|
Getting your Trinity Audio player ready...
|
The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association of Healthcare Internal Auditors (AHIA).
By the numbers: Rounding out the top five priorities are user access management, ranked second; accounts payable and fraud management prevention & detection, tied for third; and finance and accounting, ranked fifth.
Why it matters: The growing list of priorities healthcare internal auditors face mirror the changes and risks in the industry, which include generative artificial intelligence (AI), privacy, data and third-party vendor risk management, and workforce-related challenges.
The bottom line: Healthcare internal auditors play a critical role as they navigate a myriad of regulatory challenges and risks inherent to healthcare organizations. They help these organizations maintain resiliency and financial stability while continuing to provide exceptional patient care in an ever-changing industry.
___ ____ ___
The healthcare industry has survived a protracted global pandemic and public health emergency that would challenge any industry. And it continues to face complex, unprecedented and interrelated risks that could result in significant disruptions, with impacts across critical areas that could last for years to come. Changing reimbursement models, data privacy laws, increasingly complex healthcare regulations, ever-evolving cybersecurity attacks, heightened scrutiny around fraud prevention and the need to avoid penalties, and other potential risks are enough to keep healthcare leaders up at night.
The latest Healthcare Internal Audit Plan Priorities Study, conducted by Protiviti and the Association of Healthcare Internal Auditors (AHIA), reveals six key themes as areas of focus for internal auditors: cybersecurity, financial integrity, fraud management, third-party risk management, human resources and the revenue cycle.
Cybersecurity and IT governance
Recent high-profile cyberattacks against healthcare organizations, including two significant attacks on healthcare organizations in 2024, underscore the importance of robust cybersecurity and IT governance as cyber threats become more sophisticated and disruptive. Thus, it’s no surprise that cybersecurity continues to top the list of internal audit (IA) priorities in our 2024 study, with three out of four organizations including cybersecurity on their 2024 audit plan. Internal audit teams should focus on business resiliency, penetration testing and vulnerability management, and regular testing and incident response protocols to ensure their effectiveness in real-world situations.
User access management, ranked as the second-largest priority in the study, poses unique challenges to internal auditors due to the complexity of the healthcare environment, including multiple access points to protected health information (PHI), a diverse mix of user roles, and the immediate need to access sensitive information required for patient care. Emerging technologies such as artificial intelligence (AI) make the need for a robust IT governance program and proper oversight a critical priority.
Financial integrity
Financial integrity continues to rank in the top 10 priorities in the study, with accounts payable (AP) reaching the third-highest concern as cyberattacks and other events make key AP functions and processes particularly vulnerable. Internal audit can help mitigate key risks in healthcare AP departments by focusing on continuous monitoring of internal controls, understanding the effects of emergent technologies on the ecosystem, and training AP employees on fraud prevention. Other key areas of focus ripe for IA’s consideration for the audit plan include finance and accounting, ranked as the fifth-highest risk, and employee time/expense reporting and payroll, tied for the seventh-highest risk.
Fraud management
Fraud management, prevention and detection tied with accounts payable as the third-highest priority for 2024. With financial losses from healthcare fraud amounting to tens of billions of dollars each year, healthcare organizations continue to face increased risk exposure from fraud, particularly as internal and external fraud continues to evolve in sophistication, frequency and type. Internal audit plays an instrumental role in developing a strong control environment that can help protect organizations against fraud-related damage, which include financial loss, business disruption and reputational damage. Just over half of providers (57%) and payers (58%) include fraud management, prevention and detection on their 2024 audit plans.
To manage fraud-related risk, IA departments should leverage analytics to identify anomalies, perform thorough vendor management due diligence, and establish a strong control environment designed to prevent and detect fraud. Other components of a comprehensive fraud management strategy include a robust whistleblower program, along with education and training on fraud prevention and detection, trends, applicable laws and regulations, and ethics and integrity.
Third-party risk management
Healthcare organizations are relying more on third parties and are beginning to see the risks and significant impacts these third parties can have on business continuity. This explains why third-party risk management tied for seventh place among top internal audit plan priorities. Identifying and managing risks associated with service providers and external vendors has grown overwhelmingly difficult for several reasons, including increasing complexity of supply chains, data privacy concerns, regulatory compliance and limited visibility. Internal audit departments can address these challenges and assess the potential risks by performing a business impact analysis to identify and determine the criticality of business processes, systems and third parties, creating a complete list of third parties, completing vendor risk assessments and creating business continuity plans.
Human resources
Healthcare organizations continue to grapple with continued staffing and human resource challenges. Finding, keeping and ensuring the organization has the best talent is an enduring challenge as the industry continues to deal with widespread burnout, staffing shortages and difficulty recruiting and retaining employees in a highly competitive environment. It’s no surprise, then, that human resources, benefits, compensation and workforce challenges ranked as number 9 in the list of IA plan priorities.
Healthcare internal auditors play an important role in ensuring that the organization’s HR function operates effectively while adhering to established policies and regulations. They also can determine whether talent management initiatives designed to engage and retain employees, such as training programs and performance management systems, are being implemented effectively. Succession planning continues to be a critical area for auditors, who should evaluate alignment between their organization’s success plans and long-term strategic goals.
Revenue cycle
With regular audits key to evaluating the effectiveness of charge capture processes, it’s clear why charge capture and reconciliation ranked tenth among AI plan priorities. A majority of internal audit functions in healthcare provider organizations (63%) included charge capture and reconciliation on their 2024 audit plans. Why is this important? Inaccurate charge entries carry significant financial and compliance risks. According to the Healthcare Financial Management Association, hospitals lose 1% of net revenue due to charge capture errors, which can lead to increased bad debt, denied claims, contractual disputes and regulatory scrutiny.
Internal audit can leverage data analytics to uncover charge entry delays and discrepancies such as overlooked high-cost supplies and inconsistencies in coding between facility and professional services. By prioritizing compliance and accuracy in the identification, capture, reporting and reconciliation of chargeable items, hospitals can improve their revenue cycle operations and deliver measurable returns.
Final thoughts
In this tumultuous environment, the role of healthcare internal auditors has never been more critical as they navigate a growing list of priorities and a myriad of regulatory challenges and risks inherent to healthcare organizations. By helping their organizations contend with these and other pressing concerns, internal auditors can play a key role in helping them maintain resiliency and financial stability while continuing to provide exceptional patient care in an ever-changing industry.
View the full survey report at www.protiviti.com/us-en/survey/healthcare-internal-audit-survey.
