Download PDF
A continuing major challenge for Compliance Officers is how to address ongoing auditing and monitoring of high-risk areas. The OIG has repeatedly stressed the importance of auditing and monitoring activities in its various guidance documents, yet there remains considerable confusion as to the difference
between auditing and monitoring, as well as to who has responsibility for these functions. Steve Forman, CPA, has over 35 years of experience in health care compliance including time as Director of Management Operations for the Office of Inspector General (OIG) and as Vice President for Audit and Compliance at the New York-Presbyterian Hospital. He is widely published as an expert on this subject and offers his
advice and tips in this article. Ongoing monitoring should be a continuous control, monitoring both process and method to detecting compliance risk issues associated with an organization’s operations. Ongoing monitoring programs are a manager’s responsibility, not the Compliance Officer’s. Such program responsibilities include keeping current with changes in rules, regulations, and applicable laws; developing
internal controls, policies, and procedures to comply with them; training staff on these rules; and taking steps in monitoring or verifying compliance with these new guidelines. Monitoring programs should be designed to test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Monitoring techniques may include sampling protocols that permit program managers to identify
and review variations from an established baseline. Ongoing auditing entails reviewing the ongoing monitoring process and verifying it is effective in achieving the desired outcome. When it comes to high-risk compliance areas within an operation, audit objectives are to: (1) verify that managers are meeting their obligations for ongoing monitoring; and (2) validate that the process is achieving desired outcomes. This includes confirming that controls are in place and functioning as intended or identifying weaknesses in the program that need to be addressed. An audit must be an independent and objective review, which means it should be done by people external to the program area to be audited. This can be done by the compliance office, internal or audit department, other program managers, or any combination thereof. External reviewers can also be used, such as consultant experts or operational auditors. In any case, the Compliance Officer should ensure that both the monitoring and auditing is taking place and doing what it should be doing. Monitoring and Auditing Practices for Effective Compliance: Tips for Compliance Officers
About the AuthorRichard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs. Subscribe to blog This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. SettingsACCEPT What is compliance audit report?A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Audit reports evaluate the strength and thoroughness of compliance preparations, security policies, user access controls and risk management procedures over the course of a compliance audit.
Which type of audit assesses employee compliance with management policies and procedures?Compliance audit.
This audit evaluates an organization's adherence to established laws, standards, regulations, policies or procedures.
What is the criteria used in a compliance audit?The auditor identifies criteria on the basis of the relevant authorities. To be suitable, compliance audit criteria must be relevant, reliable, complete, objective, understandable, comparable, acceptable and available.
What is a compliance audit example?For example, a compliance audit could be issued to determine a textile mill is following the EPA (or Environmental Protection Act) guidelines for disposing waste. The EPA could send someone from their business, or they could hire a third party to assess the mill and send in the results.
|