Planning Memo is completed during the planning phase of the audit. During the planning or preliminary survey, the auditor documents basic background information about the area being audited. The auditor will take this opportunity to learn about the auditee’s objectives, operations, personnel, and control structure. The auditor should request reports and audit materials from the department. The correspondence notifying the department manager of the audit and requesting records will be referenced as a working paper. The auditor should solicit comments and participation from the auditee. In addition, the auditor should note any special concerns or problems from previous audits and indicate that the Permanent File for the Department or area being audited has been reviewed and updated. The auditor should note that applicable policies and procedures were reviewed with the department manager and updated prior to the audit.

4. Requests for Audit

Special requests for audits not included on the audit schedule will be documented. This may include correspondence or an auditor note. The auditor note should be dated and clearly documented as to the party requesting the audit, audit concerns stated, and areas of focus.

5. Audit Program

The audit program is a document listing the audit procedures to be followed. The audit program repeats the audit objectives and outlines a step-by-step process from initiation to completion of the audit.

6. Evaluation of Internal Control

a. The department’s compliance with hospital policies and procedures is documented during the audit.

b. The auditor should comment that the department policies and procedures were verified with the department manager and any changes were noted. Significant changes in the department policies and procedures will be submitted for inclusion in the appropriate organizational manual.

7. Sampling Criteria, Interviews, Surveys

a. Sampling criteria or methodology should be stated either on a separate form or within the applicable working paper.

b. Surveys or interviews with department staff about operations are optional audit tools that may benefit the auditor. Results should be documented.

D. Review Process

The Compliance Officer must sign off on all work in the file. Audit planning and program steps should be reviewed with the Compliance Officer before fieldwork begins.

Review notes will be made by the Compliance Officer after reviewing the auditor’s fieldwork. Review notes simply identify additional questions or concerns noted by the Compliance Officer and may address the adequacy of supporting documents for Findings and clarify audit steps.

The Compliance Officer must approve the final report before it is issued. Any draft of the report released without approval of the Compliance Officer must be visibly stamped or identified as a draft.

E. Format of an Audit Report

The report should be headed by the title of the audit and the audit date (month, year). The first paragraph should provide a brief introduction describing the purpose (objectives) of the audit and audit scope. Audit objectives are broad statements developed by the compliance auditors and define intended audit accomplishments.

The Audit Scope refers to the activities audited and, when appropriate, includes supportive information such as the time period audited. Related activities may be identified if necessary to describe the scope.

The audit report will list the audit results including Findings, Recommendations, and Actions Taken. A Finding is an exception or area of non-compliance, a pertinent statement of fact. Findings are based on a comparison of what should exist with what does exist. If there is a difference, the Findings should state the reason or cause and the resulting effects.[6] A Recommendation is a potential improvement advised by the auditor during the audit. Each Finding/Recommendation should be followed by a summary of the related Action Taken.

The Action Taken should indicate the auditee’s agreement with the audit results and the plan of action to improve operations, as needed.

Disagreements between auditor and auditee must be documented in the working papers and may be included in the audit report if the Compliance Officer believes both conclusions are equally appropriate and that reporting them will enhance management’s understanding of the issues.[7]

The CEO, COO, and VP of Clinical Services will receive a copy of audit reports. In addition, copies should go to the appropriate Vice President and/or Manager/Director. The draft report should be saved on the shared network. Final audit reports are reported to the Board of Directors.

F. Audit Closing (“EXIT”) Conference

1. The auditor should discuss Findings and Recommendations with appropriate levels of management before issuing final reports. Discussions with the auditee throughout the audit process help avoid misunderstandings or misinterpretations of fact.

a. Another acceptable closing technique is the review of draft reports by the manager of the audited department.

b. A closing conference or exit interview provides the opportunity for the auditee to clarify items and express views about Findings and Recommendations. It is also a courtesy that enhances the auditee-auditor relationship. In addition, the participative approach encourages management’s commitment to an appropriate plan of action.

c. Documenting these discussions and reviews can be valuable in preventing or resolving disputes.[pic][pic][pic]

-----------------------

[1] Internal Audit Standard 420

[2] SIAS 6

[3] SIAS 6

[4] SIAS 6

[5] SIAS 6

[6] SIAS 2

[7] SIAS 2

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download