Fundamental changes in healthcare in the past few years, brought on by the Patient Protection and Affordable Care Act (Affordable Care Act, PPACA or ACA) as well as the massive shift to digital records, continue to rock the landscape in which healthcare organizations operate. For healthcare internal audit (IA) departments, the changes continue to bring specific new challenges, which must be balanced with other existing priorities – HIPAA, Meaningful Use, ICD-10, etc.
So how are chief audit executives (CAEs) and IA professionals performing this juggling act, and what priorities are they putting ahead of others? A joint survey from Protiviti and the Association of Healthcare Internal Auditors (AHIA), entitled Priorities for Internal Auditors in U.S. Healthcare Provider Organizations, attempts to answer these questions and more.
Below, we summarize the five key priority areas for healthcare IA functions this year, as identified by survey participants:
- Cybersecurity risks and practices – This is an area “under construction” for most healthcare IA departments. Respondents expressed low confidence in their current capabilities; however, a strong majority are evaluating these risks and working to improve practices.
- Regulatory compliance – CAEs and their teams are committed to strengthening their knowledge and expertise of new and emerging compliance requirements, especially those emerging from the ACA. Understanding health information and insurance exchanges ranks among the top priorities.
- Supporting, enabling and protecting the digital enterprise – While cybersecurity is a top priority for internal audit, it is far from being the only technology-related challenge. Two out of three healthcare organizations are working through a “major IT transformation,” according to healthcare respondents to Protiviti’s 2015 IT Priorities Survey. Among the top priorities for healthcare IA departments in the new digital enterprise are new data analysis and addressing IT risks, especially those related to social media and mobile applications.
- Addressing fraud risks – Recent and extensive fraudulent activities against government healthcare programs (Medicare), combined with the ever-present risk of employee fraud, are keeping fraud risks among the top priorities for healthcare internal auditors. Fraud risk assessment, fraud risk, fraud monitoring and fraud auditing make up four of the six top areas of focus.
- Multi-stakeholder collaboration – The complex nature of the healthcare industry requires the cooperation and collaboration of several different disciplines, including IT, risk management, operations and legal, among others. To effectively address multidimensional challenges, internal auditors must work with a number of different stakeholders, both internal and external to the organization. Healthcare internal auditors in our survey gave high priority to developing the interpersonal skills required to skillfully navigate these often contentious negotiations.
Overall, this year’s survey results suggest a broader awareness of and increasing commitment to the challenges of the rapidly changing healthcare industry. And, just as the ability to innovate and adapt will be key to the survival of healthcare organizations, so, too, must IA organizations adapt in order to audit at the speed of risk and add strategic value to their organizations.