320 likes | 559 Views
Internal Audit – Adding Value. AHIA NW Regional Seminar May 7, 2010. Introductions. Legacy Health 6 hospital system in Portland metro region Management Audit Services (MAS) 4 person department with broad responsibilities Joyce L. Lang 16 years as IA director, 9 in healthcare. Background.
E N D
Internal Audit – Adding Value AHIA NW Regional Seminar May 7, 2010
Introductions • Legacy Health • 6 hospital system in Portland metro region • Management Audit Services (MAS) • 4 person department with broad responsibilities • Joyce L. Lang • 16 years as IA director, 9 in healthcare
Background • Audit Committee Chair’s request – find out how others “add value” • Surveyed a sample of healthcare CAEs • No definitive answer • Recurring themes – revenue enhancement/ cost savings audits, balanced scorecards
Purpose Share information collected and provide specific examples of • Revenue enhancement/cost savings audits • Balanced Scorecards Share MAS “new approach” Provide opportunity for peer-to-peer exchange So you can take away ideas to formulate your own definition of “Adding Value”.
Revenue Enhancement and Cost Savings Audits • Source • Queried CAEs who responded to survey for descriptions of specific audits • Discussion topic at CAE Roundtable in LA • Types • Revenue Enhancement = Charges • Cost Savings = Purchasing, Contracts, Labor and Construction
Revenue Enhancement and Cost Savings Audits Your successes and ideas?
Balanced Scorecard - Definition A strategy-focused approach to performance measurement that includes non-financial and financial performance measures that are derived from the organization’s strategy and vision. Generally includes objectives and performance measures in the following dimensions: • Financial • Customer • Internal processes • Learning, innovation, and growth
Balanced Scorecard for IA A Balanced Scorecard Framework for Internal Auditing by Mark L. Frigo, Ph.D., CPA, CMA The Institute of Internal Auditors Research Foundation, 2002 Four dimensions: • Board/Audit Committee • Management and Auditees • Internal Processes • Innovation and Capabilities
Balanced Scorecard for IA Performance Metrics should: • Be driven by the internal auditing department’s mission and strategy • Include customer measures, internal process measures, and capability and innovation measures • Include leading indicators (performance drivers) as well as lagging indicators (outcome measures) Leading – Training hours per auditor Lagging – Customer satisfaction survey
Framework Board/Audit Committee Management and Auditees Internal Processes Innovation and Capabilities Examples - Handout Customer Satisfaction, Internal and External Customers Quality & Volume, Performance, Quality Workforce Satisfaction, Associate Engagement, Innovation & Learning Financial Performance, Cost/Efficiency, Stewardship Balanced Scorecards - Dimensions
Balanced Scorecards - Handout • Consistent – Project satisfaction survey results, work plan completion • Other surveys – Organization satisfaction, employee engagement • Observations – • Timeliness of reports – Customer satisfaction or performance? • CAATs/data mining – People or performance?
Balanced Scorecards Your observations and comments – • Anything missing? • What measures are essential to you? • What should you be measuring but haven’t? • Frequency of measuring and reporting?
Integrating the IIA Standards 2100 – Nature of Work The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach.
Integrating the IIA Standards 2110 – Governance The internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives… 2110.A1 …must evaluate…organization’s ethics-related objectives, programs, and activities 2110.A2 …must evaluate…information technology governance of the organization…
Integrating the IIA Standards 2120 – Risk Management The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. 2120.A1 …must evaluate risk exposures… regarding (information, E&E, assets, compliance) 2120.A2 …must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk
Integrating the IIA Standards 2130 – Control The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 2130-A1 …must evaluate the adequacy and effectiveness of controls in responding to risks… regarding (information, E&E, assets, compliance)
Integrating the IIA Standards Internal auditing is an independent, objective assurance and consulting activity. New MAS Charter in February 2010 • Scope of Work outlines 5 “assurance” responsibilities – the “musts” in the Standards • Core Audit Program - • Frequency-Based Audits - 36 topics (e.g., charges for patient care, purchasing, IT); annual to 5-year cycle; frequency reflects risk • Ad Hoc Audits – Specific high risks (e.g., system implementations, major construction project costs, OIG topics)
Standards – MAS Charter Evaluate risk exposures and the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations and information systems regarding the: Reliability and integrity of financial and operational information Effectiveness and efficiency of operations Safeguarding of assets Compliance with laws, regulations and contracts. MAS Work Plan Selected audit projects from Core Audit Program catalog of topics Assurance Activity #1
Standards – MAS Charter Evaluate the effectiveness and contribute to the improvement of risk management processes. MAS Work Plan Catalog the external and internal risks to business objectives Assess impact and likelihood of each risk’s occurrence Identify who is responsible for the risk’s management and how the risk is managed and monitored Evaluate the effectiveness of risk management activities. Assurance Activity #2
Standards – MAS Charter Assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives: Appropriate ethics and values Effective organizational performance management and accountability Communication of risk and control information to the appropriate areas Coordination and communication of information between the Board, management and auditors. 1. MAS Work Plan Governance process addressed through an assessment of the 10 elements of the “Internal Environment”, a section of COSO ERM Assurance Activity #3
Standards – MAS Charter Assess whether IT Governance of the organization sustains and supports objectives and strategies. MAS Work Plan Catalog attributes of IT Governance and develop a plan for assessing effective implementation of each component Complete an assessment of at least one component this year and work with IT on improvements, if needed. Assurance Activity #4
Standards – MAS Charter Evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. MAS Work Plan “Managing the Business Risk of Fraud: A Practical Guide” - 5 principles for boards/management to consider in protecting the organization from fraud Use this tool to outline an on-going assessment program and perform initial assessment. Assurance Activity #5
Integrating the IIA Standards Questions ? Discussion ?
Thank You ! Joyce L. Lang, CPA, CIA Director, Management Audit Services Legacy Health 815 NE Davis St. Portland, OR 97232 jlang@lhs.org 503-413-3312