1 / 47

Auditing RIM Programs for Improvement

Auditing RIM Programs for Improvement. Helen Streck President/CEO . Workshop Agenda. Introductions Understanding Audits Lifecycle and Elements of an Audit Findings and Developing Initiatives. Introduction. 3. Introduction. Importance of Good Recordkeeping Values for a RIM Program

noam
Download Presentation

Auditing RIM Programs for Improvement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing RIM Programs forImprovement Helen Streck President/CEO

  2. Workshop Agenda • Introductions • Understanding Audits • Lifecycle and Elements of an Audit • Findings and Developing Initiatives

  3. Introduction 3

  4. Introduction • Importance of Good Recordkeeping • Values for a RIM Program • Knowing Your Requirements • Strategic Review of Risks • Drivers for Continuous Improvement • Auditing’s Input

  5. Value of RIM IF - Information is a key asset to an organization then RIM • Establishes the controls for compliance • Improves efficiency • Element of reasonableness • Removes costs when value no longer exits • Facilitates effective/efficient decision making • Improves system performance

  6. Knowing Your Requirements SEC 17-A, sections 3 & 4 HIPAA Government PaperworkElimination Act FACTA USA Patriot Act NASD 3110 Check 21 NASD 3010 NYSE 342 Gramm-Leach-Bliley Act Sarbanes-Oxley Act

  7. Drivers for Continuous Improvement • Industry Competition • Data Storage Costs • Excessive Costs of eDiscovery – Obsolete Data • Rising Costs of Human Labor • “Personalization” of Information • Increased Regulations and Inspections • Over-Regulating

  8. Using Audits for Improvement This session will focus on how to plan and use an Audit (Assessment) to aid a RIM Program in building the improved services that meet the needs for continuous improvement.

  9. Understanding Audits 9

  10. Defining an Audit A RIM audit is an independent, objective activity designed to “add value and improve” an organization’s operations for creating and managing information.

  11. Understanding Audits • Independent Objective Evaluation • Provide Assurances • Compliance • Efficiencies • Effectiveness • Evaluates • Governance • Controls • Processes • Risk Management

  12. Auditing Characteristics • Holistic Approach • Consistent with Org’s Mission and Goals • Prioritized on a Risk-Based Approach • Conducted Routinely • Outside-Looking-In View

  13. Audit’s Value Statement • Proves controls via documentation and evaluation • Checks for controls that reduce or eliminate unabated information growth • Ensures the application of rules that eliminate obsolete information that may be discoverable • Determines the effectiveness of procedures • Identifies isolated instances of duplication

  14. Risks with Poor RIM Programs • Loss of Intellectual Property • Delayed Decision-making/Filings • Increased Technology Costs • Increased eDiscovery Costs/Penalties • Poor System/Operational Responsiveness • Decreased Competitiveness • Unmanaged Liability

  15. Using Industry Standards • Use industry standards and best practices to benchmark • The Principles • ISO and ANSI standards • Best Practices • Sedona Principles

  16. Elements of Compliant Programs • Accountability • Integrity • Information protection • Compliance • Information is available • Retention • Disposition • Transparency Generally Accepted Recordkeeping Principles www.arma.org

  17. Audit Lifecycle 17

  18. Audit Cycle 1 5 4 3 2 4 Planning Performance Reporting Preparation Reporting Follow-up Planning Follow-up Preparation Follow-up Preparation Reporting Performance Performance 18

  19. Steps in an Audit • Planning • Define purpose, scope, criteria and objectives • Prioritize based on risk

  20. The Purpose • Start with defining the purpose of the audit – sets the tone • Looking for mistakes • Complying with requirements • Seeking opportunities to improve • Define the expected outcomes • What are the actions to follow

  21. The Purpose • Why • To meet regulatory requirements • To verify the controls established to protect PHI • To check the processes that document the use of public funds • Outcomes • Report of evaluation and findings • Findings are prioritized as high, medium or low the high being the most severe • Actions • Develop corrective plan (initiatives) with timelines

  22. Audit Objectives • Relate the elements of your program to the Corporate goal • Examples of objects include • To determine the level of protection taken and routinely followed to protect paper records • To assess management’s commitment by assignments and participation on the Steering Committee • To measure the rate of the department’s completion of the RIM learning course

  23. Set Criteria Ratings Next determine what you must have: • What program elements are critical • What program elements are important to have • What program elements are preferred but you could live without

  24. Set Criteria Ratings Important Critical Preferred • Program has mission and vision statement • Program mission and vision statement endorsed by executives • Mission and vision statement are published for employees to access and see • Program mission statement is included in business unit’s goals and mission 24

  25. Decide on Ratings Based on risk factors and known requirements how does the current documentation and practices measure up to the criteria? • Satisfactory • Needs Improvement • Unsatisfactory • N/A

  26. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk

  27. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited

  28. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary

  29. Steps in Performing an Audit • Ask the Department to identify your contact – Records Coordinator, Management – someone who can answer questions • Send checklist (what is being covered) in advance to contact • Obtain the list of names of employees to interview in advance • Schedule meetings with interviewees • Prepare a list of documents you want the department to provide you for review

  30. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary • Reporting • Draft Findings Report • Discuss steps for improvement • Recommend Timelines – be realistic

  31. Steps in an Audit • Planning • Define scope, criteria, and objectives • Prioritize based on risk • Preparation • Create a checklist – what do you want them to produce for you to review • What is required by law to have • Submit checklist, questions and document request to the group being audited • Performance • Collect and review of physical and electronic recordkeeping documentation • Conduct interview(s) with department(s) personnel as necessary • Reporting • Draft Findings Report • Discuss steps for improvement • Recommend Timelines – be realistic • Monitor the improvement steps

  32. Using Audits for Improvement • Reviewing the risk, compliance requirements • Learning to rank initiatives • Understanding the resource requirements needed • Using a “Triage” approach

  33. Using Findings to Create Initiatives 34

  34. Triage Approach:General Description • Develops a plan that prioritizes the most pressing matters so that they receive immediate attention. • Places longer term goals on a drawing board to be reviewed with more analysis without pressure. • Postpone tasks that are of low risk and not urgent for the last phase of the project. Triage approach prioritizes the needs and risks of the project into manageable groups.

  35. Triage Approach:General Description • Provides a means for “building onto” a Program by ensuring the correct components are done first. • Allows the Program owner to measure success and “see” definable improvements and not wait on project completion to be successful. • Separates project components based on risk and need so that items which are most critical get the immediate attention to reduce existing or potential risks.

  36. Prioritize Like Emergency Room • Stop The Bleeding • RIM initiatives that address the immediate findings to achieve compliance

  37. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms

  38. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms • Establish Preventive Measures • Long-term initiatives and projects involving multiple stakeholders, resources and automation to prevent future problems

  39. Levels of Process Improvements • Stop the Bleeding • RIM initiatives that address the immediate findings to achieve compliance • Treat The Underlying Cause(s) • Address the root symptoms • Establish Preventive Measures • Long-term initiatives and projects involving multiple stakeholders, resources and automation to prevent future problems • Create Ongoing Efficiencies • As systems are operating smoothly and consistently, opportunities for streamlining arise

  40. Triage

  41. Immediate Project (<6 months)

  42. Scheduled Projects (6-15 months)

  43. Scheduled Projects (15-24 months)

  44. Make Audits Work for You! • Audits of RIM Programs should be viewed as a mechanism for healthier programs • Plan, prepare, evaluate and report • Use the findings to create initiatives and identify needed resources • Focus on continuous improvement

  45. Thank You ! Helen Streck President/CEO Kaizen InfoSource

More Related