Purpose of the Annual Report - MD Anderson Cancer Center

[Pages:21]The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Purpose of the Annual Report The purpose of the internal audit annual report is to provide information on the assurance services, consulting services, and other activities of the internal audit function. In addition, the annual report assists oversight agencies in their planning and coordination efforts. Table of Contents

I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit information on Internet Website

II. Internal Audit Plan for Fiscal Year 2017 Compliance with the Benefits Proportionality Audit Requirements for Higher Education Institutions. Compliance with the Purchasing and Contracting Requirements for Higher Education Institutions.

III. Consulting Services and Non-audit Services Completed IV. External Quality Assurance Review (Peer Review) V. Internal Audit Plan for Fiscal Year 2018 VI. External Audit Services Procured in Fiscal Year 2017 VII. Reporting Suspected Fraud and Abuse

Page 1 of 21

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit information on Internet Website

The Fiscal Year 2018 Audit Plan, as approved by the Institutional Audit Committee, will be posted on the MD Anderson external website as part of the Fiscal Year 2017 SAO Annual Report. The Fiscal Year 2017 SAO Annual Report, including summaries of reports, will be posted on the MD Anderson external website within 30 days of approval by the President but not later than November 1, 2017, as required.

The following matrix provides a summary of the weaknesses and action taken by management for projects on the Fiscal Year 2017 Audit Plan, as required by Texas Government Code, Section 2102.015:

Report No.

Report Date

Name of Report

Recommendations

Summary of Action Taken

Progress: ? Fully Implemented ? Substantially Implemented ? Incomplete/Ongoing ? Not Implemented

16-106 16-306

N/A 03/17/2017

Excepted from public disclosure Excepted from public disclosure

16-401 16-402

03/16/2017

10/5/2016 ICD-10 Program Close Out Assessment

Excepted from public disclosure

No recommendations ? MD Anderson performed necessary tasks to convert from ICD-9 to ICD-10 code set and experienced minimal to no impact, no known degradation of performance and key metrics normalized at or above baseline levels within 90-120 days following cut over. Internal Audit did not identify any risks for Management to consider.

Management agreed with the results of the assessment.

No action plan required

Page 2 of 21

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Report No.

Report Date

Name of Report

Recommendations

Summary of Action Taken

17-100

17-102 17-106 17-107

3/17/2017

10/04/2017 7/3/2017 7/3/2017

Division of Anesthesiology, Critical Care and Pain Medicine Review

Division of Nursing Inpatient Charge Capture Review Division of Pediatrics Review

Infectious Diseases, Infection Control and Employee Health Department Review

We recommended enhanced controls over revenue reconciliation, procurement card administration, drug charges, controlled substances, annual conferences, chairman funds expenditures, asset management, encryption, extramural leave, timecard approvals, material transfer agreements, shared cost allocation and financial incentives. We recommended improvements related to dialysis charge reconciliation and an enhancement to the daily inpatient charge reconciliation. We recommended improvements in processes and controls relating to patient access, account deficits, revenue reconciliation, cash receipts, effort reporting, material transfer agreements, procurement card purchases, shipping activity, research incentives, encryption, clinical trial invoicing, and leave management. We recommended improvements in processes and controls relating to revenue reconciliation, asset management, extramural leave, compensatory time, employee leave approval, utilization of time clocks, recognition leave, effort reporting, clinical trial billing, shared cost allocation, grant expenditures, subrecipient progress reports, account deficits, procurement card administration, and monitoring of expenses.

Management agreed to enhance controls in the recommended areas.

Management agreed to enhance controls in the recommended areas. Management agreed to enhance controls in the recommended areas.

Management agreed to enhance controls in the recommended areas.

Progress: ? Fully Implemented ? Substantially Implemented ? Incomplete/Ongoing ? Not Implemented Fully Implemented as of September 1, 2017

Substantially Implemented Full Implementation is expected by 12/31/2017 Incomplete/Ongoing Full Implementation is expected by March 31, 2018

Incomplete/Ongoing Full Implementation is expected by December 31, 2017.

Page 3 of 21

Report No.

Report Date

Name of Report

17-204

17-207

17-402 17-403 17-405 17-901 17-902

10/31/2016 Segregation of Duties and Account Reconciliations

09/28/2017 Executive Travel and Entertainment

10/03/2017

9/14/2017 6/8/2017 7/5/2017

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Recommendations

Summary of Action Taken

We recommended that Financial Controls continue to work on improving processes to

ensure compliance with the Monitoring Plan.

Management agreed to enhance controls in the recommended areas.

We recommended that management revise policy to align with current practice.

Excepted from public disclosure

Excepted from public disclosure Excepted from public disclosure Excepted from public disclosure

Progress: ? Fully Implemented ? Substantially Implemented ? Incomplete/Ongoing ? Not Implemented

Fully Implemented

Page 4 of 21

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

II. Internal Audit Plan for Fiscal Year 2017

The following matrix details the status of the Fiscal Year 2017 Audit Plan:

Project No.

Project Title

Risk-Based Audits

17-100

Charge Capture - Division of Anesthesiology and Critical Care

17-101

Charge Capture - Houston Area Locations

17-102

Nursing Charge Capture

17-103

Denials Management

17-104

Pharmacy Pricing Review

17-105

Payroll Review

17-106

Division of Pediatrics Review

17-107 17-108

Departmental Review - Infectious Diseases, Infection Control & Employee Health Grants Management Review

17-109

Clinical Research Billing

17-110

Physicians Referral Service (PRS) Practice Plan

17-111

Lyda Hill Foundation Audit

17-901

Excepted from public disclosure

17-902

Excepted from public disclosure

17-307

Construction Activities

17-308

Management Involvement on Co-Sourced Construction Projects

Report Date

03/17/2017 Pending

10/04/2017 N/A N/A N/A

07/03/2017 07/03/2017

N/A N/A N/A Pending

Pending N/A

Project Status

Complete In Progress Complete Postponed Cancelled Cancelled Complete Complete Cancelled Cancelled Cancelled In Progress

In Progress Complete

Information Technology Audits

17-400

PeopleSoft 9.2 Upgrade

17-401

Protection of Research Data

17-402 17-403 17-404 17-405 17-406

Excepted from public disclosure

Epic ? Post Implementation and Governance Process Excepted from public disclosure

Management Involvement on Co-Sourced IT Projects

N/A Pending

N/A N/A

Cancelled In Progress

Cancelled Complete

Carry-Forward Audits

16-106

Excepted from public disclosure

16-306

Excepted from public disclosure

16-209

Charge Capture ? Division of Pharmacy

Memorandum 12/01/2016 provided to

Management

16-401

Excepted from public disclosure

16-402

Post ICD-10 Audit / Epic Integration

10/5/2016

Complete Complete

Page 5 of 21

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Project No. 16-407

Project Title

Report Date

Excepted from Public Disclosure

Project Status

Required Audits (Externally and Internally

17-200

FY 2016 Financial Statement Audit (year-end)

17-201

FY 2017 Financial Statement Audit (interim)

17-202

Deloitte Financial Audit Support - IT

17-203 17-204

17-205

17-207

Texas Administrative Code (TAC) 202 Segregation of Duties and Account Reconciliations

Economic Development Agreement

Executive Travel and Entertainment

Report issued by Deloitte at UT System

level Report issued by Deloitte at UT System

level Report issued by Deloitte at UT System

level Pending

10/31/2016

Consulting Project ? Verbal comments

provided to management 09/28/2017

Complete Complete Complete In Progress Complete Complete Complete

Consulting Projects

17-206

Presidential Housing, Travel, and Entertainment

N/A ? assistance provided to UT System

Consulting Project ?

17-300

Employee and Faculty Criminal Background Checks

Verbal comments provided to

management

17-301

Drug Diversion

N/A

17-302

Strategic Industry Ventures Contracting Process

N/A

17-303

Excepted from Public Disclosure

Consulting Project ?

17-309

Division of Nursing - OneConnect Reporting

Verbal comments provided to

management

Consulting Project ?

17-310

RayCare Implementation (Mosaiq Replacement)

Verbal comments provided to

management

Memorandum dated

17-900

Cash Count

05/25/2017 provided to

Management

-

General Consultation with Management

N/A

-

Institutional Committee Participation

N/A

-

All-Hazards Risk Leadership Council

N/A

Complete

Complete Postponed Cancelled

Complete

Complete

Complete Complete Complete Complete

Page 6 of 21

Project No. Investigations

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Project Title

Report Date

Project Status

Various investigations ? Excepted from public disclosure

Consulting Projects ? Verbal Comments provided to management

Follow-up

-

Quarterly Reporting/Monitoring Activities

-

Validation Activities

-

IT Follow-up Validation Activities

Development ? Operations

-

Internal / External Quality Assurance Activities

-

Internal Audit Committee Preparation / Participation

-

Institutional Risk Assessment & Work Plan Development

-

Audit Strategic Planning

-

IT Risk Assessment FY 17

-

IT Administrative Activities

Development ? Initiatives & Education

-

UT System Coordination

-

Professional Organization / Association Participation

-

Training / Continuing Professional Education

-

IT Knowledge Sharing and/or Training Documentation Projects

-

IT Liaison Activities

Audit / Project cancelled or postponed Audit / Project added to Plan

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

N/A

Complete

Page 7 of 21

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Compliance with the Benefits Proportionality Audit Requirements for Higher Education Institutions: At the request of the Governor, an internal audit of the proportionality of higher education benefits process was performed during fiscal year 2016. This audit covered appropriations years (AY) 2012, 2013, and 2014. The audit methodology was determined to be acceptable by the State Auditor's Office. In accordance with Rider 8, Section a, page III-44 of the General Appropriations Act (85th Legislature, S.B. 1), an audit of fiscal years 2015, 2016, and 2017 will be performed by August 31, 2018. Compliance with the Purchasing and Contracting Requirements for Higher Education Institutions: Senate Bill 20 (84th Legislative Session) made several modifications and additions to Texas Government Code (TGC) and Texas Education Code (TEC) related to purchasing and contracting. Effective September 1, 2015, TEC 51.9337 requires that, "The chief auditor of an institution of higher education shall annually assess whether the institution has adopted the rules and policies required by this section and shall submit a report of findings to the state auditor." The MD Anderson Cancer Center Internal Audit Department conducted this required assessment for fiscal year 2016. No significant changes were made during fiscal year 2017. As a result, the following conclusions from fiscal year 2016 remain the same:

Based on review of current institutional policy and the UT System Board of Regents' Rules and Regulations, MD Anderson Cancer Center has generally adopted all of the rules and policies required by TEC 51.9337. Review and revision of institutional and System policy is an ongoing process. These rules and policies will continue to be assessed annually to ensure continued compliance with TEC 51.9337.

Page 8 of 21

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download